googleapis

/// <reference types="node" /> import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosPromise, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace gkehub_v1alpha { export interface Options extends GlobalOptions { version: 'v1alpha'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * GKE Hub API * * * * @example * ```js * const {google} = require('googleapis'); * const gkehub = google.gkehub('v1alpha'); * ``` */ export class Gkehub { context: APIRequestContext; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * **Anthos Observability**: Spec */ export interface Schema$AnthosObservabilityFeatureSpec { /** * Default membership spec for unconfigured memberships */ defaultMembershipSpec?: Schema$AnthosObservabilityMembershipSpec; } /** * **Anthosobservability**: Per-Membership Feature spec. */ export interface Schema$AnthosObservabilityMembershipSpec { /** * Use full of metrics rather than optimized metrics. See https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/concepts/logging-and-monitoring#optimized_metrics_default_metrics */ doNotOptimizeMetrics?: boolean | null; /** * Enable collecting and reporting metrics and logs from user apps. */ enableStackdriverOnApplications?: boolean | null; /** * the version of stackdriver operator used by this feature */ version?: string | null; } /** * Spec for App Dev Experience Feature. */ export interface Schema$AppDevExperienceFeatureSpec { } /** * State for App Dev Exp Feature. */ export interface Schema$AppDevExperienceFeatureState { /** * Status of subcomponent that detects configured Service Mesh resources. */ networkingInstallSucceeded?: Schema$Status; } /** * ApplianceCluster contains information specific to GDC Edge Appliance Clusters. */ export interface Schema$ApplianceCluster { /** * Immutable. Self-link of the Google Cloud resource for the Appliance Cluster. For example: //transferappliance.googleapis.com/projects/my-project/locations/us-west1-a/appliances/my-appliance */ resourceLink?: string | null; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity */ export interface Schema$Authority { /** * Output only. An identity provider that reflects the `issuer` in the workload identity pool. */ identityProvider?: string | null; /** * Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity). */ issuer?: string | null; /** * Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on `issuer`, and instead OIDC tokens will be validated using this field. */ oidcJwks?: string | null; /** * Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID\}, the workload pool format is `{PROJECT_ID\}.hub.id.goog`, although this is subject to change in newer versions of this API. */ workloadIdentityPool?: string | null; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. */ role?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * **Cloud Audit Logging**: Spec for Audit Logging Allowlisting. */ export interface Schema$CloudAuditLoggingFeatureSpec { /** * Service account that should be allowlisted to send the audit logs; eg cloudauditlogging@gcp-project.iam.gserviceaccount.com. These accounts must already exist, but do not need to have any permissions granted to them. The customer's entitlements will be checked prior to allowlisting (i.e. the customer must be an Anthos customer.) */ allowlistedServiceAccounts?: string[] | null; } /** * **Cloud Build**: Configurations for each Cloud Build enabled cluster. */ export interface Schema$CloudBuildMembershipSpec { /** * Whether it is allowed to run the privileged builds on the cluster or not. */ securityPolicy?: string | null; /** * Version of the cloud build software on the cluster. */ version?: string | null; } /** * GKEUpgrade represents a GKE provided upgrade, e.g., control plane upgrade. */ export interface Schema$ClusterUpgradeGKEUpgrade { /** * Name of the upgrade, e.g., "k8s_control_plane". It should be a valid upgrade name. It must not exceet 99 characters. */ name?: string | null; /** * Version of the upgrade, e.g., "1.22.1-gke.100". It should be a valid version. It must not exceet 99 characters. */ version?: string | null; } /** * GKEUpgradeFeatureCondition describes the condition of the feature for GKE clusters at a certain point of time. */ export interface Schema$ClusterUpgradeGKEUpgradeFeatureCondition { /** * Reason why the feature is in this status. */ reason?: string | null; /** * Status of the condition, one of True, False, Unknown. */ status?: string | null; /** * Type of the condition, for example, "ready". */ type?: string | null; /** * Last timestamp the condition was updated. */ updateTime?: string | null; } /** * GKEUpgradeFeatureState contains feature states for GKE clusters in the scope. */ export interface Schema$ClusterUpgradeGKEUpgradeFeatureState { /** * Current conditions of the feature. */ conditions?: Schema$ClusterUpgradeGKEUpgradeFeatureCondition[]; /** * Scope-level upgrade state. */ state?: Schema$ClusterUpgradeScopeGKEUpgradeState[]; /** * Upgrade state. It will eventually replace `state`. */ upgradeState?: Schema$ClusterUpgradeGKEUpgradeState[]; } /** * Properties of a GKE upgrade that can be overridden by the user. For example, a user can skip soaking by overriding the soaking to 0. */ export interface Schema$ClusterUpgradeGKEUpgradeOverride { /** * Required. Post conditions to override for the specified upgrade (name + version). Required. */ postConditions?: Schema$ClusterUpgradePostConditions; /** * Required. Which upgrade to override. Required. