googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace gkehub_v1beta { export interface Options extends GlobalOptions { version: 'v1beta'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * GKE Hub API * * * * @example * ```js * const {google} = require('googleapis'); * const gkehub = google.gkehub('v1beta'); * ``` */ export class Gkehub { context: APIRequestContext; organizations: Resource$Organizations; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Spec for App Dev Experience Feature. */ export interface Schema$AppDevExperienceFeatureSpec { } /** * State for App Dev Exp Feature. */ export interface Schema$AppDevExperienceFeatureState { /** * Status of subcomponent that detects configured Service Mesh resources. */ networkingInstallSucceeded?: Schema$Status; } /** * ApplianceCluster contains information specific to GDC Edge Appliance Clusters. */ export interface Schema$ApplianceCluster { /** * Immutable. Self-link of the Google Cloud resource for the Appliance Cluster. For example: //transferappliance.googleapis.com/projects/my-project/locations/us-west1-a/appliances/my-appliance */ resourceLink?: string | null; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity */ export interface Schema$Authority { /** * Output only. An identity provider that reflects the `issuer` in the workload identity pool. */ identityProvider?: string | null; /** * Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters, it must use `location` rather than `zone` for GKE clusters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity). */ issuer?: string | null; /** * Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on `issuer`, and instead OIDC tokens will be validated using this field. */ oidcJwks?: string | null; /** * Optional. Output only. The identity provider for the scope-tenancy workload identity pool. */ scopeTenancyIdentityProvider?: string | null; /** * Optional. Output only. The name of the scope-tenancy workload identity pool. This pool is set in the fleet-level feature. */ scopeTenancyWorkloadIdentityPool?: string | null; /** * Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID\}, the workload pool format is `{PROJECT_ID\}.hub.id.goog`, although this is subject to change in newer versions of this API. */ workloadIdentityPool?: string | null; } /** * BinaryAuthorizationConfig defines the fleet level configuration of binary authorization feature. */ export interface Schema$BinaryAuthorizationConfig { /** * Optional. Mode of operation for binauthz policy evaluation. */ evaluationMode?: string | null; /** * Optional. Binauthz policies that apply to this cluster. */ policyBindings?: Schema$PolicyBinding[]; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/group/{group_id\}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/x`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/group/{group_id\}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/x`: All identities in a workload identity pool. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * Selector for clusters. */ export interface Schema$ClusterSelector { /** * Required. A valid CEL (Common Expression Language) expression which evaluates `resource.labels`. */ labelSelector?: string | null; } /** * **ClusterUpgrade**: The configuration for the fleet-level ClusterUpgrade feature. */ export interface Schema$ClusterUpgradeFleetSpec { /** * Allow users to override some properties of each GKE upgrade. */ gkeUpgradeOverrides?: Schema$ClusterUpgradeGKEUpgradeOverride[]; /** * Required. Post conditions to evaluate to mark an upgrade COMPLETE. Required. */ postConditions?: Schema$ClusterUpgradePostConditions; /** * This fleet consumes upgrades that have COMPLETE status code in the upstream fleets. See UpgradeStatus.Code for code definitions. The fleet name should be either fleet project number or id. This is defined as repeated for future proof reasons. Initial implementation will enforce at most one upstream fleet. */ upstreamFleets?: string[] | null; } /** * **ClusterUpgrade**: The state for the fleet-level ClusterUpgrade feature. */ export interface Schema$ClusterUpgradeFleetState { /** * This fleets whose upstream_fleets contain the current fleet. The fleet name should be either fleet project number or id. */ downstreamFleets?: string[] | null; /** * Feature state for GKE clusters. */ gkeState?: Schema$ClusterUpgradeGKEUpgradeFeatureState; /** * A list of memberships ignored by the feature. For example, manually