googleapis

/// <reference types="node" /> import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosPromise, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace gkehub_v1beta { export interface Options extends GlobalOptions { version: 'v1beta'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * GKE Hub API * * * * @example * ```js * const {google} = require('googleapis'); * const gkehub = google.gkehub('v1beta'); * ``` */ export class Gkehub { context: APIRequestContext; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * **Anthos Observability**: Spec */ export interface Schema$AnthosObservabilityFeatureSpec { /** * Default membership spec for unconfigured memberships */ defaultMembershipSpec?: Schema$AnthosObservabilityMembershipSpec; } /** * **Anthosobservability**: Per-Membership Feature spec. */ export interface Schema$AnthosObservabilityMembershipSpec { /** * Use full of metrics rather than optimized metrics. See https://cloud.google.com/anthos/clusters/docs/on-prem/1.8/concepts/logging-and-monitoring#optimized_metrics_default_metrics */ doNotOptimizeMetrics?: boolean | null; /** * Enable collecting and reporting metrics and logs from user apps. */ enableStackdriverOnApplications?: boolean | null; /** * the version of stackdriver operator used by this feature */ version?: string | null; } /** * Spec for App Dev Experience Feature. */ export interface Schema$AppDevExperienceFeatureSpec { } /** * State for App Dev Exp Feature. */ export interface Schema$AppDevExperienceFeatureState { /** * Status of subcomponent that detects configured Service Mesh resources. */ networkingInstallSucceeded?: Schema$Status; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. */ role?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * CommonFeatureSpec contains Hub-wide configuration information */ export interface Schema$CommonFeatureSpec { /** * Anthos Observability spec */ anthosobservability?: Schema$AnthosObservabilityFeatureSpec; /** * Appdevexperience specific spec. */ appdevexperience?: Schema$AppDevExperienceFeatureSpec; /** * FleetObservability feature spec. */ fleetobservability?: Schema$FleetObservabilityFeatureSpec; /** * Multicluster Ingress-specific spec. */ multiclusteringress?: Schema$MultiClusterIngressFeatureSpec; } /** * CommonFeatureState contains Hub-wide Feature status information. */ export interface Schema$CommonFeatureState { /** * Appdevexperience specific state. */ appdevexperience?: Schema$AppDevExperienceFeatureState; /** * FleetObservability feature state. */ fleetobservability?: Schema$FleetObservabilityFeatureState; /** * Output only. The "running state" of the Feature in this Hub. */ state?: Schema$FeatureState; } /** * CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet */ export interface Schema$CommonFleetDefaultMemberConfigSpec { /** * Identity Service-specific spec. */ identityservice?: Schema$IdentityServiceMembershipSpec; } /** * Configuration for Binauthz */ export interface Schema$ConfigManagementBinauthzConfig { /** * Whether binauthz is enabled in this cluster. */ enabled?: boolean | null; } /** * State for Binauthz */ export interface Schema$ConfigManagementBinauthzState { /** * The version of binauthz that is installed. */ version?: Schema$ConfigManagementBinauthzVersion; /** * The state of the binauthz webhook. */ webhook?: string | null; } /** * The version of binauthz. */ export interface Schema$ConfigManagementBinauthzVersion { /** * The version of the binauthz webhook. */ webhookVersion?: string | null; } /** * Configuration for Config Sync */ export interface Schema$ConfigManagementConfigSync { /** * Set to true to allow the vertical scaling. Defaults to false which disallows vertical scaling. This field is deprecated. */ allowVerticalScale?: boolean | null; /** * Enables the installation of ConfigSync. If set to true, ConfigSync resources will be created and the other ConfigSync fields will be applied if exist. If set to false, all other ConfigSync fields will be ignored, ConfigSync resources will be deleted. If omitted, ConfigSync resources will be managed depends on the presence of the git or oci field. */ enabled?: boolean | null; /** * Git repo configuration for the cluster. */ git?: Schema$ConfigManagementGitConfig; /** * The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring and Cloud Monarch when Workload Identity is enabled. The GSA should have the Monitoring Metric Writer (roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. This field is required when automatic Feature management is enabled. */ metricsGcpServiceAccountEmail?: string | null; /** * OCI repo configuration for the cluster */ oci?: Schema$ConfigManagementOciConfig; /** * Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts. */ preventDrift?: boolean | null; /** * Specifies whether the Config Sync Repo is in "hierarchical" or "unstructured" mode. */ sourceFormat?: string | null; /** * Set to true to stop syncing configs for a single cluster when automatic Feature management is enabled. Default to