googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace networkservices_v1beta1 { export interface Options extends GlobalOptions { version: 'v1beta1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Network Services API * * * * @example * ```js * const {google} = require('googleapis'); * const networkservices = google.networkservices('v1beta1'); * ``` */ export class Networkservices { context: APIRequestContext; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * `AuthzExtension` is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. */ export interface Schema$AuthzExtension { /** * Required. The `:authority` header in the gRPC request sent from Envoy to the extension service. */ authority?: string | null; /** * Output only. The timestamp when the resource was created. */ createTime?: string | null; /** * Optional. A human-readable description of the resource. */ description?: string | null; /** * Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to `TRUE`, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to `FALSE` or the default setting of `FALSE` is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. * If response headers have been delivered, then the HTTP stream to the downstream client is reset. */ failOpen?: boolean | null; /** * Optional. List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. */ forwardHeaders?: string[] | null; /** * Optional. Set of labels associated with the `AuthzExtension` resource. The format must comply with [the requirements for labels](/compute/docs/labeling-resources#requirements) for Google Cloud resources. */ labels?: { [key: string]: string; } | null; /** * Required. All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). */ loadBalancingScheme?: string | null; /** * Optional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. The metadata is available under the namespace `com.google.authz_extension.`. The following variables are supported in the metadata Struct: `{forwarding_rule_id\}` - substituted with the forwarding rule's fully qualified resource name. */ metadata?: { [key: string]: any; } | null; /** * Required. Identifier. Name of the `AuthzExtension` resource in the following format: `projects/{project\}/locations/{location\}/authzExtensions/{authz_extension\}`. */ name?: string | null; /** * Required. The reference to the service that runs the extension. To configure a callout extension, `service` must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: `https://www.googleapis.com/compute/v1/projects/{project\}/regions/{region\}/backendServices/{backendService\}` or `https://www.googleapis.com/compute/v1/projects/{project\}/global/backendServices/{backendService\}`. */ service?: string | null; /** * Required. Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. */ timeout?: string | null; /** * Output only. The timestamp when the resource was updated. */ updateTime?: string | null; /** * Optional. The format of communication supported by the callout extension. This field is supported only for regional `AuthzExtension` resources. If not specified, the default value `EXT_PROC_GRPC` is used. Global `AuthzExtension` resources use the `EXT_PROC_GRPC` wire format. */ wireFormat?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$Empty { } /** * A definition of a matcher that selects endpoints to which the policies should be applied. */ export interface Schema$EndpointMatcher { /** * The matcher is based on node metadata presented by xDS clients. */ metadataLabelMatcher?: Schema$MetadataLabelMatcher; } /** * EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria. For example, this resource can be used to apply "authentication config" an all endpoints that serve on port 8080. */ export interface Schema$EndpointPolicy { /** * Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. */ authorizationPolicy?: string | null; /** * Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. */ clientTlsPolicy?: string | null; /** * Output only. The timestamp when the resource was created. */ createTime?: string | null; /** * Optional. A free-text description of the resource. Max length 1024 characters. */ description?: string | null; /** * Required. A matcher that selects endpoints to which the policies should be applied. */ endpointMatcher?: Schema$EndpointMatcher; /** * Optional. Set of label tags associated with the EndpointPolicy resource. */ labels?: { [key: string]: string; } | null; /** * Identifier. Name of the EndpointPolicy resource. It matches pattern `projects/{project\}/locations/x/endpointPolicies/{endpoint_policy\}`. */ name?: string | null; /** * Optional. A URL referring to a SecurityPolicy resource. SecurityPolicy is used to enforce rate limiting policy on the inbound traffic at the identified backends. If this field is not set, rate limiting is disabled for this endpoint. */ securityPolicy?: string | null; /** * Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. */ serverTlsPolicy?: string | null; /** * Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports. */ trafficPortSelector?: Schema$TrafficPortSelector; /** * Required. The type of endpoint policy. This is primarily used to validate the configuration. */ type?: string | null; /** * Output only. The timestamp when the resource was updated. */ updateTime?: string | null; } /** * A single extension chain wrapper that contains the match conditions and extensions to execute. */ export interface Schema$ExtensionChain { /** * Required. A set of extensions to execute for the matching request. At least one extension is required. Up to 3 extensions can be defined for each extension chain for `LbTrafficExtension` resource. `LbRouteExtension` and `LbEdgeExtension` chains are limited to 1 extension per extension chain. */ extensions?: Schema$ExtensionChainExtension[]; /** * Required. Conditions under which this chain is invoked for a request. */ matchCondition?: Schema$ExtensionChainMatchCondition; /** * Required. The name for this extension chain. The name is logged as part of the HTTP request logs. The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, and can have a maximum length of 63 characters. Additionally, the first character must be a letter and the last a letter or a number. */ name?: string | null; } /** * A single extension in the chain to execute for the matching request. */ export interface Schema$ExtensionChainExtension { /** * Optional. When set to `TRUE`, the response from an extension service is allowed to set the `com.google.envoy.dynamic_forwarding` namespace in the dynamic metadata. This field is not supported for plugin extensions or AuthzExtensions. Setting it results in a validation error. */ allowDynamicForwarding?: boolean | null; /** * Optional. The `:authority` header in the gRPC request sent from Envoy to the extension service. Required for Callout extensions. This field is not supported for plugin extensions. Setting it results in a validation error. */ authority?: string | null; /** * Optional. Determines how the proxy behaves if the call to the extension fails or times out. When set to `TRUE`, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to `FALSE` or the default setting of `FALSE` is used, one of the following happens: * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. * If response headers have been delivered, then the HTTP stream to the downstream client is reset. */ failOpen?: boolean | null; /** * Optional. List of the HTTP headers to forward to the extension (from the client or backend). If omitted, all headers are sent. Each element is a string indicating the header name. */ forwardHeaders?: string[] | null; /** * Optional. The metadata provided here is included as part of the `metadata_context` (of type `google.protobuf.Struct`) in the `ProcessingRequest` message sent to the extension server. For `AuthzExtension` resources, the metadata is available under the namespace `com.google.authz_extension.`. For other types of extensions, the metadata is available under the namespace `com.google....`. For example: `com.google.lb_traffic_extension.lbtrafficextension1.chain1.ext1`. The following variables are supported in the metadata: `{forwarding_rule_id\}` - substituted with the forwarding rule's fully qualified resource name. This field must not be set for plugin extensions. Setting it results in a validation error. You can set metadata at either the resource level or the extension level. The extension level metadata is recommended because you can pass a different set of metadata through each extension to the backend. This field is subject to following limitations: * The total size of the metadata must be less than 1KiB. * The total number of keys in the metadata must be less than 16. * The length of each key must be less than 64 characters. * The length of each value must be less than 1024 characters. * All values must be strings. */ metadata?: { [key: string]: any; } | null; /** * Optional. The name for this extension. The name is logged as part of the HTTP request logs. The name must conform with RFC-1034, is restricted to lower-cased letters, numbers and hyphens, and can have a maximum length of 63 characters. Additionally, the first character must be a letter and the last a letter or a number. This field is required except for AuthzExtension. */ name?: string | null; /** * Optional. When set to `TRUE`, enables `observability_mode` on the `ext_proc` filter. This makes `ext_proc` calls asynchronous. Envoy doesn't check for the response from `ext_proc` calls. For more information about the filter, see: https://www.envoyproxy.io/docs/envoy/v1.32.3/api-v3/extensions/filters/http/ext_proc/v3/ext_proc.proto#extensions-filters-http-ext-proc-v3-externalprocessor