upgraded clusters can be ignored if they are newer than the default versions of its release channel. The membership resource is in the format: `projects/{p\}/locations/{l\}/membership/{m\}`. */ ignored?: { [key: string]: Schema$ClusterUpgradeIgnoredMembership; } | null; } /** * GKEUpgrade represents a GKE provided upgrade, e.g., control plane upgrade. */ export interface Schema$ClusterUpgradeGKEUpgrade { /** * Name of the upgrade, e.g., "k8s_control_plane". It should be a valid upgrade name. It must not exceet 99 characters. */ name?: string | null; /** * Version of the upgrade, e.g., "1.22.1-gke.100". It should be a valid version. It must not exceet 99 characters. */ version?: string | null; } /** * GKEUpgradeFeatureCondition describes the condition of the feature for GKE clusters at a certain point of time. */ export interface Schema$ClusterUpgradeGKEUpgradeFeatureCondition { /** * Reason why the feature is in this status. */ reason?: string | null; /** * Status of the condition, one of True, False, Unknown. */ status?: string | null; /** * Type of the condition, for example, "ready". */ type?: string | null; /** * Last timestamp the condition was updated. */ updateTime?: string | null; } /** * GKEUpgradeFeatureState contains feature states for GKE clusters in the scope. */ export interface Schema$ClusterUpgradeGKEUpgradeFeatureState { /** * Current conditions of the feature. */ conditions?: Schema$ClusterUpgradeGKEUpgradeFeatureCondition[]; /** * Upgrade state. It will eventually replace `state`. */ upgradeState?: Schema$ClusterUpgradeGKEUpgradeState[]; } /** * Properties of a GKE upgrade that can be overridden by the user. For example, a user can skip soaking by overriding the soaking to 0. */ export interface Schema$ClusterUpgradeGKEUpgradeOverride { /** * Required. Post conditions to override for the specified upgrade (name + version). Required. */ postConditions?: Schema$ClusterUpgradePostConditions; /** * Required. Which upgrade to override. Required. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * GKEUpgradeState is a GKEUpgrade and its state at the scope and fleet level. */ export interface Schema$ClusterUpgradeGKEUpgradeState { /** * Number of GKE clusters in each status code. */ stats?: { [key: string]: string; } | null; /** * Status of the upgrade. */ status?: Schema$ClusterUpgradeUpgradeStatus; /** * Which upgrade to track the state. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * IgnoredMembership represents a membership ignored by the feature. A membership can be ignored because it was manually upgraded to a newer version than RC default. */ export interface Schema$ClusterUpgradeIgnoredMembership { /** * Time when the membership was first set to ignored. */ ignoredTime?: string | null; /** * Reason why the membership is ignored. */ reason?: string | null; } /** * ScopeGKEUpgradeState is a GKEUpgrade and its state per-membership. */ export interface Schema$ClusterUpgradeMembershipGKEUpgradeState { /** * Status of the upgrade. */ status?: Schema$ClusterUpgradeUpgradeStatus; /** * Which upgrade to track the state. */ upgrade?: Schema$ClusterUpgradeGKEUpgrade; } /** * Per-membership state for this feature. */ export interface Schema$ClusterUpgradeMembershipState { /** * Whether this membership is ignored by the feature. For example, manually upgraded clusters can be ignored if they are newer than the default versions of its release channel. */ ignored?: Schema$ClusterUpgradeIgnoredMembership; /** * Actual upgrade state against desired. */ upgrades?: Schema$ClusterUpgradeMembershipGKEUpgradeState[]; } /** * Post conditional checks after an upgrade has been applied on all eligible clusters. */ export interface Schema$ClusterUpgradePostConditions { /** * Required. Amount of time to "soak" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days. Required. */ soaking?: string | null; } /** * UpgradeStatus provides status information for each upgrade. */ export interface Schema$ClusterUpgradeUpgradeStatus { /** * Status code of the upgrade. */ code?: string | null; /** * Reason for this status. */ reason?: string | null; /** * Last timestamp the status was updated. */ updateTime?: string | null; } /** * CommonFeatureSpec contains Fleet-wide configuration information */ export interface Schema$CommonFeatureSpec { /** * Appdevexperience specific spec. */ appdevexperience?: Schema$AppDevExperienceFeatureSpec; /** * ClusterUpgrade (fleet-based) feature