From 9d60ee10b8963ab7badb5145ec0b8850704e5e71 Mon Sep 17 00:00:00 2001 From: Debjani Banerjee Date: Wed, 15 Mar 2023 20:11:05 +0000 Subject: [PATCH] split remaining api.yaml (#7407) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adding AuthorizedOrgsDesc to AccessContextManager (#7178) Allow project field in Firebase apps datasource (#7300) * Allow project field in Firebase apps datasource * Add tf_test to the display name * update to capitalized dependencies Rename compute_(region)_per_instance_config test files to .erb files … (#7409) * Rename compute_(region)_per_instance_config test files to .erb files since the resources have fields in beta. * Omit stateful_ip tests for GA Bootstrap network cleanup (#7367) * Update bootstrapped networks for alloydb * Update bootstrapped networks for redis * Update bootstrapped networks for vertexai * Update comment for BootstrapSharedTestNetwork to be more clear Fix override directory concat (#7413) Bootstrap required permissions for composer environment tests (#7391) * Bootstrap the required permissions * Make BootstrapAllPSARoles actually work Also adds some helper functions for debugging what the bootstrap function does. It will now log the roles that were missing in the policy. * Add missing return, fix nits * Fix typo in service agent name * Account for newly exported test functions Add maintenance_interval field to Instance Template and Instance scheduling. (#7365) * Move testing to handwritten * Move testing to handwritten * Fix lint * Fix typo * Add remove step and update documentation * Add remove step and update documentation * Fix comparing string to nil * Add field to handwritten defs * rebase on main & resolve conflicts * Fix doc formatting * Add maintenance interval to Instance resource * Add maintenance interval to Instance resource * Add maintenance interval to Instance resource * Change function names to valid * Fix type mismatch * Fix type mismatch * Fix function name Fix naming of resource policies in tests to be sweepable (#7412) Skip TestAccWorkstationsWorkstationConfig_workstationConfigEncryptionKeyExample (#7415) Add support for Apigee Sharedflow (#7202) * added sharedflows mmv1 with error * fix indentation issue for sharedflow * add semi auto generated resourceApigeeSharedFlow * remove sharedflow mmv1 and add sharedflow manual provider * adding files for debugging review, test have issue * adding files for debugging review, test have issue * update test, doc, provider for apigee * Update api.yaml remove empty new line * Update api.yaml * Rename resource_apigee_shared_flow_generated_test.go to resource_apigee_shared_flow_test.go * Update resource_apigee_shared_flow.go update import regex, change debug messages to log.Printf * Update mmv1/third_party/terraform/utils/provider.go.erb Co-authored-by: megan07 * update PR to address comments * update test * fix sharedflow attribute update issue, add sharedflow deployment * Update apigee_shared_flow_deployment.html.markdown minor doc fix * Update mmv1/third_party/terraform/utils/provider.go.erb Co-authored-by: megan07 * Update mmv1/third_party/terraform/website/docs/r/apigee_shared_flow.html.markdown Co-authored-by: megan07 * Update resource_apigee_shared_flow_test.go remove commented out (unused) line of code * Delete api.yaml remove api.yaml as it is not needed for handwritten resource. Current repo structure no longer