googleapis

/// <reference types="node" /> import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosPromise, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace gkehub_v1alpha { export interface Options extends GlobalOptions { version: 'v1alpha'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * GKE Hub API * * * * @example * ```js * const {google} = require('googleapis'); * const gkehub = google.gkehub('v1alpha'); * ``` */ export class Gkehub { context: APIRequestContext; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * **Anthos Observability**: Spec */ export interface Schema$AnthosObservabilityFeatureSpec { /** * Default membership spec for unconfigured memberships */ defaultMembershipSpec?: Schema$AnthosObservabilityMembershipSpec; } /** * **Anthosobservability**: Per-Membership Feature spec. */ export interface Schema$AnthosObservabilityMembershipSpec { /** * Use full of metrics rather than optimized metrics. See https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/concepts/logging-and-monitoring#optimized_metrics_default_metrics */ doNotOptimizeMetrics?: boolean | null; /** * Enable collecting and reporting metrics and logs from user apps. */ enableStackdriverOnApplications?: boolean | null; /** * the version of stackdriver operator used by this feature */ version?: string | null; } /** * AnthosVMMembershipSpec contains the AnthosVM feature configuration for a membership/cluster. */ export interface Schema$AnthosVMMembershipSpec { /** * List of configurations of the Anthos For VM subfeatures that are to be enabled */ subfeaturesSpec?: Schema$AnthosVMSubFeatureSpec[]; } /** * AnthosVMFeatureState contains the state of the AnthosVM feature. It represents the actual state in the cluster, while the AnthosVMMembershipSpec represents the desired state. */ export interface Schema$AnthosVMMembershipState { /** * State of the local PE-controller inside the cluster */ localControllerState?: Schema$LocalControllerState; /** * List of AnthosVM subfeature states */ subfeatureState?: Schema$AnthosVMSubFeatureState[]; } /** * AnthosVMSubFeatureSpec contains the subfeature configuration for a membership/cluster. */ export interface Schema$AnthosVMSubFeatureSpec { /** * Indicates whether the subfeature should be enabled on the cluster or not. If set to true, the subfeature's control plane and resources will be installed in the cluster. If set to false, the oneof spec if present will be ignored and nothing will be installed in the cluster. */ enabled?: boolean | null; /** * MigrateSpec repsents the configuration for Migrate subfeature. */ migrateSpec?: Schema$MigrateSpec; /** * ServiceMeshSpec repsents the configuration for Service Mesh subfeature. */ serviceMeshSpec?: Schema$ServiceMeshSpec; } /** * AnthosVMSubFeatureState contains the state of the AnthosVM subfeatures. */ export interface Schema$AnthosVMSubFeatureState { /** * Description represents human readable description of the subfeature state. If the deployment failed, this should also contain the reason for the failure. */ description?: string | null; /** * InstallationState represents the state of installation of the subfeature in the cluster. */ installationState?: string | null; /** * MigrateState represents the state of the Migrate subfeature. */ migrateState?: Schema$MigrateState; /** * ServiceMeshState represents the state of the Service Mesh subfeature. */ serviceMeshState?: Schema$ServiceMeshState; } /** * Spec for App Dev Experience Feature. */ export interface Schema$AppDevExperienceFeatureSpec { } /** * State for App Dev Exp Feature. */ export interface Schema$AppDevExperienceFeatureState { /** * Status of subcomponent that detects configured Service Mesh resources. */ networkingInstallSucceeded?: Schema$Status; } /** * ApplianceCluster contains information specific to GDC Edge Appliance Clusters. */ export interface Schema$ApplianceCluster { /** * Immutable. Self-link of the GCP resource for the Appliance Cluster. For example: //transferappliance.googleapis.com/projects/my-project/locations/us-west1-a/appliances/my-appliance */ resourceLink?: string | null; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity */ export interface Schema$Authority { /** * Output only. An identity provider that reflects the `issuer` in the workload identity pool. */ identityProvider?: string | null; /** * Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity). */ issuer?: string | null; /** * Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on `issuer`, and instead OIDC tokens will be validated using this field. */ oidcJwks?: string | null; /** * Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID\}, the workload pool format is `{PROJECT_ID\}.hub.id.goog`, although this is subject to change in newer versions of this API. */ workloadIdentityPool?: string | null; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. */ role?