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * GKEUpgradeState is a GKEUpgrade and its state at the scope and fleet level. */ export interface Schema$ClusterUpgradeGKEUpgradeState { /** * Number of GKE clusters in each status code. */ stats?: { [key: string]: string; } | null; /** * Status of the upgrade. */ status?: Schema$ClusterUpgradeUpgradeStatus; /** * Which upgrade to track the state. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * IgnoredMembership represents a membership ignored by the feature. A membership can be ignored because it was manually upgraded to a newer version than RC default. */ export interface Schema$ClusterUpgradeIgnoredMembership { /** * Time when the membership was first set to ignored. */ ignoredTime?: string | null; /** * Reason why the membership is ignored. */ reason?: string | null; } /** * ScopeGKEUpgradeState is a GKEUpgrade and its state per-membership. */ export interface Schema$ClusterUpgradeMembershipGKEUpgradeState { /** * Status of the upgrade. */ status?: Schema$ClusterUpgradeUpgradeStatus; /** * Which upgrade to track the state. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * Per-membership state for this feature. */ export interface Schema$ClusterUpgradeMembershipState { /** * Whether this membership is ignored by the feature. For example, manually upgraded clusters can be ignored if they are newer than the default versions of its release channel. */ ignored?: Schema$ClusterUpgradeIgnoredMembership; /** * Fully qualified scope names that this clusters is bound to which also have rollout sequencing enabled. */ scopes?: string[] | null; /** * Actual upgrade state against desired. */ upgrades?: Schema$ClusterUpgradeMembershipGKEUpgradeState[]; } /** * Post conditional checks after an upgrade has been applied on all eligible clusters. */ export interface Schema$ClusterUpgradePostConditions { /** * Required. Amount of time to "soak" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days. Required. */ soaking?: string | null; } /** * ScopeGKEUpgradeState is a GKEUpgrade and its state at the scope level. */ export interface Schema$ClusterUpgradeScopeGKEUpgradeState { /** * Number of GKE clusters in each status code. */ stats?: { [key: string]: string; } | null; /** * Status of the upgrade. */ status?: Schema$ClusterUpgradeUpgradeStatus; /** * Which upgrade to track the state. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * **ClusterUpgrade**: The configuration for the scope-level ClusterUpgrade feature. */ export interface Schema$ClusterUpgradeScopeSpec { /** * Allow users to override some properties of each GKE upgrade. */ gkeUpgradeOverrides?: Schema$ClusterUpgradeGKEUpgradeOverride[]; /** * Required. Post conditions to evaluate to mark an upgrade COMPLETE. Required. */ postConditions?: Schema$ClusterUpgradePostConditions; /** * This scope consumes upgrades that have COMPLETE status code in the upstream scopes. See UpgradeStatus.Code for code definitions. The scope name should be in the form: `projects/{p\}/locations/global/scopes/{s\}` Where {p\} is the project, {s\} is a valid Scope in this project. {p\} WILL match the Feature's project. This is defined as repeated for future proof reasons. Initial implementation will enforce at most one upstream scope. */ upstreamScopes?: string[] | null; } /** * **ClusterUpgrade**: The state for the scope-level ClusterUpgrade feature. */ export interface Schema$ClusterUpgradeScopeState { /** * This scopes whose upstream_scopes contain the current scope. The scope name should be in the form: `projects/{p\}/locations/gloobal/scopes/{s\}` Where {p\} is the project, {s\} is a valid Scope in this project. {p\} WILL match the Feature's project. */ downstreamScopes?: string[] | null; /** * Feature state for GKE clusters. */ gkeState?: Schema$ClusterUpgradeGKEUpgradeFeatureState; /** * A list of memberships ignored by the feature. For example, manually upgraded clusters can be ignored if they are newer than the default versions of its release channel. The membership resource is in the format: `projects/{p\}/locations/{l\}/membership/{m\}`. */ ignored?: { [key: string]: Schema$ClusterUpgradeIgnoredMembership; } | null; } /** * UpgradeStatus provides status information for each upgrade. */ export interface Schema$ClusterUpgradeUpgradeStatus { /** * Status code of the upgrade. */ code?: string | null; /** * Reason for this status. */ reason?: string | null; /** * Last timestamp the status was updated. */ updateTime?: string | null; } /** * CommonFeatureSpec contains Hub-wide configuration information */ export interface Schema$CommonFeatureSpec { /** * Anthos Observability spec */ anthosobservability?: Schema$AnthosObservabilityFeatureSpec; /** * Appdevexperience specific spec. */ appdevexperience?: Schema$AppDevExperienceFeatureSpec; /** * Cloud Audit Logging-specific spec. */ cloudauditlogging?: Schema$CloudAuditLoggingFeatureSpec; /** * FleetObservability feature spec. */ fleetobservability?: Schema$FleetObservabilityFeatureSpec; /** * Multicluster Ingress-specific spec. */ multiclusteringress?: Schema$MultiClusterIngressFeatureSpec; /** * Workload Certificate spec. */ workloadcertificate?: Schema$FeatureSpec; } /** * CommonFeatureState contains Hub-wide Feature status information. */ export interface Schema$CommonFeatureState { /** * Appdevexperience specific state. */ appdevexperience?: Schema$AppDevExperienceFeatureState; /** * FleetObservability feature state. */ fleetobservability?: Schema$FleetObservabilityFeatureState; /** * Service Mesh-specific state. */ servicemesh?: Schema$ServiceMeshFeatureState; /** * Output only. The "running state" of the Feature in this Hub. */ state?: Schema$FeatureState; } /** * CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet */ export interface Schema$CommonFleetDefaultMemberConfigSpec { /** * Identity Service-specific spec. */ identityservice?: Schema$IdentityServiceMembershipSpec; } /** * Configuration for Binauthz */ export interface Schema$ConfigManagementBinauthzConfig { /** * Whether binauthz is enabled in this cluster. */ enabled?: boolean | null; } /** * State for Binauthz */ export interface Schema$ConfigManagementBinauthzState { /** * The version of binauthz that is installed. */ version?: Schema$ConfigManagementBinauthzVersion; /** * The state of the binauthz webhook. */ webhook?: string | null; } /** * The version of binauthz. */ export interface Schema$ConfigManagementBinauthzVersion { /** * The version of the binauthz webhook. */ webhookVersion?: string | null; } /** * Configuration for Config Sync */ export interface Schema$ConfigManagementConfigSync { /** * Set to true to allow the vertical scaling. Defaults to false which disallows vertical scaling. This field is deprecated. */ allowVerticalScale?: boolean | null; /** * Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. */ enabled?: boolean | null; /** * Git repo configuration for the cluster. */ git?: Schema$ConfigManagementGitConfig; /** * The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring and Cloud Monarch when Workload Identity is enabled. The GSA should have the Monitoring Metric Writer (roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. This field is required when automatic Feature management is enabled. */ metricsGcpServiceAccountEmail?: string | null; /** * OCI repo configuration for the cluster */ oci?: Schema$ConfigManagementOciConfig; /** * Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts. */ preventDrift?: boolean | null; /** * Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. */ sourceFormat?: string | null; /** * Set to true to stop syncing configs for a single cluster when automatic Feature management is enabled. Default to false. The field will be ignored when automatic Feature management is disabled. */ stopSyncing?: boolean | null; } /** * The state of ConfigSync's deployment on a cluster */ export interface Schema$ConfigManagementConfigSyncDeploymentState { /** * Deployment state of admission-webhook */ admissionWebhook?: string | null; /** * Deployment state of the git-sync pod */ gitSync?: string | null; /** * Deployment state of the importer pod */ importer?: string | null; /** * Deployment state of the monitor pod */ monitor?: string | null; /** * Deployment state of reconciler-manager pod */ reconcilerManager?: string | null; /** * Deployment state of root-reconciler */ rootReconciler?: string | null; /** * Deployment state of the syncer pod */ syncer?: string | null; } /** * Errors pertaining to the installation of Config Sync */ export interface Schema$ConfigManagementConfigSyncError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * State information for ConfigSync */ export interface Schema$ConfigManagementConfigSyncState { /** * Information about the deployment of ConfigSync, including the version of the various Pods deployed */ deploymentState?: Schema$ConfigManagementConfigSyncDeploymentState; /** * Errors pertaining to the installation of Config Sync. */ errors?: Schema$ConfigManagementConfigSyncError[]; /** * The state of ConfigSync's process to sync configs to a cluster */ syncState?: Schema$ConfigManagementSyncState; /** * The version of ConfigSync deployed */ version?: Schema$ConfigManagementConfigSyncVersion; } /** * Specific versioning information pertaining to ConfigSync's Pods */ export interface Schema$ConfigManagementConfigSyncVersion { /** * Version of the deployed admission_webhook pod */ admissionWebhook?: string | null; /** * Version