uses aggregated api.yaml * Rename apigee_shared_flow.html.markdown to apigee_sharedflow.html.markdown * Rename apigee_shared_flow_deployment.html.markdown to apigee_sharedflow_deployment.html.markdown * Rename resource_apigee_shared_flow.go to resource_apigee_sharedflow.go * Rename resource_apigee_shared_flow_deployment_test.go to resource_apigee_sharedflow_deployment_test.go * Rename resource_apigee_shared_flow_test.go to resource_apigee_sharedflow_test.go * Rename resource_apigee_shared_flow_sweeper_test.go to resource_apigee_sharedflow_sweeper_test.go * Update resource_apigee_sharedflow.go remove comment lines * Update mmv1/third_party/terraform/resources/resource_apigee_sharedflow.go Co-authored-by: megan07 * Update resource_apigee_sharedflow_deployment_test.go remove unused debugging log * update function name to capitalize * Update resource_apigee_sharedflow_deployment_test.go remove fmt.print * add flowhook * move flowhook doc * Update mmv1/third_party/terraform/tests/resource_apigee_flowhook_test.go Co-authored-by: megan07 * Update mmv1/third_party/terraform/website/docs/r/apigee_flowhook.html.markdown Co-authored-by: megan07 * Update mmv1/third_party/terraform/website/docs/r/apigee_flowhook.html.markdown Co-authored-by: megan07 * Update mmv1/third_party/terraform/tests/resource_apigee_flowhook_test.go Co-authored-by: megan07 * Update resource_apigee_flowhook_test.go remove fmt.print * update some resource attribute properties * Update apigee_flowhook.html.markdown updated `description` and `continue_on_error` as optional * update referenced function naming case --------- Co-authored-by: Ray Xu Co-authored-by: megan07 add tests (#7357) Co-authored-by: Edward Sun run gofmt + fix capitalization errors from previous PRs (#7420) switch ci secrets to use secret manager (#7408) Update field descriptions (#7402) HA VPN over Cloud Interconnect has launched in GA We should still probably add a sample or two showing how to use it. Document PRODUCT_BASE_PATH override for DCL resource IAM (#7418) yaqs/1723187608399380480 Add support for accelerators to google_datafusion_instance (#6851) Added support to the field for Data Fusion, updated corresponding generated and handwritten tests, and added a custom diffsuppressfunc. Currently suggests a manual fix to a potential diff issue, will be able to update down line based on feedback from API team. Fix alloydb_cluster permadiff (#7421) Fix dns_managed_zone tests using unverified domain (#7422) Add SKIP_PROJECT_SWEEPER env variable for skipping the project sweeper (#7432) Remove percent sign when parsing metadata name (#7417) * Remove percent sign when parsing metadata name * Remove percent sign when parsing metadata name Merge branch 'GoogleCloudPlatform:main' into feature/iam_policy Add ignore read on reserved ip ranges (#7429) Fix serviceusage links, clean up service resource stub (#7435) Remove use of `make generate` from TPG/TPGB-specific step in CI (#7379) Updating default accelerator.state field behavior in Data Fusion Instance (#7434) Making suggested default behavior functionality updates in previous accelerators PR. Modify resource attribute 'input' to 'immutable' (#7431) * Modify resource attribute 'input' to 'immutable' Remove noisy logging of project sweeper being skipped (#7439) Fix PubSub-to-BigQuery push configuration example (#7410) Rework + reflow provider reference, touch up