spec. */ clusterupgrade?: Schema$ClusterUpgradeFleetSpec; /** * DataplaneV2 feature spec. */ dataplanev2?: Schema$DataplaneV2FeatureSpec; /** * FleetObservability feature spec. */ fleetobservability?: Schema$FleetObservabilityFeatureSpec; /** * Multicluster Ingress-specific spec. */ multiclusteringress?: Schema$MultiClusterIngressFeatureSpec; /** * RBAC Role Binding Actuation feature spec */ rbacrolebindingactuation?: Schema$RBACRoleBindingActuationFeatureSpec; /** * Workload Identity feature spec. */ workloadidentity?: Schema$WorkloadIdentityFeatureSpec; } /** * CommonFeatureState contains Fleet-wide Feature status information. */ export interface Schema$CommonFeatureState { /** * Appdevexperience specific state. */ appdevexperience?: Schema$AppDevExperienceFeatureState; /** * ClusterUpgrade fleet-level state. */ clusterupgrade?: Schema$ClusterUpgradeFleetState; /** * FleetObservability feature state. */ fleetobservability?: Schema$FleetObservabilityFeatureState; /** * RBAC Role Binding Actuation feature state */ rbacrolebindingactuation?: Schema$RBACRoleBindingActuationFeatureState; /** * Output only. The "running state" of the Feature in this Fleet. */ state?: Schema$FeatureState; /** * WorkloadIdentity fleet-level state. */ workloadidentity?: Schema$WorkloadIdentityFeatureState; } /** * CommonFleetDefaultMemberConfigSpec contains default configuration information for memberships of a fleet */ export interface Schema$CommonFleetDefaultMemberConfigSpec { /** * Config Management-specific spec. */ configmanagement?: Schema$ConfigManagementMembershipSpec; /** * Identity Service-specific spec. */ identityservice?: Schema$IdentityServiceMembershipSpec; /** * Anthos Service Mesh-specific spec */ mesh?: Schema$ServiceMeshMembershipSpec; /** * Policy Controller spec. */ policycontroller?: Schema$PolicyControllerMembershipSpec; } /** * CompliancePostureConfig defines the settings needed to enable/disable features for the Compliance Posture. */ export interface Schema$CompliancePostureConfig { /** * List of enabled compliance standards. */ complianceStandards?: Schema$ComplianceStandard[]; /** * Defines the enablement mode for Compliance Posture. */ mode?: string | null; } export interface Schema$ComplianceStandard { /** * Name of the compliance standard. */ standard?: string | null; } /** * Configuration for Binauthz */ export interface Schema$ConfigManagementBinauthzConfig { /** * Whether binauthz is enabled in this cluster. */ enabled?: boolean | null; } /** * State for Binauthz */ export interface Schema$ConfigManagementBinauthzState { /** * The version of binauthz that is installed. */ version?: Schema$ConfigManagementBinauthzVersion; /** * The state of the binauthz webhook. */ webhook?: string | null; } /** * The version of binauthz. */ export interface Schema$ConfigManagementBinauthzVersion { /** * The version of the binauthz webhook. */ webhookVersion?: string | null; } /** * Configuration for Config Sync */ export interface Schema$ConfigManagementConfigSync { /** * Optional. Configuration for deployment overrides. Applies only to Config Sync deployments with containers that are not a root or namespace reconciler: `reconciler-manager`, `otel-collector`, `resource-group-controller-manager`, `admission-webhook`. To override a root or namespace reconciler, use the rootsync or reposync fields at https://docs.cloud.google.com/kubernetes-engine/config-sync/docs/reference/rootsync-reposync-fields#override-resources instead. */ deploymentOverrides?: Schema$ConfigManagementDeploymentOverride[]; /** * Optional. Enables the installation of Config Sync. If set to true, the Feature will manage Config Sync resources, and apply the other ConfigSync fields if they exist. If set to false, the Feature will ignore all other ConfigSync fields and delete the Config Sync resources. If omitted, ConfigSync is considered enabled if the git or oci field is present. */ enabled?: boolean | null; /** * Optional. Git repo configuration for the cluster. */ git?: Schema$ConfigManagementGitConfig; /** * Optional. The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring and Cloud Monarch when Workload Identity is enabled. The GSA should have the Monitoring Metric Writer (roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA. Deprecated: If Workload Identity Federation for GKE is enabled, Google Cloud Service Account is no longer needed for exporting Config Sync metrics: https://cloud.google.com/kubernetes-engine/enterprise/config-sync/docs/how-to/monitor-config-sync-cloud-monitoring#custom-monitoring. */ metricsGcpServiceAccountEmail?: string | null; /** * Optional. OCI repo configuration for the cluster */ oci?: Schema$ConfigManagementOciConfig; /** * Optional. Set to true to enable the Config Sync admission webhook to prevent drifts. If set to false, disables the Config Sync admission webhook and does not prevent drifts. Defaults to false. See https://docs.cloud.google.com/kubernetes-engine/config-sync/docs/how-to/prevent-config-drift for details. */ preventDrift?: boolean | null; /** * Optional. Specifies whether the Config Sync repo is in `hierarchical` or `unstructured` mode. Defaults to `hierarchical`. See https://docs.cloud.google.com/kubernetes-engine/config-sync/docs/concepts/configs#organize-configs for an explanation. */ sourceFormat?: string | null; /** * Optional. Set to true to stop syncing configs for a single cluster. Default to false. */ stopSyncing?: boolean | null; } /** * The state of ConfigSync's deployment on a cluster */ export interface Schema$ConfigManagementConfigSyncDeploymentState { /** * Deployment state of admission-webhook */ admissionWebhook?: string | null; /** * Deployment state of the git-sync pod */ gitSync?: string | null; /** * Deployment state of the importer pod */ importer?: string | null; /** * Deployment state of the monitor pod */ monitor?: string | null; /** * Deployment state of otel-collector */ otelCollector?: string | null; /** * Deployment state of reconciler-manager pod */ reconcilerManager?: string | null; /** * Deployment state of resource-group-controller-manager */ resourceGroupControllerManager?: string | null; /** * Deployment state of root-reconciler */ rootReconciler?: string | null; /** * Deployment state of the syncer pod */ syncer?: string | null; } /** * Errors pertaining to the installation of Config Sync */ export interface Schema$ConfigManagementConfigSyncError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * State information for ConfigSync */ export interface Schema$ConfigManagementConfigSyncState { /** * Output only. Whether syncing resources to the cluster is stopped at the cluster level. */ clusterLevelStopSyncingState?: string | null; /** * Output only. The number of RootSync and RepoSync CRs in the cluster. */ crCount?: number | null; /** * Output only. Information about the deployment of ConfigSync, including the version of the various Pods deployed */ deploymentState?: Schema$ConfigManagementConfigSyncDeploymentState; /** * Output only. Errors pertaining to the installation of Config Sync. */ errors?: Schema$ConfigManagementConfigSyncError[]; /** * Output only. The state of the Reposync CRD */ reposyncCrd?: string | null; /** * Output only. The state of the RootSync CRD */ rootsyncCrd?: string | null; /** * Output only. The state of CS This field summarizes the other fields in this message. */ state?: string | null; /** * Output only. The state of ConfigSync's process to sync configs to a cluster */ syncState?: Schema$ConfigManagementSyncState; /** * Output only. The version of ConfigSync deployed */ version?: Schema$ConfigManagementConfigSyncVersion; } /** * Specific versioning information pertaining to ConfigSync's Pods */ export interface Schema$ConfigManagementConfigSyncVersion { /** * Version of the deployed admission-webhook pod */ admissionWebhook?: string | null; /** * Version of the deployed git-sync pod */ gitSync?: string | null; /** * Version of the deployed importer pod */ importer?: string | null; /** * Version of the deployed monitor pod */ monitor?: string | null; /** * Version of the deployed otel-collector pod */ otelCollector?: string | null; /** * Version of the deployed reconciler-manager pod */ reconcilerManager?: string | null; /** * Version of the deployed resource-group-controller-manager pod */ resourceGroupControllerManager?: string | null; /** * Version of the deployed reconciler container in root-reconciler pod */ rootReconciler?: string | null; /** * Version of the deployed syncer pod */ syncer?: string | null; } /** * Configuration for a container override. */ export interface Schema$ConfigManagementContainerOverride { /** * Required. The name of the container. */ containerName?: string | null; /** * Optional. The cpu limit of the container. Use the following CPU resource units: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. */ cpuLimit?: string | null; /** * Optional. The cpu request of the container. Use the following CPU resource units: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-cpu. */ cpuRequest?: string | null; /** * Optional. The memory limit of the container. Use the following memory resource units: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory. */ memoryLimit?: string | null; /** * Optional. The memory request of the container. Use the following memory resource units: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory. */ memoryRequest?: string | null; } /** * Configuration for a deployment override. */ export interface Schema$ConfigManagementDeploymentOverride { /** * Optional. The containers of the deployment resource to be overridden. */ containers?: Schema$ConfigManagementContainerOverride[]; /** * Required. The name of the deployment resource to be overridden. */ deploymentName?: string | null; /** * Required. The namespace of the deployment resource to be overridden. */ deploymentNamespace?: string | null; } /** * Model for a config file in the git repo with an associated Sync error */ export interface Schema$ConfigManagementErrorResource { /** * Group/version/kind of the resource that is causing an error */ resourceGvk?: Schema$ConfigManagementGroupVersionKind; /** * Metadata name of the resource that is causing an error */ resourceName?: string | null; /** * Namespace of the resource that is causing an error */ resourceNamespace?: string | null; /** * Path in the git repo of the erroneous config */ sourcePath?: string | null; } /** * State of Policy Controller installation. */ export interface Schema$ConfigManagementGatekeeperDeploymentState { /** * Status of gatekeeper-audit deployment. */ gatekeeperAudit?: string | null; /** * Status of gatekeeper-controller-manager pod. */ gatekeeperControllerManagerState?: string | null; /** * Status of the pod serving the mutation webhook. */ gatekeeperMutation?: string | null; } /** * Git repo configuration for a single cluster. */ export interface Schema$ConfigManagementGitConfig { /** * Optional. The Google Cloud Service Account Email used for auth when secret_type is `gcpserviceaccount`. */ gcpServiceAccountEmail?: string | null; /** * Optional. URL for the HTTPS proxy to be used when communicating with the Git repo. Only specify when secret_type is `cookiefile`, `token`, or `none`. */ httpsProxy?: string | null; /** * Optional. The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository. */ policyDir?: string | null; /** * Required. Type of secret configured for access to the Git repo. Must be one of `ssh`, `cookiefile`, `gcenode`, `token`, `gcpserviceaccount`, `githubapp` or `none`. The validation of this is case-sensitive. */ secretType?: string | null; /** * Optional. The branch of the repository to sync from. Default: master. */ syncBranch?: string | null; /** * Required. The URL of the Git repository to use as the source of truth. */ syncRepo?: string | null; /** * Optional. Git revision (tag or hash) to check out. Default HEAD. */ syncRev?: string | null; /** * Optional. Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * A Kubernetes object's GVK */ export interface Schema$ConfigManagementGroupVersionKind { /** * Kubernetes Group */ group?: string | null; /** * Kubernetes Kind */ kind?: string | null; /** * Kubernetes Version */ version?: string | null; } /** * Configuration for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerConfig { /** * Whether Hierarchy Controller is enabled in this cluster. */ enabled?: boolean | null; /** * Whether hierarchical resource quota is enabled in this cluster. */ enableHierarchicalResourceQuota?: boolean | null; /** * Whether pod tree labels are enabled in this cluster. */ enablePodTreeLabels?: boolean | null; } /** * Deployment state for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerDeploymentState { /** * The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1) */ extension?: string | null; /** * The deployment state for open source HNC (e.g. v0.7.0-hc.0) */ hnc?: string | null; } /** * State for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerState { /** * The deployment state for Hierarchy Controller */ state?: Schema$ConfigManagementHierarchyControllerDeploymentState; /** * The version for Hierarchy Controller */ version?: Schema$ConfigManagementHierarchyControllerVersion; } /** * Version for Hierarchy Controller */ export interface Schema$ConfigManagementHierarchyControllerVersion { /** * Version for Hierarchy Controller extension */ extension?: string | null; /** * Version for open source HNC */ hnc?: string | null; } /** * Errors pertaining to the installation of ACM */ export interface Schema$ConfigManagementInstallError { /** * A string representing the user facing error message */ errorMessage?: string | null; } /** * **Anthos Config Management**: Configuration for a single cluster. Intended to parallel the ConfigManagement CR. */ export interface Schema$ConfigManagementMembershipSpec { /** * Optional. Deprecated: Binauthz configuration will be ignored and should not be set. */ binauthz?: Schema$ConfigManagementBinauthzConfig; /** * Optional. User-specified cluster name used by the Config Sync cluster-name-selector annotation or ClusterSelector object, for applying configs to only a subset of clusters. Read more about the cluster-name-selector annotation and ClusterSelector object at https://docs.cloud.google.com/kubernetes-engine/config-sync/docs/how-to/cluster-scoped-objects#limiting-configs. Only set this field if a name different from the cluster's fleet membership name is used by the Config Sync cluster-name-selector annotation or ClusterSelector. */ cluster?: string | null; /** * Optional. Config Sync configuration for the cluster. */ configSync?: Schema$ConfigManagementConfigSync; /** * Optional. Hierarchy Controller configuration for the cluster. Deprecated: Configuring Hierarchy Controller through the configmanagement feature is no longer recommended. Use https://github.com/kubernetes-sigs/hierarchical-namespaces instead. */ hierarchyController?: Schema$ConfigManagementHierarchyControllerConfig; /** * Optional. Deprecated: From version 1.21.0, automatic Feature management is unavailable, and Config Sync only supports manual upgrades. */ management?: string | null; /** * Optional. Policy Controller configuration for the cluster. Deprecated: Configuring Policy Controller through the configmanagement feature is no longer recommended. Use the policycontroller feature instead. */ policyController?: Schema$ConfigManagementPolicyController; /** * Optional. Version of Config Sync to install. Defaults to the latest supported Config Sync version if the config_sync field is enabled. See supported versions at https://cloud.google.com/kubernetes-engine/config-sync/docs/get-support-config-sync#version_support_policy. */ version?: string | null; } /** * **Anthos Config Management**: State for a single cluster. */ export interface Schema$ConfigManagementMembershipState { /** * Output only. Binauthz status */ binauthzState?: Schema$ConfigManagementBinauthzState; /** * Output only. This field is set to the `cluster_name` field of the Membership Spec if it is not empty. Otherwise, it is set to the cluster's fleet membership name. */ clusterName?: string | null; /** * Output only. Current sync status */ configSyncState?: Schema$ConfigManagementConfigSyncState; /** * Output only. Hierarchy Controller status */ hierarchyControllerState?: Schema$ConfigManagementHierarchyControllerState; /** * Output only. The Kubernetes API server version of the cluster. */ kubernetesApiServerVersion?: string | null; /** * Output only. Membership configuration in the cluster. This represents the actual state in the cluster, while the MembershipSpec in the FeatureSpec represents the intended state */ membershipSpec?: Schema$ConfigManagementMembershipSpec; /** * Output only. Current install status of ACM's Operator */ operatorState?: Schema$ConfigManagementOperatorState; /** * Output only. PolicyController status */ policyControllerState?: Schema$ConfigManagementPolicyControllerState; } /** * OCI repo configuration for a single cluster */ export interface Schema$ConfigManagementOciConfig { /** * Optional. The Google Cloud Service Account Email used for auth when secret_type is `gcpserviceaccount`. */ gcpServiceAccountEmail?: string | null; /** * Optional. The absolute path of the directory that contains the local resources. Default: the root directory of the image. */ policyDir?: string | null; /** * Required. Type of secret configured for access to the OCI repo. Must be one of `gcenode`, `gcpserviceaccount`, `k8sserviceaccount` or `none`. The validation of this is case-sensitive. */ secretType?: string | null; /** * Required. The OCI image repository URL for the package to sync from. e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`. */ syncRepo?: string | null; /** * Optional. Period in seconds between consecutive syncs. Default: 15. */ syncWaitSecs?: string | null; } /** * State information for an ACM's Operator */ export interface Schema$ConfigManagementOperatorState { /** * The state of the Operator's deployment */ deploymentState?: string | null; /** * Install errors. */ errors?: Schema$ConfigManagementInstallError[]; /** * The semenatic version number of the operator */ version?: string | null; } /** * Configuration for Policy Controller */ export interface Schema$ConfigManagementPolicyController { /** * Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. */ auditIntervalSeconds?: string | null; /** * Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect. */ enabled?: boolean | null; /** * The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. */ exemptableNamespaces?: string[] | null; /** * Logs all denies and dry run failures. */ logDeniesEnabled?: boolean | null; /** * Monitoring specifies the configuration of monitoring. */ monitoring?: Schema$ConfigManagementPolicyControllerMonitoring; /** * Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster. */ mutationEnabled?: boolean | null; /** * Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. */ referentialRulesEnabled?: boolean | null; /** * Installs the default template library along with Policy Controller. */ templateLibraryInstalled?: boolean | null; /** * Output only. Last time this membership spec was updated. */ updateTime?: string | null; } /** * State for the migration of PolicyController from ACM -\> PoCo Hub. */ export interface Schema$ConfigManagementPolicyControllerMigration { /** * Last time this membership spec was copied to PoCo feature. */ copyTime?: string | null; /** * Stage of the migration. */ stage?: string | null; } /** * PolicyControllerMonitoring specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"] */ export interface Schema$ConfigManagementPolicyControllerMonitoring { /** * Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. */ backends?: string[] | null; } /** * State for PolicyControllerState. */ export interface Schema$ConfigManagementPolicyControllerState { /** * The state about the policy controller installation. */ deploymentState?: Schema$ConfigManagementGatekeeperDeploymentState; /** * Record state of ACM -\> PoCo Hub migration for this feature. */ migration?: Schema$ConfigManagementPolicyControllerMigration; /** * The version of Gatekeeper Policy Controller deployed. */ version?: Schema$ConfigManagementPolicyControllerVersion; } /** * The build version of Gatekeeper Policy Controller is using. */ export interface Schema$ConfigManagementPolicyControllerVersion { /** * The gatekeeper image tag that is composed of ACM version, git tag, build number. */ version?: string | null; } /** * An ACM created error representing a problem syncing configurations */ export interface Schema$ConfigManagementSyncError { /** * An ACM defined error code */ code?: string | null; /** * A description of the error */ errorMessage?: string | null; /** * A list of config(s) associated with the error, if any */ errorResources?: Schema$ConfigManagementErrorResource[]; } /** * State indicating an ACM's progress syncing configurations to a cluster */ export interface Schema$ConfigManagementSyncState { /** * Sync status code */ code?: string | null; /** * A list of errors resulting from problematic configs. This list will be truncated after 100 errors, although it is unlikely for that many errors to simultaneously exist. */ errors?: Schema$ConfigManagementSyncError[]; /** * Token indicating the state of the importer. */ importToken?: string | null; /** * Deprecated: use last_sync_time instead. Timestamp of when ACM last successfully synced the repo The time format is specified in https://golang.org/pkg/time/#Time.String */ lastSync?: string | null; /** * Timestamp type of when ACM last successfully synced the repo */ lastSyncTime?: string | null; /** * Token indicating the state of the repo. */ sourceToken?: string | null; /** * Token indicating the state of the syncer. */ syncToken?: string | null; } /** * ConnectAgentResource represents a Kubernetes resource manifest for Connect Agent deployment. */ export interface Schema$ConnectAgentResource { /** * YAML manifest of the resource. */ manifest?: string | null; /** * Kubernetes type of the resource. */ type?: Schema$TypeMeta; } /** * **Dataplane V2**: Spec */ export interface Schema$Datapl