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * **Cloud Audit Logging**: Spec for Audit Logging Allowlisting. */ export interface Schema$CloudAuditLoggingFeatureSpec { /** * Service account that should be allowlisted to send the audit logs; eg cloudauditlogging@gcp-project.iam.gserviceaccount.com. These accounts must already exist, but do not need to have any permissions granted to them. The customer's entitlements will be checked prior to allowlisting (i.e. the customer must be an Anthos customer.) */ allowlistedServiceAccounts?: string[] | null; } /** * **Cloud Build**: Configurations for each Cloud Build enabled cluster. */ export interface Schema$CloudBuildMembershipSpec { /** * Whether it is allowed to run the privileged builds on the cluster or not. */ securityPolicy?: string | null; /** * Version of the cloud build software on the cluster. */ version?: string | null; } /** * CommonFeatureSpec contains Hub-wide configuration information */ export interface Schema$CommonFeatureSpec { /** * Anthos Observability spec */ anthosobservability?: Schema$AnthosObservabilityFeatureSpec; /** * Appdevexperience specific spec. */ appdevexperience?: Schema$AppDevExperienceFeatureSpec; /** * Cloud Audit Logging-specific spec. */ cloudauditlogging?: Schema$CloudAuditLoggingFeatureSpec; /** * Multicluster Ingress-specific spec. */ multiclusteringress?: Schema$MultiClusterIngressFeatureSpec; /** * Workload Certificate spec. */ workloadcertificate?: Schema$FeatureSpec; } /** * CommonFeatureState contains Hub-wide Feature status information. */ export interface Schema$CommonFeatureState { /** * Appdevexperience specific state. */ appdevexperience?: Schema$AppDevExperienceFeatureState; /** * Service Mesh-specific state. */ servicemesh?: Schema$ServiceMeshFeatureState; /** * Output only. The "running state" of the Feature in this Hub. */ state?: Schema$FeatureState; } /** * Configuration for Binauthz */ export interface Schema$ConfigManagementBinauthzConfig { /** * Whether binauthz is enabled in this cluster. */ enabled?: boolean | null; } /** * State for Binauthz */ export interface Schema$ConfigManagementBinauthzState { /** * The version of binauthz that is installed. */ version?: Schema$ConfigManagementBinauthzVersion; /** * The state of the binauthz webhook. */ webhook?: string | null; } /** * The version of binauthz. */ export interface Schema$ConfigManagementBinauthzVersion { /** * The version of the binauthz webhook. */ webhookVersion?: string | null; } /** * Configuration for Config Sync */ export interface Schema$ConfigManagementConfigSync { /** * Set to true to allow the vertical scaling. Defaults to false which disallows vertical scaling. */ allowVerticalScale?: boolean | null; /** * Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of git field. */ enabled?: boolean | null; /** * Git repo configuration for the cluster. */ git?: Schema$ConfigManagementGitConfig; /** * OCI repo configuration for the cluster */ oci?: Schema$ConfigManagementOciConfig; /** * Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts. */ preventDrift?: boolean | null; /** * Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. */ sourceFormat?: string | null; } /** * The state of ConfigSync's deployment on a cluster */ export interface Schema$ConfigManagementConfigSyncDeploymentState { /** * Deployment state of admission-webhook */ admissionWebhook?: string | null; /** * Deployment state of the git-sync pod */ gitSync?: string | null; /** * Deployment state of the importer pod */ importer?: string | null; /** * Deployment state of the monitor pod */ monitor?: string | null; /** * Deployment state of reconciler-manager pod */ reconcilerManager?: string | null; /** * Deployment state of root-reconciler */ rootReconciler?: string | null; /** * Deployment state of the syncer pod */ syncer?: string | null; } /** * State information for ConfigSync */ export interface Schema$ConfigManagementConfigSyncState { /** * Information about the deployment of ConfigSync, including the version of the various Pods deployed */ deploymentState?: Schema$ConfigManagementConfigSyncDeploymentState; /** * The state of ConfigSync's process to sync configs to a cluster */ syncState?: Schema$ConfigManagementSyncState; /** * The version of ConfigSync deployed */ version?: Schema$ConfigManagementConfigSyncVersion; } /** * Specific versioning information pertaining to ConfigSync's Pods */ export interface Schema$ConfigManagementConfigSyncVersion { /** * Version of the deployed admission_webhook pod */ admissionWebhook?: string | null; /** * Version of the deployed git-sync pod */ gitSync?: string | null; /** * Version of the deployed importer pod */ importer?: string | null; /** * Version of the deployed monitor pod */ monitor?: string | null; /** * Version of the deployed reconciler-manager pod */ reconcilerManager?: string | null; /** * Version of the deployed reconciler