of the deployed git-sync pod */ gitSync?: string | null; /** * Version of the deployed importer pod */ importer?: string | null; /** * Version of the deployed monitor pod */ monitor?: string | null; /** * Version of the deployed reconciler-manager pod */ reconcilerManager?: string | null; /** * Version of the deployed reconciler container in root-reconciler pod */ rootReconciler?: string | null; /** * Version of the deployed syncer pod */ syncer?: string | null; } /** * Model for a config file in the git repo with an associated Sync error */ export interface Schema$ConfigManagementErrorResource { /** * Group/version/kind of the resource that is causing an error */ resourceGvk?: Schema$ConfigManagementGroupVersionKind; /** * Metadata name of the resource that is causing an error */ resourceName?: string | null; /** * Namespace of the resource that is causing an error */ resourceNamespace?: string | null; /** * Path in the git repo of the erroneous config */ sourcePath?: string | null; } /** * State of Policy Controller installation. */ export interface Schema$ConfigManagementGatekeeperDeploymentState { /** * Status of gatekeeper-audit deployment. */ gatekeeperAudit?: string | null; /** * Status of gatekeeper-controller-manager pod. */ gatekeeperControllerManagerState?: string | null; /** * Status of the pod serving the mutation webhook. */ gatekeeperMutation?: string | null; } /** * Git repo configuration for a single cluster. */ export interface Schema$ConfigManagementGitConfig { /** * The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount. */ gcpServiceAccountEmail?: string | null; /** * URL for the HTTPS proxy to be used when communicating with the Git repo. */ httpsProxy?: string | null; /** * The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. */ policyDir?: string | null; /** * Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required. */ secretType?: string | null; /** * The branch of the repository to sync from. Default: master. */ syncBranch?: string | null; /** * The URL of the Git repository to use as the source of truth. */ syncRepo?: string | null; /** * Git revision (tag or hash) to check out. Default HEAD. */ syncRev?: string | null; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * A Kubernetes object's GVK */ export interface Schema$ConfigManagementGroupVersionKind { /** * Kubernetes Group */ group?: string | null; /** * Kubernetes Kind */ kind?: string | null; /** * Kubernetes Version */ version?: string | null; } /** * Configuration for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerConfig { /** * Whether Hierarchy Controller is enabled in this cluster. */ enabled?: boolean | null; /** * Whether hierarchical resource quota is enabled in this cluster. */ enableHierarchicalResourceQuota?: boolean | null; /** * Whether pod tree labels are enabled in this cluster. */ enablePodTreeLabels?: boolean | null; } /** * Deployment state for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerDeploymentState { /** * The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1) */ extension?: string | null; /** * The deployment state for open source HNC (e.g. v0.7.0-hc.0) */ hnc?: string | null; } /** * State for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerState { /** * The deployment state for Hierarchy Controller */ state?: Schema$ConfigManagementHierarchyControllerDeploymentState; /** * The version for Hierarchy Controller */ version?: Schema$ConfigManagementHierarchyControllerVersion; } /** * Version for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerVersion { /** * Version for Hierarchy Controller extension */ extension?: string | null; /** * Version for open source HNC */ hnc?: string | null; } /** * Errors pertaining to the installation of ACM */ export interface Schema$ConfigManagementInstallError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * **Anthos Config Management**: Configuration for a single cluster. Intended to parallel the ConfigManagement CR. */ export interface Schema$ConfigManagementMembershipSpec { /** * Binauthz conifguration for the cluster. */ binauthz?: Schema$ConfigManagementBinauthzConfig; /** * The user-specified cluster name used by Config Sync cluster-name-selector annotation or ClusterSelector, for applying configs to only a subset of clusters. Omit this field if the cluster's fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector. Set this field if a name different from the cluster's fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector. */ cluster?: string | null; /** * Config Sync configuration for the cluster. */ configSync?: Schema$ConfigManagementConfigSync; /** * Hierarchy Controller configuration for the cluster. */ hierarchyController?: Schema$ConfigManagementHierarchyControllerConfig; /** * Enables automatic Feature management. */ management?: string | null; /** * Policy Controller configuration for the cluster. */ policyController?: Schema$ConfigManagementPolicyController; /** * Version of ACM