false. The field will be ignored when automatic Feature management is disabled. */ stopSyncing?: boolean | null; } /** * The state of ConfigSync's deployment on a cluster */ export interface Schema$ConfigManagementConfigSyncDeploymentState { /** * Deployment state of admission-webhook */ admissionWebhook?: string | null; /** * Deployment state of the git-sync pod */ gitSync?: string | null; /** * Deployment state of the importer pod */ importer?: string | null; /** * Deployment state of the monitor pod */ monitor?: string | null; /** * Deployment state of reconciler-manager pod */ reconcilerManager?: string | null; /** * Deployment state of root-reconciler */ rootReconciler?: string | null; /** * Deployment state of the syncer pod */ syncer?: string | null; } /** * Errors pertaining to the installation of Config Sync */ export interface Schema$ConfigManagementConfigSyncError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * State information for ConfigSync */ export interface Schema$ConfigManagementConfigSyncState { /** * Information about the deployment of ConfigSync, including the version of the various Pods deployed */ deploymentState?: Schema$ConfigManagementConfigSyncDeploymentState; /** * Errors pertaining to the installation of Config Sync. */ errors?: Schema$ConfigManagementConfigSyncError[]; /** * The state of ConfigSync's process to sync configs to a cluster */ syncState?: Schema$ConfigManagementSyncState; /** * The version of ConfigSync deployed */ version?: Schema$ConfigManagementConfigSyncVersion; } /** * Specific versioning information pertaining to ConfigSync's Pods */ export interface Schema$ConfigManagementConfigSyncVersion { /** * Version of the deployed admission_webhook pod */ admissionWebhook?: string | null; /** * Version of the deployed git-sync pod */ gitSync?: string | null; /** * Version of the deployed importer pod */ importer?: string | null; /** * Version of the deployed monitor pod */ monitor?: string | null; /** * Version of the deployed reconciler-manager pod */ reconcilerManager?: string | null; /** * Version of the deployed reconciler container in root-reconciler pod */ rootReconciler?: string | null; /** * Version of the deployed syncer pod */ syncer?: string | null; } /** * Model for a config file in the git repo with an associated Sync error */ export interface Schema$ConfigManagementErrorResource { /** * Group/version/kind of the resource that is causing an error */ resourceGvk?: Schema$ConfigManagementGroupVersionKind; /** * Metadata name of the resource that is causing an error */ resourceName?: string | null; /** * Namespace of the resource that is causing an error */ resourceNamespace?: string | null; /** * Path in the git repo of the erroneous config */ sourcePath?: string | null; } /** * State of Policy Controller installation. */ export interface Schema$ConfigManagementGatekeeperDeploymentState { /** * Status of gatekeeper-audit deployment. */ gatekeeperAudit?: string | null; /** * Status of gatekeeper-controller-manager pod. */ gatekeeperControllerManagerState?: string | null; /** * Status of the pod serving the mutation webhook. */ gatekeeperMutation?: string | null; } /** * Git repo configuration for a single cluster. */ export interface Schema$ConfigManagementGitConfig { /** * The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount. */ gcpServiceAccountEmail?: string | null; /** * URL for the HTTPS proxy to be used when communicating with the Git repo. */ httpsProxy?: string | null; /** * The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. */ policyDir?: string | null; /** * Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive. Required. */ secretType?: string | null; /** * The branch of the repository to sync from. Default: master. */ syncBranch?: string | null; /** * The URL of the Git repository to use as the source of truth. */ syncRepo?: string | null; /** * Git revision (tag or hash) to check out. Default HEAD. */ syncRev?: string | null; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * A Kubernetes object's GVK */ export interface Schema$ConfigManagementGroupVersionKind { /** * Kubernetes Group */ group?: string | null; /** * Kubernetes Kind */ kind?: string | null; /** * Kubernetes Version */ version?: string | null; } /** * Configuration for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerConfig { /** * Whether Hierarchy Controller is enabled in this cluster. */ enabled?: boolean | null; /** * Whether hierarchical resource quota is enabled in this cluster. */ enableHierarchicalResourceQuota?: boolean | null; /** * Whether pod tree labels are enabled in this cluster. */ enablePodTreeLabels?: boolean | null; } /** * Deployment state for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerDeploymentState { /** * The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1) */ extension?: string | null; /** * The deployment state for open source HNC (e.g. v0.7.0-hc.0) */ hnc?: string | null; } /** * State for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerState { /** * The deployment state for Hierarchy Controller */ state?: Schema$ConfigManagementHierarchyControllerDeploymentState; /** * The version for Hierarchy Controller */ version?: Schema$ConfigManagementHierarchyControllerVersion; } /** * Version for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerVersion { /** * Version for Hierarchy Controller extension */ extension?: string | null; /** * Version for open source HNC */ hnc?: string | null; } /** * Errors pertaining to the installation of ACM */ export interface Schema$ConfigManagementInstallError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * **Anthos Config Management**: Configuration for a single cluster. Intended to parallel the ConfigManagement CR. */ export interface Schema$ConfigManagementMembershipSpec { /** * Binauthz conifguration for the cluster. */ binauthz?: Schema$ConfigManagementBinauthzConfig; /** * The user-specified cluster name used by Config Sync cluster-name-selector annotation or ClusterSelector, for applying configs to only a subset of clusters. Omit this field if the cluster's fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector. Set this field if a name different from the cluster's fleet membership name is used by Config Sync cluster-name-selector annotation or ClusterSelector. */ cluster?: string | null; /** * Config Sync configuration for the cluster. */ configSync?: Schema$ConfigManagementConfigSync; /** * Hierarchy Controller configuration for the cluster. */ hierarchyController?: Schema$ConfigManagementHierarchyControllerConfig; /** * Enables automatic Feature management. */ management?: string | null; /** * Policy Controller configuration for the cluster. */ policyController?: Schema$ConfigManagementPolicyController; /** * Version of ACM installed. */ version?: string | null; } /** * **Anthos Config Management**: State for a single cluster. */ export interface Schema$ConfigManagementMembershipState { /** * Binauthz status */ binauthzState?: Schema$ConfigManagementBinauthzState; /** * This field is set to the `cluster_name` field of the Membership Spec if it is not empty. Otherwise, it is set to the cluster's fleet membership name. */ clusterName?: string | null; /** * Current sync status */ configSyncState?: Schema$ConfigManagementConfigSyncState; /** * Hierarchy Controller status */ hierarchyControllerState?: Schema$ConfigManagementHierarchyControllerState; /** * Membership configuration in the cluster. This represents the actual state in the cluster, while the MembershipSpec in the FeatureSpec represents the intended state */ membershipSpec?: Schema$ConfigManagementMembershipSpec; /** * Current install status of ACM's Operator */ operatorState?: Schema$ConfigManagementOperatorState; /** * PolicyController status */ policyControllerState?: Schema$ConfigManagementPolicyControllerState; } /** * OCI repo configuration for a single cluster */ export interface Schema$ConfigManagementOciConfig { /** * The Google Cloud Service Account Email used for auth when secret_type is gcpServiceAccount. */ gcpServiceAccountEmail?: string | null; /** * The absolute path of the directory that contains the local resources. Default: the root directory of the image. */ policyDir?: string | null; /** * Type of secret configured for access to the Git repo. */ secretType?: string | null; /** * The OCI image repository URL for the package to sync from. e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`. */ syncRepo?: string | null; /** * Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * State information for an ACM's Operator */ export interface Schema$ConfigManagementOperatorState { /** * The state of the Operator's deployment */ deploymentState?: string | null; /** * Install errors. */ errors?: Schema$ConfigManagementInstallError[]; /** * The semenatic version number of the operator */ version?: string | null; } /** * Configuration for Policy Controller */ export interface Schema$ConfigManagementPolicyController { /** * Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. */ auditIntervalSeconds?: string | null; /** * Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. */ enabled?: boolean | null; /** * The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. */ exemptableNamespaces?: string[] | null; /** * Logs all denies and dry run failures. */ logDeniesEnabled?: boolean | null; /** * Monitoring specifies the configuration of monitoring. */ monitoring?: Schema$ConfigManagementPolicyControllerMonitoring; /** * Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster. */ mutationEnabled?: boolean | null; /** * Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. */ referentialRulesEnabled?: boolean | null; /** * Installs the default template library along with Policy Controller. */ templateLibraryInstalled?: boolean | null; /** * Output only. Last time this membership spec was updated. */ updateTime?: string | null; } /** * State for the migration of PolicyController from ACM -\> PoCo Hub. */ export interface Schema$ConfigManagementPolicyControllerMigration { /** * Last time this membership spec was copied to PoCo feature. */ copyTime?: string | null; /** * Stage of the migration. */ stage?: string | null; } /** * PolicyControllerMonitoring specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"] */ export interface Schema$ConfigManagementPolicyControllerMonitoring { /** * Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. */ backends?: string[] | null; } /** * State for PolicyControllerState. */ export interface Schema$ConfigManagementPolicyControllerState { /** * The state about the policy controller installation. */ deploymentState?: Schema$ConfigManagementGatekeeperDeploymentState; /** * Record state of ACM -\> PoCo Hub migration for this feature. */ migration?: Schema$ConfigManagementPolicyControllerMigration; /** * The version of Gatekeeper Policy Controller deployed. */ version?: Schema$ConfigManagementPolicyControllerVersion; } /** * The build version of Gatekeeper Policy Controller is using. */ export interface Schema$ConfigManagementPolicyControllerVersion { /** * The gatekeeper image tag that is composed of ACM version, git tag, build number. */ version?: string | null; } /** * An ACM created error representing a problem syncing configurations */ export interface Schema$ConfigManagementSyncError { /** * An ACM defined error code */ code?: string | null; /** * A description of the error */ errorMessage?: string | null; /** * A list of config(s) associated with the error, if any */ errorResources?: Schema$ConfigManagementErrorResource[]; } /** * State indicating an ACM's progress syncing configurations to a cluster */ export interface Schema$ConfigManagementSyncState { /** * Sync status code */ code?: string | null; /** * A list of errors resulting from problematic configs. This list will be truncated after 100 errors, although it is unlikely for that many errors to simultaneously exist. */ errors?: Schema$ConfigManagementSyncError[]; /** * Token indicating the state of the importer. */ importToken?: string | null; /** * Deprecated: use last_sync_time instead. Timestamp of when ACM last successfully synced the repo The time format is specified in https://golang.org/pkg/time/#Time.String */ lastSync?: string | null; /** * Timestamp type of when ACM last successfully synced the repo */ lastSyncTime?: string | null; /** * Token indicating the state of the repo. */ sourceToken?: string | null; /** * Token indicating the state of the syncer. */ syncToken?: string | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$Empty { } /** * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. */ export interface Schema$Expr { /** * Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. */ description?: string | null; /** * Textual representation of an expression in Common Expression Language syntax. */ expression?: string | null; /** * Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. */ location?: string | null; /** * Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string | null; } /** * Feature represents the settings and status of any Hub Feature. */ export interface Schema$Feature { /** * Output only. When the Feature resource was created. */ createTime?: string | null; /** * Output only. When the Feature resource was deleted. */ deleteTime?: string | null; /** * Optional. Feature configuration applicable to all memberships of the fleet. */ fleetDefaultMemberConfig?: Schema$CommonFleetDefaultMemberConfigSpec; /** * Labels for this Feature. */ labels?: { [key: string]: string; } | null; /** * Optional. Membership-specific configuration for this Feature. If this Feature does not support any per-Membership configuration, this field may be unused. The keys indicate which Membership the configuration is for, in the form: `projects/{p\}/locations/{l\}/memberships/{m\}` Where {p\} is the project, {l\} is a valid location and {m\} is a valid Membership in this project at that location. {p\} WILL match the Feature's project. {p\} will always be returned as the project number, but the project ID is also accepted during input. If the same Membership is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. */ membershipSpecs?: { [key: string]: Schema$MembershipFeatureSpec; } | null; /** * Output only. Membership-specific Feature status. If this Feature does report any per-Membership status, this field may be unused. The keys indicate which Membership the state is for, in the form: `projects/{p\}/locations/{l\}/memberships/{m\}` Where {p\} is the project number, {l\} is a valid location and {m\} is a valid Membership in this project at that location. {p\} MUST match the Feature's project number. */ membershipStates?: { [key: string]: Schema$MembershipFeatureState; } | null; /** * Output only. The full, unique name of this Feature resource in the format `projects/x/locations/x/features/x`. */ name?: string | null; /** * Output only. State of the Feature resource itself. */ resourceState?: Schema$FeatureResourceState; /** * Optional. Scope-specific configuration for this