container in root-reconciler pod */ rootReconciler?: string | null; /** * Version of the deployed syncer pod */ syncer?: string | null; } /** * Model for a config file in the git repo with an associated Sync error */ export interface Schema$ConfigManagementErrorResource { /** * Group/version/kind of the resource that is causing an error */ resourceGvk?: Schema$ConfigManagementGroupVersionKind; /** * Metadata name of the resource that is causing an error */ resourceName?: string | null; /** * Namespace of the resource that is causing an error */ resourceNamespace?: string | null; /** * Path in the git repo of the erroneous config */ sourcePath?: string | null; } /** * State of Policy Controller installation. */ export interface Schema$ConfigManagementGatekeeperDeploymentState { /** * Status of gatekeeper-audit deployment. */ gatekeeperAudit?: string | null; /** * Status of gatekeeper-controller-manager pod. */ gatekeeperControllerManagerState?: string | null; /** * Status of the pod serving the mutation webhook. */ gatekeeperMutation?: string | null; } /** * Git repo configuration for a single cluster. */ export interface Schema$ConfigManagementGitConfig { /** * The GCP Service Account Email used for auth when secret_type is gcpServiceAccount. */ gcpServiceAccountEmail?: string | null; /** * URL for the HTTPS proxy to be used when communicating with the Git repo. */ httpsProxy?: string | null; /** * The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. */ policyDir?: string | null; /** * Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required. */ secretType?: string | null; /** * The branch of the repository to sync from. Default: master. */ syncBranch?: string | null; /** * The URL of the Git repository to use as the source of truth. */ syncRepo?: string | null; /** * Git revision (tag or hash) to check out. Default HEAD. */ syncRev?: string | null; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * A Kubernetes object's GVK */ export interface Schema$ConfigManagementGroupVersionKind { /** * Kubernetes Group */ group?: string | null; /** * Kubernetes Kind */ kind?: string | null; /** * Kubernetes Version */ version?: string | null; } /** * Configuration for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerConfig { /** * Whether Hierarchy Controller is enabled in this cluster. */ enabled?: boolean | null; /** * Whether hierarchical resource quota is enabled in this cluster. */ enableHierarchicalResourceQuota?: boolean | null; /** * Whether pod tree labels are enabled in this cluster. */ enablePodTreeLabels?: boolean | null; } /** * Deployment state for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerDeploymentState { /** * The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1) */ extension?: string | null; /** * The deployment state for open source HNC (e.g. v0.7.0-hc.0) */ hnc?: string | null; } /** * State for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerState { /** * The deployment state for Hierarchy Controller */ state?: Schema$ConfigManagementHierarchyControllerDeploymentState; /** * The version for Hierarchy Controller */ version?: Schema$ConfigManagementHierarchyControllerVersion; } /** * Version for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerVersion { /** * Version for Hierarchy Controller extension */ extension?: string | null; /** * Version for open source HNC */ hnc?: string | null; } /** * Errors pertaining to the installation of ACM */ export interface Schema$ConfigManagementInstallError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * **Anthos Config Management**: Configuration for a single cluster. Intended to parallel the ConfigManagement CR. */ export interface Schema$ConfigManagementMembershipSpec { /** * Binauthz conifguration for the cluster. */ binauthz?: Schema$ConfigManagementBinauthzConfig; /** * Config Sync configuration for the cluster. */ configSync?: Schema$ConfigManagementConfigSync; /** * Hierarchy Controller configuration for the cluster. */ hierarchyController?: Schema$ConfigManagementHierarchyControllerConfig; /** * Policy Controller configuration for the cluster. */ policyController?: Schema$ConfigManagementPolicyController; /** * Version of ACM installed. */ version?: string | null; } /** * **Anthos Config Management**: State for a single cluster. */ export interface Schema$ConfigManagementMembershipState { /** * Binauthz status */ binauthzState?: Schema$ConfigManagementBinauthzState; /** * The user-defined name for the cluster used by ClusterSelectors to group clusters together. This should match Membership's membership_name, unless the user installed ACM on the cluster manually prior to enabling the ACM hub feature. Unique within a Anthos Config Management installation. */ clusterName?: string | null; /** * Current sync status */ configSyncState?: Schema$ConfigManagementConfigSyncState; /** * Hierarchy Controller status */ hierarchyControllerState?: Schema$ConfigManagementHierarchyControllerState; /** * Membership configuration in the cluster. This represents the actual state in the cluster, while the MembershipSpec in the FeatureSpec represents the intended state */ membershipSpec?: Schema$ConfigManagementMembershipSpec; /** * Current install status of ACM's Operator */ operatorState?: Schema$ConfigManagementOperatorState; /** * PolicyController status */ policyControllerState?: Schema$ConfigManagementPolicyControllerState; } /** * OCI repo configuration for a single cluster */ export interface Schema$ConfigManagementOciConfig { /** * The GCP Service Account Email used for auth when secret_type is gcpServiceAccount. */ gcpServiceAccountEmail?: string | null; /** * The absolute path of the directory that contains the local resources. Default: the root directory of the image. */ policyDir?: string | null; /** * Type of secret configured for access to the Git repo. */ secretType?: string | null; /** * The OCI image repository URL for the package to sync from. e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`. */ syncRepo?: string | null; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * State information for an ACM's Operator */ export interface Schema$ConfigManagementOperatorState { /** * The state of the Operator's deployment */ deploymentState?: string | null; /** * Install errors. */ errors?: Schema$ConfigManagementInstallError[]; /** * The semenatic version number of the operator */ version?: string | null; } /** * Configuration for Policy Controller */ export interface Schema$ConfigManagementPolicyController { /** * Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. */ auditIntervalSeconds?: string | null; /** * Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. */ enabled?: boolean | null; /** * The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. */ exemptableNamespaces?: string[] | null; /** * Logs all denies and dry run failures. */ logDeniesEnabled?: boolean | null; /** * Monitoring specifies the configuration of monitoring. */ monitoring?: Schema$ConfigManagementPolicyControllerMonitoring; /** * Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster. */ mutationEnabled?: boolean | null; /** * Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. */ referentialRulesEnabled?: boolean | null; /** * Installs the default template library along with Policy Controller. */ templateLibraryInstalled?: boolean | null; } /** * PolicyControllerMonitoring specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"] */ export interface Schema$ConfigManagementPolicyControllerMonitoring { /** * Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. */ backends?: string[] | null; } /** * State for PolicyControllerState. */ export interface Schema$ConfigManagementPolicyControllerState { /** * The state about the policy controller installation. */ deploymentState?: Schema$ConfigManagementGatekeeperDeploymentState; /** * The version of Gatekeeper Policy Controller deployed. */ version?: Schema$ConfigManagementPolicyControllerVersion; } /** * The build version of Gatekeeper Policy Controller is using. */ export interface Schema$ConfigManagementPolicyControllerVersion { /** * The gatekeeper image tag that is composed of ACM version, git tag, build number. */ version?: string | null; } /** * An ACM created error representing a problem syncing configurations */ export interface Schema$ConfigManagementSyncError { /** * An ACM defined error code */ code?: string | null; /** * A description of the error */ errorMessage?: string | null; /** * A list of config(s) associated with the error, if any */ errorResources?: Schema$ConfigManagementErrorResource[]; } /** * State indicating an ACM's progress syncing configurations to a cluster */ export interface Schema$ConfigManagementSyncState { /** * Sync status code */ code?: string | null; /** * A list of errors resulting from problematic configs. This list will be truncated after 100 errors, although it is unlikely for that many errors to simultaneously exist. */ errors?: Schema$ConfigManagementSyncError[]; /** * Token indicating the state of the importer. */ importToken?: string | null; /** * Deprecated: use last_sync_time instead. Timestamp of when ACM last successfully synced the repo The time format is specified in https://golang.org/pkg/time/#Time.String */ lastSync?: string | null; /** * Timestamp type of when ACM last successfully synced the repo */ lastSyncTime?: string | null; /** * Token indicating the state of the repo. */ sourceToken?: string | null; /** * Token indicating the state of the syncer. */ syncToken?: string | null; } /** * ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment. */ export interface Schema$ConnectAgentResource { /** * YAML manifest of the resource. */ manifest?: string | null; /** * Kubernetes type of the resource. */ type?: Schema$TypeMeta; } /** * EdgeCluster contains information specific to Google Edge Clusters. */ export interface Schema$EdgeCluster { /** * Immutable. Self-link of the GCP resource for the Edge Cluster. For example: //edgecontainer.