installed. */ version?: string | null; } /** * **Anthos Config Management**: State for a single cluster. */ export interface Schema$ConfigManagementMembershipState { /** * Binauthz status */ binauthzState?: Schema$ConfigManagementBinauthzState; /** * This field is set to the `cluster_name` field of the Membership Spec if it is not empty. Otherwise, it is set to the cluster's fleet membership name. */ clusterName?: string | null; /** * Current sync status */ configSyncState?: Schema$ConfigManagementConfigSyncState; /** * Hierarchy Controller status */ hierarchyControllerState?: Schema$ConfigManagementHierarchyControllerState; /** * Membership configuration in the cluster. This represents the actual state in the cluster, while the MembershipSpec in the FeatureSpec represents the intended state */ membershipSpec?: Schema$ConfigManagementMembershipSpec; /** * Current install status of ACM's Operator */ operatorState?: Schema$ConfigManagementOperatorState; /** * PolicyController status */ policyControllerState?: Schema$ConfigManagementPolicyControllerState; } /** * OCI repo configuration for a single cluster */ export interface Schema$ConfigManagementOciConfig { /** * The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount. */ gcpServiceAccountEmail?: string | null; /** * The absolute path of the directory that contains the local resources. Default: the root directory of the image. */ policyDir?: string | null; /** * Type of secret configured for access to the Git repo. */ secretType?: string | null; /** * The OCI image repository URL for the package to sync from. e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`. */ syncRepo?: string | null; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * State information for an ACM's Operator */ export interface Schema$ConfigManagementOperatorState { /** * The state of the Operator's deployment */ deploymentState?: string | null; /** * Install errors. */ errors?: Schema$ConfigManagementInstallError[]; /** * The semenatic version number of the operator */ version?: string | null; } /** * Configuration for Policy Controller */ export interface Schema$ConfigManagementPolicyController { /** * Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. */ auditIntervalSeconds?: string | null; /** * Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. */ enabled?: boolean | null; /** * The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. */ exemptableNamespaces?: string[] | null; /** * Logs all denies and dry run failures. */ logDeniesEnabled?: boolean | null; /** * Monitoring specifies the configuration of monitoring. */ monitoring?: Schema$ConfigManagementPolicyControllerMonitoring; /** * Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster. */ mutationEnabled?: boolean | null; /** * Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. */ referentialRulesEnabled?: boolean | null; /** * Installs the default template library along with Policy Controller. */ templateLibraryInstalled?: boolean | null; /** * Output only. Last time this membership spec was updated. */ updateTime?: string | null; } /** * State for the migration of PolicyController from ACM -\> PoCo Hub. */ export interface Schema$ConfigManagementPolicyControllerMigration { /** * Last time this membership spec was copied to PoCo feature. */ copyTime?: string | null; /** * Stage of the migration. */ stage?: string | null; } /** * PolicyControllerMonitoring specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"] */ export interface Schema$ConfigManagementPolicyControllerMonitoring { /** * Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. */ backends?: string[] | null; } /** * State for PolicyControllerState. */ export interface Schema$ConfigManagementPolicyControllerState { /** * The state about the policy controller installation. */ deploymentState?: Schema$ConfigManagementGatekeeperDeploymentState; /** * Record state of ACM -\> PoCo Hub migration for this feature. */ migration?: Schema$ConfigManagementPolicyControllerMigration; /** * The version of Gatekeeper Policy Controller deployed. */ version?: Schema$ConfigManagementPolicyControllerVersion; } /** * The build version of Gatekeeper Policy Controller is using. */ export interface Schema$ConfigManagementPolicyControllerVersion { /** * The gatekeeper image tag that is composed of ACM version, git tag, build number. */ version?: string | null; } /** * An ACM created error representing a problem syncing configurations */ export interface Schema$ConfigManagementSyncError { /** * An ACM defined error code */ code?: string | null; /** * A description of the error */ errorMessage?: string | null; /** * A list of config(s) associated with the error, if any */ errorResources?: Schema$ConfigManagementErrorResource[]; } /** * State indicating an ACM's progress syncing configurations to a cluster */ export interface Schema$ConfigManagementSyncState { /** * Sync status code */ code?: string | null; /** * A list of errors resulting from problematic