Feature. If this Feature does not support any per-Scope configuration, this field may be unused. The keys indicate which Scope the configuration is for, in the form: `projects/{p\}/locations/global/scopes/{s\}` Where {p\} is the project, {s\} is a valid Scope in this project. {p\} WILL match the Feature's project. {p\} will always be returned as the project number, but the project ID is also accepted during input. If the same Scope is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature. */ scopeSpecs?: { [key: string]: Schema$ScopeFeatureSpec; } | null; /** * Output only. Scope-specific Feature status. If this Feature does report any per-Scope status, this field may be unused. The keys indicate which Scope the state is for, in the form: `projects/{p\}/locations/global/scopes/{s\}` Where {p\} is the project, {s\} is a valid Scope in this project. {p\} WILL match the Feature's project. */ scopeStates?: { [key: string]: Schema$ScopeFeatureState; } | null; /** * Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused. */ spec?: Schema$CommonFeatureSpec; /** * Output only. The Hub-wide Feature state. */ state?: Schema$CommonFeatureState; /** * Output only. When the Feature resource was last updated. */ updateTime?: string | null; } /** * FeatureResourceState describes the state of a Feature *resource* in the GkeHub API. See `FeatureState` for the "running state" of the Feature in the Hub and across Memberships. */ export interface Schema$FeatureResourceState { /** * The current state of the Feature resource in the Hub API. */ state?: string | null; } /** * FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context. */ export interface Schema$FeatureState { /** * The high-level, machine-readable status of this Feature. */ code?: string | null; /** * A human-readable description of the current status. */ description?: string | null; /** * The time this status and any related Feature-specific details were updated. */ updateTime?: string | null; } /** * Fleet contains the Fleet-wide metadata and configuration. */ export interface Schema$Fleet { /** * Output only. When the Fleet was created. */ createTime?: string | null; /** * Output only. When the Fleet was deleted. */ deleteTime?: string | null; /** * Optional. A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `Production Fleet` */ displayName?: string | null; /** * Optional. Labels for this Fleet. */ labels?: { [key: string]: string; } | null; /** * Output only. The full, unique resource name of this fleet in the format of `projects/{project\}/locations/{location\}/fleets/{fleet\}`. Each Google Cloud project can have at most one fleet resource, named "default". */ name?: string | null; /** * Output only. State of the namespace resource. */ state?: Schema$FleetLifecycleState; /** * Output only. Google-generated UUID for this resource. This is unique across all Fleet resources. If a Fleet resource is deleted and another resource with the same name is created, it gets a different uid. */ uid?: string | null; /** * Output only. When the Fleet was last updated. */ updateTime?: string | null; } /** * FleetLifecycleState describes the state of a Fleet resource. */ export interface Schema$FleetLifecycleState { /** * Output only. The current state of the Fleet resource. */ code?: string | null; } /** * All error details of the fleet observability feature. */ export interface Schema$FleetObservabilityFeatureError { /** * The code of the error. */ code?: string | null; /** * A human-readable description of the current status. */ description?: string | null; } /** * **Fleet Observability**: The Hub-wide input for the FleetObservability feature. */ export interface Schema$FleetObservabilityFeatureSpec { /** * Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet. */ loggingConfig?: Schema$FleetObservabilityLoggingConfig; } /** * **FleetObservability**: Hub-wide Feature for FleetObservability feature. state. */ export interface Schema$FleetObservabilityFeatureState { /** * The feature state of default logging. */ logging?: Schema$FleetObservabilityFleetObservabilityLoggingState; /** * The feature state of fleet monitoring. */ monitoring?: Schema$FleetObservabilityFleetObservabilityMonitoringState; } /** * Base state for fleet observability feature. */ export interface Schema$FleetObservabilityFleetObservabilityBaseFeatureState { /** * The high-level, machine-readable status of this Feature. */ code?: string | null; /** * Errors after reconciling the monitoring and logging feature if the code is not OK. */ errors?: Schema$FleetObservabilityFeatureError[]; } /** * Feature state for logging feature. */ export interface Schema$FleetObservabilityFleetObservabilityLoggingState { /** * The base feature state of fleet default log. */ defaultLog?: Schema$FleetObservabilityFleetObservabilityBaseFeatureState; /** * The base feature state of fleet scope log. */ scopeLog?: Schema$FleetObservabilityFleetObservabilityBaseFeatureState; } /** * Feature state for monitoring feature. */ export interface