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster */ resourceLink?: string | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$Empty { } /** * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. */ export interface Schema$Expr { /** * Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. */ description?: string | null; /** * Textual representation of an expression in Common Expression Language syntax. */ expression?: string | null; /** * Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. */ location?: string | null; /** * Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string | null; } /** * Feature represents the settings and status of any Hub Feature. */ export interface Schema$Feature { /** * Output only. When the Feature resource was created. */ createTime?: string | null; /** * Output only. When the Feature resource was deleted. */ deleteTime?: string | null; /** * GCP labels for this Feature. */ labels?: { [key: string]: string; } | null; /** * Optional. Membership-specific configuration for this Feature. If this Feature does not support any per-Membership configuration, this field may be unused. The keys indicate which Membership the configuration is for, in the form: `projects/{p\}/locations/{l\}/memberships/{m\}` Where {p\} is the project, {l\} is a valid location and {m\} is a valid Membership in this project at that location. {p\} WILL match the Feature's project. {p\} will always be returned as the project number, but the project ID is also accepted during input. If the same Membership is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. */ membershipSpecs?: { [key: string]: Schema$MembershipFeatureSpec; } | null; /** * Output only. Membership-specific Feature status. If this Feature does report any per-Membership status, this field may be unused. The keys indicate which Membership the state is for, in the form: `projects/{p\}/locations/{l\}/memberships/{m\}` Where {p\} is the project number, {l\} is a valid location and {m\} is a valid Membership in this project at that location. {p\} MUST match the Feature's project number. */ membershipStates?: { [key: string]: Schema$MembershipFeatureState; } | null; /** * Output only. The full, unique name of this Feature resource in the format `projects/x/locations/x/features/x`. */ name?: string | null; /** * Output only. State of the Feature resource itself. */ resourceState?: Schema$FeatureResourceState; /** * Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused. */ spec?: Schema$CommonFeatureSpec; /** * Output only. The Hub-wide Feature state. */ state?: Schema$CommonFeatureState; /** * Output only. When the Feature resource was last updated. */ updateTime?: string | null; } /** * FeatureResourceState describes the state of a Feature *resource* in the GkeHub API. See `FeatureState` for the "running state" of the Feature in the Hub and across Memberships. */ export interface Schema$FeatureResourceState { /** * The current state of the Feature resource in the Hub API. */ state?: string | null; } /** * **Workload Certificate**: The Hub-wide input for the WorkloadCertificate feature. */ export interface Schema$FeatureSpec { /** * Specifies default membership spec. Users can override the default in the member_configs for each member. */ defaultConfig?: Schema$MembershipSpec; /** * Immutable. Specifies CA configuration. */ provisionGoogleCa?: string | null; } /** * FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context. */ export interface Schema$FeatureState { /** * The high-level, machine-readable status of this Feature. */ code?: string | null; /** * A human-readable description of the current status. */ description?: string | null; /** * The time this status and any related Feature-specific details were updated. */ updateTime?: string | null; } /** * Fleet contains the Fleet-wide metadata and configuration. */ export interface Schema$Fleet { /** * Output only. When the Fleet was created. */ createTime?: string | null; /** * Output only. When the Fleet was deleted. */ deleteTime?: string | null; /** * Optional. A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `Production Fleet` */ displayName?: string | null; /** * Output only. The full, unique resource name of this fleet in the format of `projects/{project\}/locations/{location\}/fleets/{fleet\}`. Each GCP project can have at most one fleet resource, named "default". */ name?: string | null; /** * Output only. State of the namespace resource. */ state?: Schema$FleetLifecycleState; /** * Output only. Google-generated UUID for this resource. This is unique across all Fleet resources. If a Fleet resource is deleted and another resource with the same name