configs. This list will be truncated after 100 errors, although it is unlikely for that many errors to simultaneously exist. */ errors?: Schema$ConfigManagementSyncError[]; /** * Token indicating the state of the importer. */ importToken?: string | null; /** * Deprecated: use last_sync_time instead. Timestamp of when ACM last successfully synced the repo The time format is specified in https://golang.org/pkg/time/#Time.String */ lastSync?: string | null; /** * Timestamp type of when ACM last successfully synced the repo */ lastSyncTime?: string | null; /** * Token indicating the state of the repo. */ sourceToken?: string | null; /** * Token indicating the state of the syncer. */ syncToken?: string | null; } /** * ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment. */ export interface Schema$ConnectAgentResource { /** * YAML manifest of the resource. */ manifest?: string | null; /** * Kubernetes type of the resource. */ type?: Schema$TypeMeta; } /** * EdgeCluster contains information specific to Google Edge Clusters. */ export interface Schema$EdgeCluster { /** * Immutable. Self-link of the Google Cloud resource for the Edge Cluster. For example: //edgecontainer.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster */ resourceLink?: string | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$Empty { } /** * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. */ export interface Schema$Expr { /** * Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. */ description?: string | null; /** * Textual representation of an expression in Common Expression Language syntax. */ expression?: string | null; /** * Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. */ location?: string | null; /** * Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string | null; } /** * Feature represents the settings and status of any Hub Feature. */ export interface Schema$Feature { /** * Output only. When the Feature resource was created. */ createTime?: string | null; /** * Output only. When the Feature resource was deleted. */ deleteTime?: string | null; /** * Optional. Feature configuration applicable to all memberships of the fleet. */ fleetDefaultMemberConfig?: Schema$CommonFleetDefaultMemberConfigSpec; /** * Labels for this Feature. */ labels?: { [key: string]: string; } | null; /** * Optional. Membership-specific configuration for this Feature. If this Feature does not support any per-Membership configuration, this field may be unused. The keys indicate which Membership the configuration is for, in the form: `projects/{p\}/locations/{l\}/memberships/{m\}` Where {p\} is the project, {l\} is a valid location and {m\} is a valid Membership in this project at that location. {p\} WILL match the Feature's project. {p\} will always be returned as the project number, but the project ID is also accepted during input. If the same Membership is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. */ membershipSpecs?: { [key: string]: Schema$MembershipFeatureSpec; } | null; /** * Output only. Membership-specific Feature status. If this Feature does report any per-Membership status, this field may be unused. The keys indicate which Membership the state is for, in the form: `projects/{p\}/locations/{l\}/memberships/{m\}` Where {p\} is the project number, {l\} is a valid location and {m\} is a valid Membership in this project at that location. {p\} MUST match the Feature's project number. */ membershipStates?: { [key: string]: Schema$MembershipFeatureState; } | null; /** * Output only. The full, unique name of this Feature resource in the format `projects/x/locations/x/features/x`. */ name?: string | null; /** * Output only. State of the Feature resource itself. */ resourceState?: Schema$FeatureResourceState; /** * Optional. Scope-specific configuration for this Feature. If this Feature does not support any per-Scope configuration, this field may be unused. The keys indicate which Scope the configuration is for, in the form: `projects/{p\}/locations/global/scopes/{s\}` Where {p\} is the project, {s\} is a valid Scope in this project. {p\} WILL match the Feature's project. {p\} will always be returned as the project number, but the project ID is also accepted during input. If the same Scope is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. */ scopeSpecs?: { [key: string]: Schema$ScopeFeatureSpec; } | null; /** * Output only. Scope-specific Feature status. If this Feature does report any per-Scope status, this field may be unused. The keys indicate which Scope the state is for, in the form: `projects/{p\}/locations/global/scopes/{s\}` Where {p\} is the project, {s\} is a valid Scope in this project. {p\} WILL match the Feature's project. */ scopeStates?: { [key: string]: Schema$ScopeFeatureState; } | null; /** * Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused. */ spec?: Schema$CommonFeatureSpec; /** * Output only. The Hub-wide Feature state. */ state?: Schema$CommonFeatureState; /** * Output only. Whe