Schema$FleetObservabilityFleetObservabilityMonitoringState { /** * The base feature state of fleet monitoring feature. */ state?: Schema$FleetObservabilityFleetObservabilityBaseFeatureState; } /** * LoggingConfig defines the configuration for different types of logs. */ export interface Schema$FleetObservabilityLoggingConfig { /** * Specified if applying the default routing config to logs not specified in other configs. */ defaultConfig?: Schema$FleetObservabilityRoutingConfig; /** * Specified if applying the routing config to all logs for all fleet scopes. */ fleetScopeLogsConfig?: Schema$FleetObservabilityRoutingConfig; } /** * **FleetObservability**: The membership-specific input for FleetObservability feature. */ export interface Schema$FleetObservabilityMembershipSpec { } /** * **FleetObservability**: Membership-specific Feature state for fleetobservability. */ export interface Schema$FleetObservabilityMembershipState { } /** * RoutingConfig configures the behaviour of fleet logging feature. */ export interface Schema$FleetObservabilityRoutingConfig { /** * mode configures the logs routing mode. */ mode?: string | null; } /** * Response for GenerateRBACRoleBindingYAML. */ export interface Schema$GenerateMembershipRBACRoleBindingYAMLResponse { /** * a yaml text blob including the RBAC policies. */ roleBindingsYaml?: string | null; } /** * The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). */ export interface Schema$GoogleRpcStatus { /** * The status code, which should be an enum value of google.rpc.Code. */ code?: number | null; /** * A list of messages that carry the error details. There is a common set of message types for APIs to use. */ details?: Array<{ [key: string]: any; }> | null; /** * A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. */ message?: string | null; } /** * Configuration of an auth method for a member/cluster. Only one authentication method (e.g., OIDC and LDAP) can be set per AuthMethod. */ export interface Schema$IdentityServiceAuthMethod { /** * AzureAD specific Configuration. */ azureadConfig?: Schema$IdentityServiceAzureADConfig; /** * GoogleConfig specific configuration. */ googleConfig?: Schema$IdentityServiceGoogleConfig; /** * Identifier for auth config. */ name?: string | null; /** * OIDC specific configuration. */ oidcConfig?: Schema$IdentityServiceOidcConfig; /** * Proxy server address to use for auth method. */ proxy?: string | null; } /** * Configuration for the AzureAD Auth flow. */ export interface Schema$IdentityServiceAzureADConfig { /** * ID for the registered client application that makes authentication requests to the Azure AD identity provider. */ clientId?: string | null; /** * Input only. Unencrypted AzureAD client secret will be passed to the GKE Hub CLH. */ clientSecret?: string | null; /** * Output only. Encrypted AzureAD client secret. */ encryptedClientSecret?: string | null; /** * The redirect URL that kubectl uses for authorization. */ kubectlRedirectUri?: string | null; /** * Kind of Azure AD account to be authenticated. Supported values are or for accounts belonging to a specific tenant. */ tenant?: string | null; } /** * Configuration for the Google Plugin Auth flow. */ export interface Schema$IdentityServiceGoogleConfig { /** * Disable automatic configuration of Google Plugin on supported platforms. */ disable?: boolean | null; } /** * **Anthos Identity Service**: Configuration for a single Membership. */ export interface Schema$IdentityServiceMembershipSpec { /** * A member may support multiple auth methods. */ authMethods?: Schema$IdentityServiceAuthMethod[]; } /** * **Anthos Identity Service**: State for a single Membership. */ export interface Schema$IdentityServiceMembershipState { /** * The reason of the failure. */ failureReason?: string | null; /** * Installed AIS version. This is the AIS version installed on this member. The values makes sense iff state is OK. */ installedVersion?: string | null; /** * Last reconciled membership configuration */ memberConfig?: Schema$IdentityServiceMembershipSpec; /** * Deployment state on this member */ state?: string | null; } /** * Configuration for OIDC Auth flow. */ export interface Schema$IdentityServiceOidcConfig { /** * PEM-encoded CA for OIDC provider. */ certificateAuthorityData?: string | null; /** * ID for OIDC client application. */ clientId?: string | null; /** * Input only. Unencrypted OIDC client secret will be passed to the GKE Hub CLH. */ clientSecret?: string | null; /** * Flag to denote if reverse proxy is used to connect to auth provider. This flag should be set to true when provider is not reachable by Google Cloud Console. */ deployCloudConsoleProxy?: boolean | null; /** * Enable access token. */ enableAccessToken?: boolean | null; /** * Output only. Encrypted OIDC Client secret */ encryptedClientSecret?: string | null; /** * Comma-separated list of key-value pairs. */ extraParams?: string | null; /** * Prefix to prepend to group name. */ groupPrefix?: string | null; /** * Claim in OIDC ID token that holds gr