is created, it gets a different uid. */ uid?: string | null; /** * Output only. When the Fleet was last updated. */ updateTime?: string | null; } /** * FleetLifecycleState describes the state of a Fleet resource. */ export interface Schema$FleetLifecycleState { /** * Output only. The current state of the Fleet resource. */ code?: string | null; } /** * GenerateConnectManifestResponse contains manifest information for installing/upgrading a Connect agent. */ export interface Schema$GenerateConnectManifestResponse { /** * The ordered list of Kubernetes resources that need to be applied to the cluster for GKE Connect agent installation/upgrade. */ manifest?: Schema$ConnectAgentResource[]; } /** * GkeCluster contains information specific to GKE clusters. */ export interface Schema$GkeCluster { /** * Output only. If cluster_missing is set then it denotes that the GKE cluster no longer exists in the GKE Control Plane. */ clusterMissing?: boolean | null; /** * Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. */ resourceLink?: string | null; } /** * The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). */ export interface Schema$GoogleRpcStatus { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number | null; /** * A list of messages that carry the error details. There is a common set of message types for APIs to use. */ details?: Array<{ [key: string]: any; }> | null; /** * A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. */ message?: string | null; } /** * Configuration of an auth method for a member/cluster. Only one authentication method (e.g., OIDC and LDAP) can be set per AuthMethod. */ export interface Schema$IdentityServiceAuthMethod { /** * GoogleConfig specific configuration */ googleConfig?: Schema$IdentityServiceGoogleConfig; /** * Identifier for auth config. */ name?: string | null; /** * OIDC specific configuration. */ oidcConfig?: Schema$IdentityServiceOidcConfig; /** * Proxy server address to use for auth method. */ proxy?: string | null; } /** * Configuration for the Google Plugin Auth flow. */ export interface Schema$IdentityServiceGoogleConfig { /** * Disable automatic configuration of Google Plugin on supported platforms. */ disable?: boolean | null; } /** * **Anthos Identity Service**: Configuration for a single Membership. */ export interface Schema$IdentityServiceMembershipSpec { /** * A member may support multiple auth methods. */ authMethods?: Schema$IdentityServiceAuthMethod[]; } /** * **Anthos Identity Service**: State for a single Membership. */ export interface Schema$IdentityServiceMembershipState { /** * The reason of the failure. */ failureReason?: string | null; /** * Installed AIS version. This is the AIS version installed on this member. The values makes sense iff state is OK. */ installedVersion?: string | null; /** * Last reconciled membership configuration */ memberConfig?: Schema$IdentityServiceMembershipSpec; /** * Deployment state on this member */ state?: string | null; } /** * Configuration for OIDC Auth flow. */ export interface Schema$IdentityServiceOidcConfig { /** * PEM-encoded CA for OIDC provider. */ certificateAuthorityData?: string | null; /** * ID for OIDC client application. */ clientId?: string | null; /** * Input only. Unencrypted OIDC client secret will be passed to the GKE Hub CLH. */ clientSecret?: string | null; /** * Flag to denote if reverse proxy is used to connect to auth provider. This flag should be set to true when provider is not reachable by Google Cloud Console. */ deployCloudConsoleProxy?: boolean | null; /** * Enable access token. */ enableAccessToken?: boolean | null; /** * Output only. Encrypted OIDC Client secret */ encryptedClientSecret?: string | null; /** * Comma-separated list of key-value pairs. */ extraParams?: string | null; /** * Prefix to prepend to group name. */ groupPrefix?: string | null; /** * Claim in OIDC ID token that holds group information. */ groupsClaim?: string | null; /** * URI for the OIDC provider. This should point to the level below .well-known/openid-configuration. */ issuerUri?: string | null; /** * Registered redirect uri to redirect users going through OAuth flow using kubectl plugin. */ kubectlRedirectUri?: string | null; /** * Comma-separated list of identifiers. */ scopes?: string | null; /** * Claim in OIDC ID token that holds username. */ userClaim?: string | null; /** * Prefix to prepend to user name. */ userPrefix?: string | null; } /** * KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters. */ export interface Schema$KubernetesMetadata { /** * Output only. Kubernetes API server version string as reported by `/version`. */ kubernetesApiServerVersion?: string | null; /** * Output only. The total memory capacity as reported by the sum of all Kubernetes nodes resources, defined in MB. */ memoryMb?: number | null; /** * Output only. Node count as reported by Kubernetes nodes resource