This field is helpful when you want to try out the extension in async log-only mode. Supported by regional `LbTrafficExtension` and `LbRouteExtension` resources. Only `STREAMED` (default) body processing mode is supported. */ observabilityMode?: boolean | null; /** * Optional. Configures the send mode for request body processing. The field can only be set if `supported_events` includes `REQUEST_BODY`. If `supported_events` includes `REQUEST_BODY`, but `request_body_send_mode` is unset, the default value `STREAMED` is used. When this field is set to `FULL_DUPLEX_STREAMED`, `supported_events` must include both `REQUEST_BODY` and `REQUEST_TRAILERS`. This field can be set only for `LbTrafficExtension` and `LbRouteExtension` resources, and only when the `service` field of the extension points to a `BackendService`. Only `FULL_DUPLEX_STREAMED` mode is supported for `LbRouteExtension` resources. */ requestBodySendMode?: string | null; /** * Optional. Configures the send mode for response processing. If unspecified, the default value `STREAMED` is used. The field can only be set if `supported_events` includes `RESPONSE_BODY`. If `supported_events` includes `RESPONSE_BODY`, but `response_body_send_mode` is unset, the default value `STREAMED` is used. When this field is set to `FULL_DUPLEX_STREAMED`, `supported_events` must include both `RESPONSE_BODY` and `RESPONSE_TRAILERS`. This field can be set only for `LbTrafficExtension` resources, and only when the `service` field of the extension points to a `BackendService`. */ responseBodySendMode?: string | null; /** * Required. The reference to the service that runs the extension. To configure a callout extension, `service` must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: `https://www.googleapis.com/compute/v1/projects/{project\}/regions/{region\}/backendServices/{backendService\}` or `https://www.googleapis.com/compute/v1/projects/{project\}/global/backendServices/{backendService\}`. To configure a plugin extension, `service` must be a reference to a [`WasmPlugin` resource](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.wasmPlugins) in the format: `projects/{project\}/locations/{location\}/wasmPlugins/{plugin\}` or `//networkservices.googleapis.com/projects/{project\}/locations/{location\}/wasmPlugins/{wasmPlugin\}`. Plugin extensions are currently supported for the `LbTrafficExtension`, the `LbRouteExtension`, and the `LbEdgeExtension` resources. */ service?: string | null; /** * Optional. A set of events during request or response processing for which this extension is called. For the `LbTrafficExtension` resource, this field is required. For the `LbRouteExtension` resource, this field is optional. If unspecified, `REQUEST_HEADERS` event is assumed as supported. For the `LbEdgeExtension` resource, this field is required and must only contain `REQUEST_HEADERS` event. For the `AuthzExtension` resource, this field is optional. `REQUEST_HEADERS` is the only supported event. If unspecified, `REQUEST_HEADERS` event is assumed as supported. */ supportedEvents?: string[] | null; /** * Optional. Specifies the timeout for each individual message on the stream. The timeout must be between `10`-`10000` milliseconds. Required for callout extensions. This field is not supported for plugin extensions. Setting it results in a validation error. */ timeout?: string | null; } /** * Conditions under which this chain is invoked for a request. */ export interface Schema$ExtensionChainMatchCondition { /** * Required. A Common Expression Language (CEL) expression that is used to match requests for which the extension chain is executed. For more information, see [CEL matcher language reference](https://cloud.google.com/service-extensions/docs/cel-matcher-language-reference). */ celExpression?: string | null; } /** * Gateway represents the configuration for a proxy, typically a load balancer. It captures the ip:port over which the services are exposed by the proxy, along with any policy configurations. Routes have reference to to Gateways to dictate how requests should be routed by this Gateway. */ export interface Schema$Gateway { /** * Optional. Zero or one IPv4 or IPv6 address on which the Gateway will receive the traffic. When no address is provided, an IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6. */ addresses?: string[] | null; /** * Optional. A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection. This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'. */ certificateUrls?: string[] | null; /** * Output only. The timestamp when the resource was created. */ createTime?: string | null; /** * Optional. A free-text description of the resource. Max length 1024 characters. */ description?: string | null; /** * Optional. Determines if envoy will insert internal debug headers into upstream requests. Other Envoy headers may still be injected. By default, envoy will not insert any debug headers. */ envoyHeaders?: string | null; /** * Optional. A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections. For example: `projects/x/locations/x/gatewaySecurityPolicies/swg-policy`. This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ gatewaySecurityPolicy?: string | null; /** * Optional. The IP Version that will be used by this gateway. Valid options are IPV4 or IPV6. Default is IPV4. */ ipVersion?: string | null; /** * Optional. Set of label tags associated with the Gateway resource. */ labels?: { [key: string]: string; } | null; /** * Identifier. Name of the Gateway resource. It matches pattern `projects/x/locations/x/gateways/`. */ name?: string | null; /** * Optional. The relative resource name identifying the VPC network that is using this configuration. For example: `projects/x/global/networks/network-1`. Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'. */ network?: string | null; /** * Required. One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 5 ports. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports. */ ports?: number[] | null; /** * Optional. The routing mode of the Gateway. This field is configurable only for gateways of type SECURE_WEB_GATEWAY. This field is required for gateways of type SECURE_WEB_GATEWAY. */ routingMode?: string | null; /** * Optional. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single configuration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens. */ scope?: string | null; /** * Output only. Server-defined URL of this resource */ selfLink?: string | null; /** * Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. */ serverTlsPolicy?: string | null; /** * Optional. The relative resource name identifying the subnetwork in which this SWG is allocated. For example: `projects/x/regions/us-central1/subnetworks/network-1` Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY". */ subnetwork?: string | null; /** * Immutable. The type of the customer managed gateway. This field is required. If unspecified, an error is returned. */ type?: string | null; /** * Output only. The timestamp when the resource was updated. */ updateTime?: string | null; } /** * GatewayRouteView defines view-only resource for Routes to a Gateway */ export interface Schema$GatewayRouteView { /** * Output only. Identifier. Full path name of the GatewayRouteView resource. Format: projects/{project_number\}/locations/{location\}/gateways/{gateway\}/routeViews/{route_view\} */ name?: string | null; /** * Output only. The resource id for the route. */ routeId?: string | null; /** * Output only. Location where the route exists. */ routeLocation?: string | null; /** * Output only. Project number where the route exists. */ routeProjectNumber?: string | null; /** * Output only. Type of the route: HttpRoute,GrpcRoute,TcpRoute, or TlsRoute */ routeType?: string | null; } /** * GrpcRoute is the resource defining how gRPC traffic routed by a Mesh or Gateway resource is routed. */ export interface Schema$GrpcRoute { /** * Output only. The timestamp when the resource was created. */ createTime?: string | null; /** * Optional. A free-text description of the resource. Max length 1024 characters. */ description?: string | null; /** * Optional. Gateways defines a list of gateways this GrpcRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/x/locations/x/gateways/` */ gateways?: string[] | null; /** * Required. Service hostnames with an optional port for which this route describes traffic. Format: [:] Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.example.com`) or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. The routes associated with a Mesh or Gateway must have unique hostnames. If you attempt to attach multiple routes with conflicting hostnames, the configuration will be rejected. For example, while it is acceptable for routes for the hostnames `*.foo.bar.com` and `*.bar.com` to be associated with the same route, it is not possible to associate two routes both with `*.bar.com` or both with `bar.com`. If a port is specified, then gRPC clients must use the channel URI with the port to match this rule (i.e. "xds:///service:123"), otherwise they must supply the URI without a port (i.e. "xds:///service"). */ hostnames?: string[] | null; /** * Optional. Set of label tags associated with the GrpcRoute resource. */ labels?: { [key: string]: string; } | null; /** * Optional. Meshes defines a list of meshes this GrpcRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/x/locations/x/meshes/` */ meshes?: string[] | null; /** * Identifier. Name of the GrpcRoute resource. It matches pattern `projects/x/locations/x/grpcRoutes/` */ name?: string | null; /** * Required. A list of detailed rules defining how to route traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated with the first matching GrpcRoute.RouteRule will be executed. At least one rule must be supplied. */ rules?: Schema$GrpcRouteRouteRule[]; /** * Output only. Server-defined URL of this resource */ selfLink?: string | null; /** * Output only. The timestamp when the resource was updated. */ updateTime?: string | null; } /** * The destination to which traffic will be routed. */ export interface Schema$GrpcRouteDestination { /** * Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. */ serviceName?: string | null; /** * Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: - weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them. */ weight?: number | null; } /** * The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests. */ export interface Schema$GrpcRouteFaultInjectionPolicy { /** * The specification for aborting to client requests. */ abort?: Schema$GrpcRouteFaultInjectionPolicyAbort; /** * The specification for injecting delay to client requests. */ delay?: Schema$GrpcRouteFaultInjectionPolicyDelay; } /** * Specification of how client requests are aborted as part of fault injection before being sent to a destination. */ export interface Schema$GrpcRouteFaultInjectionPolicyAbort { /** * The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. */ httpStatus?: number | null; /** * The percentage of traffic which will be aborted. The value must be between [0, 100] */ percentage?: number | null; } /** * Specification of how client requests are delayed as part of fault injection before being sent to a destination. */ export interface Schema$GrpcRouteFaultInjectionPolicyDelay { /** * Specify a fixed delay before forwarding the request. */ fixedDelay?: string | null; /** * The percentage of traffic on which delay will be injected. The value must be between [0, 100] */ percentage?: number | null; } /** * A match against a collection of headers. */ export interface Schema$GrpcRouteHeaderMatch { /** * Required. The key of the header. */ key?: string | null; /** * Optional. Specifies how to match against the value of the header. If not specified, a default value of EXACT is used. */ type?: string | null; /** * Required. The value of the header. */ value?: string | null; } /** * Specifies a match against a method. */ export interface Schema$GrpcRouteMethodMatch { /** * Optional. Specifies that matches are case sensitive. The default value is true. case_sensitive must not be used with a type of REGULAR_EXPRESSION. */ caseSensitive?: boolean | null; /** * Required. Name of the method to match against. If unspecified, will match all methods. */ grpcMethod?: string | null; /** * Required. Name of the service to match against. If unspecified, will match all services. */ grpcService?: string | null; /** * Optional. Specifies how to match against the name. If not specified, a default value of "EXACT" is used. */ type?: string | null; } /** * The specifications for retries. Specifies one or more conditions for which this retry rule applies. Valid values are: */ export interface Schema$GrpcRouteRetryPolicy { /** * Specifies the allowed number of retries. This number must be \> 0. If not specified, default to 1. */ numRetries?: number | null; /** * - connect-failure: Router will retry on failures connecting to Backend Services, for example due to connection timeouts. - refused-stream: Router will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: Router will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Router will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Router will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Router will retry if the gRPC status code in the response header is set to unavailable */ retryConditions?: string[] | null; } /** * Specifies how to route matched traffic. */ export interface Schema$GrpcRouteRouteAction { /** * Optional. The destination services to which traffic should be forwarded. If multiple destinations are specified, traffic will be split between Backend Service(s) according to the weight field of these destinations. */ destinations?: Schema$GrpcRouteDestination[]; /** * Optional. The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy */ faultInjectionPolicy?: Schema$GrpcRouteFaultInjectionPolicy; /** * Optional. Specifies the idle timeout for the selected route. The idle timeout is defined as the period in which there are no bytes sent or received on either the upstream or downstream connection. If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. */ idleTimeout?: string | null; /** * Optional. Specifies the retry policy associated with this route. */ retryPolicy?: Schema$GrpcRouteRetryPolicy; /** * Optional. Specifies cookie-based stateful session affinity. */ statefulSessionAffinity?: Schema$GrpcRouteStatefulSessionAffinityPolicy; /** * Optional. Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries. */ timeout?: string | null; } /** * Criteria for matching traffic. A RouteMatch will be considered to match when all supplied fields match. */ export interface Schema$GrpcRouteRouteMatch { /** * Optional. Specifies a collection of headers to match. */ headers?: Schema$GrpcRouteHeaderMatch[]; /** * Optional. A gRPC method to match against. If this field is empty or omitted, will match all methods. */ method?: Schema$GrpcRouteMethodMatch; } /** * Describes how to route traffic. */ export interface Schema$GrpcRouteRouteRule { /** * Required. A detailed rule defining how to route traffic. This field is required. */ action?: Schema$GrpcRouteRouteAction; /** * Optional. Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. If no matches field is specified, this rule will unconditionally match traffic. */ matches?: Schema$GrpcRouteRouteMatch[]; } /** * The specification for cookie-based stateful session affinity where the date plane supplies a “session cookie” with the name "GSSA" which encodes a specific destination host and each request containing that cookie will be directed to that host as long as the destination host remains up and healthy. The gRPC proxyless mesh library or sidecar proxy will manage the session cookie but the client application code is responsible for copying the cookie from each RPC in the session to the next. */ export interface Schema$GrpcRouteStatefulSessionAffinityPolicy { /** * Required. The cookie TTL value for the Set-Cookie header generated by the data plane. The lifetime of the cookie may be set to a value from 0 to 86400 seconds (24 hours) inclusive. Set this to 0s to use a session cookie and disable cookie expiration. */ cookieTtl?: string | null; } /** * HttpRoute is the resource defining how HTTP traffic should be routed by a Mesh or Gateway resource. */ export interface Schema$HttpRoute { /** * Output only. The timestamp when the resource was created. */ createTime?: string | null; /** * Optional. A free-text description of the resource. Max length 1024 characters. */ description?: string | null; /** * Optional. Gateways defines a list of gateways this HttpRoute is attached to, as one of the routing rules to route the requests served by the gateway. Each gateway reference should match the pattern: `projects/x/locations/x/gateways/` */ gateways?: string[] | null; /** * Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. Hostname can be "precise" which is a domain name without the terminating dot of a network host (e.g. `foo.example.com`) or "wildcard", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. The routes associated with a Mesh or Gateways must have unique hostnames. If you attempt to attach multiple routes with conflicting hostnames, the configuration will be rejected. For example, while it is acceptable for routes for the hostnames `*.foo.bar.com` and `*.bar.com` to be associated with the same Mesh (or Gateways under the same scope), it is not possible to associate two routes both with `*.bar.com` or both with `bar.com`. */ hostnames?: string[] | null; /** * Optional. Set of label tags associated with the HttpRoute resource. */ labels?: { [key: string]: string; } | null; /** * Optional. Meshes defines a list of meshes this HttpRoute is attached to, as one of the routing rules to route the requests served by the mesh. Each mesh reference should match the pattern: `projects/x/locations/x/meshes/` The attached Mesh should be of a type SIDECAR */ meshes?: string[] | null; /** * Identifier. Name of the HttpRoute resource. It matches pattern `projects/x/locations/x/httpRoutes/http_route_name\>`. */ name?: string | null; /** * Required. Rules that define how traffic is routed and handled. Rules will be matched sequentially based on the RouteMatch specified for the rule. */ rules?: Schema$HttpRouteRouteRule[]; /** * Output only. Server-defined URL of this resource */ selfLink?: string | null; /** * Output only. The timestamp when the resource was updated. */ updateTime?: string | null; } /** * The Specification for allowing client side cross-origin requests. */ export interface Schema$HttpRouteCorsPolicy { /** * In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false. */ allowCredentials?: boolean | null; /** * Specifies the content for Access-Control-Allow-Headers header. */ allowHeaders?: string[] | null; /** * Specifies the content for Access-Control-Allow-Methods header. */ allowMethods?: string[] | null; /** * Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax. */ allowOriginRegexes?: string[] | null; /** * Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes. */ allowOrigins?: string[] | null; /** * If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. */ disabled?: boolean | null; /** * Specifies the content for Access-Control-Expose-Headers header. */ exposeHeaders?: string[] | null; /** * Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header. */ maxAge?: string | null; } /** * Specifications of a destination to which the request should be routed to. */ export interface Schema$HttpRouteDestination { /** * Optional. The specification for modifying the headers of a matching request prior to delivery of the request to the destination. If HeaderModifiers are set on both the Destination and the RouteAction, they will be merged. Conflicts between the two will not be resolved on the configuration. */ requestHeaderModifier?: Schema$HttpRouteHeaderModifier; /** * Optional. The specification for modifying the headers of a response prior to sending the response back to the client. If HeaderModifiers are set on both the Destination and the RouteAction, they will be merged. Conflicts between the two will not be resolved on the configuration. */ responseHeaderModifier?: Schema$HttpRouteHeaderModifier; /** * The URL of a BackendService to route traffic to. */ serviceName?: string | null; /** * Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: - weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them. */ weight?: number | null; } /** * The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced by client proxy on a percentage of requests before sending those requests to the destination service. Similarly requests can be aborted by client proxy for a percentage of requests. */ export interface Schema$HttpRouteFaultInjectionPolicy { /** * The specification for aborting to client requests. */ abort?: Schema$HttpRouteFaultInjectionPolicyAbort; /** * The specification for injecting delay to client requests. */ delay?: Schema$HttpRouteFaultInjectionPolicyDelay; } /** * Specification of how client requests are aborted as part of fault injection before being sent to a destination. */ export interface Schema$HttpRouteFaultInjectionPolicyAbort { /** * The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive. */ httpStatus?: number | null; /** * The percentage of traffic which will be aborted. The value must be between [0, 100] */ percentage?: number | null; } /** * Specification of how client requests are delayed as part of fault injection before being sent to a destination. */ export interface Schema$HttpRouteFaultInjectionPolicyDelay { /** * Specify a fixed delay before forwarding the request. */ fixedDelay?: string | null; /** * The percentage of traffic on which delay will be injected. The value must be between [0, 100] */ percentage?: number | null; } /** * Specifies how to select a route rule based on HTTP request headers. */ export interface Schema$HttpRouteHeaderMatch { /** * The value of the header should match exactly the content of exact_match. */ exactMatch?: string | null; /** * The name of the HTTP header to match against. */ header?: string | null; /** * If specified, the match result will be inverted before checking. Default value is set to false. */ invertMatch?: boolean | null; /** * The value of the header must start with the contents of prefix_match. */ prefixMatch?: string | null; /** * A header with header_name must exist. The match takes place whether or not the header has a value. */ presentMatch?: boolean | null; /** * If specified, the rule will match if the request header value is within the range. */ rangeMatch?: Schema$HttpRouteHeaderMatchIntegerRange; /** * The value of the header must match the regular expression specified in regex_match. For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax */ regexMatch?: string | null; /** * The value of the header must end with the contents of suffix_match. */ suffixMatch?: string | null; } /** * Represents an integer value range. */ export interface Schema$HttpRouteHeaderMatchIntegerRange { /** * End of the range (exclusive) */ end?: number | null; /** * Start of the range (inclusive) */ start?: number | null; } /** * The specification for modifying HTTP header in HTTP request and HTTP response. */ export interface Schema$HttpRouteHeaderModifier { /** * Add the headers with given map where key is the name of the header, value is the value of the header. */ add?: { [key: string]: string; } | null; /** * Remove headers (matching by header names) specified in the list. */ remove?: string[] | null; /** * Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header. */ set?: { [key: string]: string; } | null; } /** * Static HTTP response object to be returned. */ export interface Schema$HttpRouteHttpDirectResponse { /** * Optional. Response body as bytes. Maximum body size is 4096B. */ bytesBody?: string | null; /** * Required. Status to return as part of HTTP Response. Must be a positive integer. */ status?: number | null; /** * Optional. Response body as a string. Maximum body length is 1024 characters. */ stringBody?: string | null; }