index (#7437) Fix eventarc tests to use dedicated bootstrapped keys (#7440) Update docs for changing attribute `input` to `immutable` (#7442) Feat name constraints (#7400) Remove game_service_cluster_basic test (#7443) send friendly_name (#7433) * send friendly_name * fixed validator failures * update * fix validator errors --------- Co-authored-by: Edward Sun Fix headline of google_iam_workload_identity_pool (#7449) Move IAM bootstrap to its own file, improve error messages (#7424) * Move IAM bootstrap to its own file, improve errors Also bootstrap roles/cloudbuild.builds.builder for cloudbuild service agent. * Re-add BootstrapConfig (accidentally deleted) * Fix wrong variable name * Bootstrap the role previously hardcoded for pubsub * Move error message back into bootstrap function This will dedup the code that calls this function. It now returns a boolean and sends the more useful error through t.Error. * Bootstrap the permissions for pubsub service agent * Bootstrap the role in the correct test * Fix formatting Changing name field on google_compute_disk for TestAccComputeInstanceTemplate_sourceSnapshotEncryptionKey to include randomly generated string (#7392) * Changed name within google_compute_disk on line 3162 to inclue and randomly generated string * Cleaned up arguments being passed in to be more inline with other tests * Updated based on addtional PR comments * Fixed swapping of values within new context If not specified, a default Workstations service agent SA is returned (#7428) * If not specified, a default service agent SA is returned * Revert "Skip TestAccWorkstationsWorkstationConfig_workstationConfigEncryptionKeyExample" This reverts commit 097bdbef337f4df402e81b4583994a779f63063d. * remove `rotation_period` update BigqueryDatapolicy to ga (#6797) fix managed.dnsAuthorizations: (#7445) Co-authored-by: Edward Sun google_compute_security_policy: force send enforce_on_key so it can be unset on (#7454) Make `hostname` and `matcher` fields immutable (#7448) Add note on requiredness (#7453) Update BootstrapProject to support use across multiple projects/environments (#7369) * Update BootstrapProject to support use across multiple projects/environments * Fix typo * Fix arguments for getTestProjectFromEnv * Fix project naming strategy for BootstrapProject to produce valid names in all envs * Fix typo * Fix function name after rebase Update resource names in acceptance test to use `tf-test-` prefix (#7450) fix datastream_stream dataset id import (#7451) Merge branch 'GoogleCloudPlatform:main' into feature/iam_policy Removing api.yaml and replacing with per product configs Merge branch 'feature/iam_policy' of https://github.com/dbjnbnrj/magic-modules into feature/iam_policy --- .../downstream-builder/generate_downstream.sh | 4 - .ci/gcb-generate-diffs.yml | 39 +- .ci/gcb-push-downstream.yml | 7 +- docs/content/docs/how-to/add-mmv1-iam.md | 6 +- docs/content/docs/how-to/add-mmv1-resource.md | 4 +- mmv1/api/resource.rb | 4 +- mmv1/api/type.rb | 4 +- mmv1/compiler.rb | 34 +- .../accessapproval/FolderSettings.yaml | 2 +- .../accessapproval/OrganizationSettings.yaml | 2 +- .../accessapproval/ProjectSettings.yaml | 2 +- .../accesscontextmanager/AccessLevel.yaml | 4 +- .../AccessLevelCondition.yaml | 4 +- .../accesscontextmanager/AccessLevels.yaml | 4 +- .../accesscontextmanager/AccessPolicy.yaml | 2 +- .../AuthorizedOrgsDesc.yaml | 127 + .../GcpUserAccessBinding.yaml | 4 +- .../ServicePerimeter.yaml | 6 +- .../ServicePerimeterResource.yaml | 6 +- .../ServicePerimeters.yaml | 6 +- mmv1/products/activedirectory/Domain.yaml | 6 +- .../products/activedirectory/DomainTrust.yaml | 10 +- mmv1/products/activedirectory/Peering.yaml | 6 +- mmv1/products/alloydb/Backup.yaml | 8 +- mmv1/products/alloydb/Cluster.yaml | 8 +- mmv1/products/alloydb/Instance.yaml | 6 +- mmv1/products/alloydb/terraform.yaml | 9 +- mmv1/products/apigateway/ApiConfig.yaml | 26 +- mmv1/products/apigateway/ApiResource.yaml | 4 +- mmv1/products/apigateway/Gateway.yaml | 4 +- mmv1/products/apigee/AddonsConfig.yaml | 2 +- mmv1/products/apigee/EndpointAttachment.yaml | 6 +- mmv1/products/apigee/EnvKeystore.yaml | 6 +- mmv1/products/apigee/EnvReferences.yaml | 12 +- mmv1/products/apigee/Envgroup.yaml | 4 +- mmv1/products/apigee/EnvgroupAttachment.yaml | 2 +- mmv1/products/apigee/Environment.yaml | 12 +- mmv1/products/apigee/Instance.yaml | 6 +- mmv1/products/apigee/InstanceAttachment.yaml | 2 +- mmv1/products/apigee/NatAddress.yaml | 2 +- mmv1/products/apigee/Organization.yaml | 10 +- mmv1/products/apigee/SyncAuthorization.yaml | 2 +- mmv1/products/appengine/DomainMapping.yaml | 2 +- .../appengine/FlexibleAppVersion.yaml | 2 +- .../appengine/StandardAppVersion.yaml | 2 +- .../products/artifactregistry/Repository.yaml | 34 +- mmv1/products/beyondcorp/AppConnection.yaml | 6 +- mmv1/products/beyondcorp/AppConnector.yaml | 4 +- mmv1/products/beyondcorp/AppGateway.yaml | 6 +- mmv1/products/bigquery/Dataset.yaml | 6 +- mmv1/products/bigquery/DatasetAccess.yaml | 2 +- mmv1/products/bigquery/Job.yaml | 2 +- mmv1/products/bigquery/Routine.yaml | 8 +- mmv1/products/bigquery/terraform.yaml | 4 +- .../bigqueryanalyticshub/DataExchange.yaml | 4 +- .../bigqueryanalyticshub/Listing.yaml | 6 +- .../bigqueryconnection/Connection.yaml | 4 +- .../bigquerydatapolicy/DataPolicy.yaml | 11 +- mmv1/products/bigquerydatapolicy/product.yaml | 3 + .../bigquerydatapolicy/terraform.yaml | 3 +- .../products/bigquerydatatransfer/Config.yaml | 6 +- .../CapacityCommitment.yaml | 8 +- .../bigqueryreservation/Reservation.yaml | 4 +- mmv1/products/bigtable/AppProfile.yaml | 4 +- mmv1/products/billingbudget/Budget.yaml | 2 +- .../binaryauthorization/Attestor.yaml | 4 +- .../certificatemanager/Certificate.yaml | 191 + .../certificatemanager/CertificateMap.yaml | 106 + .../CertificateMapEntry.yaml | 116 + .../certificatemanager/DnsAuthorization.yaml | 88 + mmv1/products/certificatemanager/api.yaml | 475 - mmv1/products/certificatemanager/product.yaml | 28 + .../certificatemanager/terraform.yaml | 9 +- mmv1/products/cloudasset/FolderFeed.yaml | 137 + .../products/cloudasset/OrganizationFeed.yaml | 132 + mmv1/products/cloudasset/ProjectFeed.yaml | 123 + mmv1/products/cloudasset/api.yaml | 378 - mmv1/products/cloudasset/product.yaml | 25 + .../cloudbuild/BitbucketServerConfig.yaml | 137 + mmv1/products/cloudbuild/Trigger.yaml | 1082 + mmv1/products/cloudbuild/api.yaml | 1222 - mmv1/products/cloudbuild/product.yaml | 29 + mmv1/products/cloudbuildv2/Connection.yaml | 28 + .../cloudbuildv2/{api.yaml => product.yaml} | 16 - .../cloudfunctions/CloudFunction.yaml | 188 + mmv1/products/cloudfunctions/api.yaml | 201 - mmv1/products/cloudfunctions/product.yaml | 26 + mmv1/products/cloudfunctions2/Function.yaml | 393 + mmv1/products/cloudfunctions2/api.yaml | 409 - mmv1/products/cloudfunctions2/product.yaml | 29 + mmv1/products/cloudfunctions2/terraform.yaml | 10 +- mmv1/products/cloudidentity/Group.yaml | 145 + .../cloudidentity/GroupMembership.yaml | 147 + mmv1/products/cloudidentity/api.yaml | 295 - mmv1/products/cloudidentity/product.yaml | 29 + mmv1/products/cloudids/Endpoint.yaml | 89 + mmv1/products/cloudids/api.yaml | 119 - mmv1/products/cloudids/product.yaml | 43 + mmv1/products/cloudiot/Device.yaml | 225 + mmv1/products/cloudiot/DeviceRegistry.yaml | 189 + mmv1/products/cloudiot/api.yaml | 411 - mmv1/products/cloudiot/product.yaml | 23 + mmv1/products/cloudrun/DomainMapping.yaml | 207 + mmv1/products/cloudrun/Service.yaml | 836 + mmv1/products/cloudrun/api.yaml | 1047 - mmv1/products/cloudrun/product.yaml | 27 + mmv1/products/cloudrunv2/Job.yaml | 652 + mmv1/products/cloudrunv2/Service.yaml | 739 + mmv1/products/cloudrunv2/api.yaml | 1392 -- mmv1/products/cloudrunv2/product.yaml | 27 + mmv1/products/cloudscheduler/Job.yaml | 334 + mmv1/products/cloudscheduler/api.yaml | 347 - mmv1/products/cloudscheduler/product.yaml | 26 + mmv1/products/cloudtasks/Queue.yaml | 180 + mmv1/products/cloudtasks/api.yaml | 193 - mmv1/products/cloudtasks/product.yaml | 26 + mmv1/products/compute/Address.yaml | 189 + mmv1/products/compute/Autoscaler.yaml | 384 + mmv1/products/compute/BackendBucket.yaml | 208 + .../compute/BackendBucketSignedUrlKey.yaml | 78 + mmv1/products/compute/BackendService.yaml | 1151 + .../compute/BackendServiceSignedUrlKey.yaml | 78 + mmv1/products/compute/Disk.yaml | 367 + .../compute/DiskResourcePolicyAttachment.yaml | 72 + mmv1/products/compute/DiskType.yaml | 108 + mmv1/products/compute/ExternalVpnGateway.yaml | 90 + mmv1/products/compute/Firewall.yaml | 299 + mmv1/products/compute/ForwardingRule.yaml | 323 + mmv1/products/compute/GlobalAddress.yaml | 147 + .../compute/GlobalForwardingRule.yaml | 256 + .../compute/GlobalNetworkEndpoint.yaml | 84 + .../compute/GlobalNetworkEndpointGroup.yaml | 83 + mmv1/products/compute/HealthCheck.yaml | 787 + mmv1/products/compute/HttpHealthCheck.yaml | 110 + mmv1/products/compute/HttpsHealthCheck.yaml | 109 + mmv1/products/compute/Image.yaml | 334 + mmv1/products/compute/Instance.yaml | 591 + mmv1/products/compute/InstanceGroup.yaml | 127 + .../compute/InstanceGroupManager.yaml | 212 + .../compute/InstanceGroupNamedPort.yaml | 85 + mmv1/products/compute/InstanceTemplate.yaml | 523 + .../compute/InterconnectAttachment.yaml | 279 + mmv1/products/compute/License.yaml | 37 + mmv1/products/compute/MachineImage.yaml | 101 + mmv1/products/compute/MachineType.yaml | 121 + .../compute/ManagedSslCertificate.yaml | 107 + mmv1/products/compute/Network.yaml | 181 + mmv1/products/compute/NetworkEndpoint.yaml | 98 + .../compute/NetworkEndpointGroup.yaml | 126 + .../compute/NetworkPeeringRoutesConfig.yaml | 80 + mmv1/products/compute/NodeGroup.yaml | 165 + mmv1/products/compute/NodeTemplate.yaml | 139 + .../compute/OrganizationSecurityPolicy.yaml | 67 + ...OrganizationSecurityPolicyAssociation.yaml | 53 + .../OrganizationSecurityPolicyRule.yaml | 160 + mmv1/products/compute/PacketMirroring.yaml | 175 + mmv1/products/compute/PerInstanceConfig.yaml | 182 + mmv1/products/compute/ProjectInfo.yaml | 75 + mmv1/products/compute/Region.yaml | 118 + mmv1/products/compute/RegionAutoscaler.yaml | 385 + .../compute/RegionBackendService.yaml | 1128 + mmv1/products/compute/RegionDisk.yaml | 277 + .../RegionDiskResourcePolicyAttachment.yaml | 72 + mmv1/products/compute/RegionDiskType.yaml | 101 + mmv1/products/compute/RegionHealthCheck.yaml | 793 + .../compute/RegionInstanceGroupManager.yaml | 219 + .../compute/RegionNetworkEndpointGroup.yaml | 248 + .../compute/RegionPerInstanceConfig.yaml | 184 + .../compute/RegionSslCertificate.yaml | 93 + mmv1/products/compute/RegionSslPolicy.yaml | 135 + .../compute/RegionTargetHttpProxy.yaml | 86 + .../compute/RegionTargetHttpsProxy.yaml | 135 + .../compute/RegionTargetTcpProxy.yaml | 101 + mmv1/products/compute/RegionUrlMap.yaml | 1899 ++ mmv1/products/compute/Reservation.yaml | 222 + mmv1/products/compute/ResourcePolicy.yaml | 297 + mmv1/products/compute/Route.yaml | 205 + mmv1/products/compute/Router.yaml | 172 + mmv1/products/compute/RouterBgpPeer.yaml | 235 + mmv1/products/compute/RouterNat.yaml | 296 + mmv1/products/compute/SecurityPolicy.yaml | 113 + mmv1/products/compute/ServiceAttachment.yaml | 162 + mmv1/products/compute/Snapshot.yaml | 225 + mmv1/products/compute/SslCertificate.yaml | 84 + mmv1/products/compute/SslPolicy.yaml | 126 + mmv1/products/compute/Subnetwork.yaml | 308 + mmv1/products/compute/TargetGrpcProxy.yaml | 105 + mmv1/products/compute/TargetHttpProxy.yaml | 84 + mmv1/products/compute/TargetHttpsProxy.yaml | 134 + mmv1/products/compute/TargetInstance.yaml | 102 + mmv1/products/compute/TargetPool.yaml | 150 + mmv1/products/compute/TargetSslProxy.yaml | 129 + mmv1/products/compute/TargetTcpProxy.yaml | 96 + mmv1/products/compute/TargetVpnGateway.yaml | 108 + mmv1/products/compute/UrlMap.yaml | 2392 ++ mmv1/products/compute/VpnGateway.yaml | 114 + mmv1/products/compute/VpnTunnel.yaml | 186 + mmv1/products/compute/Zone.yaml | 105 + mmv1/products/compute/api.yaml | 20028 ---------------- mmv1/products/compute/product.yaml | 31 + mmv1/products/compute/terraform.yaml | 18 +- mmv1/products/containeranalysis/Note.yaml | 123 + .../containeranalysis/Occurrence.yaml | 123 + mmv1/products/containeranalysis/api.yaml | 245 - mmv1/products/containeranalysis/product.yaml | 25 + mmv1/products/containerattached/Cluster.yaml | 265 + mmv1/products/containerattached/api.yaml | 274 - mmv1/products/containerattached/product.yaml | 22 + mmv1/products/datacatalog/Entry.yaml | 213 + mmv1/products/datacatalog/EntryGroup.yaml | 61 + mmv1/products/datacatalog/PolicyTag.yaml | 74 + mmv1/products/datacatalog/Tag.yaml | 120 + mmv1/products/datacatalog/TagTemplate.yaml | 131 + mmv1/products/datacatalog/Taxonomy.yaml | 71 + mmv1/products/datacatalog/api.yaml | 620 - mmv1/products/datacatalog/product.yaml | 28 + mmv1/products/dataform/Repository.yaml | 60 + mmv1/products/dataform/api.yaml | 70 - mmv1/products/dataform/product.yaml | 22 + mmv1/products/datafusion/Instance.yaml | 255 + mmv1/products/datafusion/api.yaml | 263 - mmv1/products/datafusion/product.yaml | 46 + mmv1/products/datafusion/terraform.yaml | 6 +- mmv1/products/dataplex/Asset.yaml | 27 + mmv1/products/dataplex/Lake.yaml | 27 + mmv1/products/dataplex/Zone.yaml | 27 + mmv1/products/dataplex/api.yaml | 67 - mmv1/products/dataplex/product.yaml | 27 + mmv1/products/dataproc/AutoscalingPolicy.yaml | 197 + mmv1/products/dataproc/Cluster.yaml | 423 + mmv1/products/dataproc/api.yaml | 622 - mmv1/products/dataproc/product.yaml | 28 + mmv1/products/datastore/Index.yaml | 67 + mmv1/products/datastore/api.yaml | 96 - mmv1/products/datastore/product.yaml | 42 + .../datastream/ConnectionProfile.yaml | 282 + .../datastream/PrivateConnection.yaml | 95 + mmv1/products/datastream/Stream.yaml | 1025 + mmv1/products/datastream/api.yaml | 1402 -- mmv1/products/datastream/product.yaml | 42 + mmv1/products/datastream/terraform.yaml | 6 + .../deploymentmanager/Deployment.yaml | 181 + mmv1/products/deploymentmanager/api.yaml | 194 - mmv1/products/deploymentmanager/product.yaml | 26 + mmv1/products/dialogflow/Agent.yaml | 117 + mmv1/products/dialogflow/EntityType.yaml | 79 + mmv1/products/dialogflow/Fulfillment.yaml | 83 + mmv1/products/dialogflow/Intent.yaml | 137 + mmv1/products/dialogflow/api.yaml | 391 - mmv1/products/dialogflow/product.yaml | 26 + mmv1/products/dialogflowcx/Agent.yaml | 99 + mmv1/products/dialogflowcx/EntityType.yaml | 115 + mmv1/products/dialogflowcx/Environment.yaml | 87 + mmv1/products/dialogflowcx/Flow.yaml | 237 + mmv1/products/dialogflowcx/Intent.yaml | 136 + mmv1/products/dialogflowcx/Page.yaml | 324 + mmv1/products/dialogflowcx/Version.yaml | 115 + mmv1/products/dialogflowcx/Webhook.yaml | 121 + mmv1/products/dialogflowcx/api.yaml | 1157 - mmv1/products/dialogflowcx/product.yaml | 26 + mmv1/products/dlp/DeidentifyTemplate.yaml | 1540 ++ mmv1/products/dlp/InspectTemplate.yaml | 395 + mmv1/products/dlp/JobTrigger.yaml | 414 + mmv1/products/dlp/StoredInfoType.yaml | 180 + mmv1/products/dlp/api.yaml | 2498 -- mmv1/products/dlp/product.yaml | 21 + mmv1/products/dns/ManagedZone.yaml | 293 + mmv1/products/dns/Policy.yaml | 110 + mmv1/products/dns/Project.yaml | 66 + mmv1/products/dns/ResourceRecordSet.yaml | 78 + mmv1/products/dns/ResponsePolicy.yaml | 67 + mmv1/products/dns/ResponsePolicyRule.yaml | 109 + mmv1/products/dns/api.yaml | 674 - mmv1/products/dns/product.yaml | 29 + mmv1/products/documentai/Processor.yaml | 55 + .../documentai/ProcessorDefaultVersion.yaml | 41 + mmv1/products/documentai/api.yaml | 96 - mmv1/products/documentai/product.yaml | 26 + mmv1/products/essentialcontacts/Contact.yaml | 59 + mmv1/products/essentialcontacts/api.yaml | 72 - mmv1/products/essentialcontacts/product.yaml | 26 + mmv1/products/filestore/Backup.yaml | 121 + mmv1/products/filestore/Instance.yaml | 227 + mmv1/products/filestore/Snapshot.yaml | 87 + mmv1/products/filestore/api.yaml | 443 - mmv1/products/filestore/product.yaml | 47 + mmv1/products/firebase/AndroidApp.yaml | 85 + mmv1/products/firebase/AppleApp.yaml | 78 + mmv1/products/firebase/Project.yaml | 41 + mmv1/products/firebase/ProjectLocation.yaml | 44 + mmv1/products/firebase/WebApp.yaml | 71 + mmv1/products/firebase/api.yaml | 293 - mmv1/products/firebase/product.yaml | 39 + mmv1/products/firebasedatabase/Instance.yaml | 79 + mmv1/products/firebasedatabase/api.yaml | 92 - mmv1/products/firebasedatabase/product.yaml | 26 + mmv1/products/firebasehosting/Channel.yaml | 78 + mmv1/products/firebasehosting/Release.yaml | 81 + mmv1/products/firebasehosting/Site.yaml | 57 + mmv1/products/firebasehosting/Version.yaml | 133 + mmv1/products/firebasehosting/api.yaml | 319 - mmv1/products/firebasehosting/product.yaml | 22 + mmv1/products/firebasestorage/Bucket.yaml | 42 + mmv1/products/firebasestorage/api.yaml | 52 - mmv1/products/firebasestorage/product.yaml | 23 + mmv1/products/firestore/Database.yaml | 108 + mmv1/products/firestore/Document.yaml | 72 + mmv1/products/firestore/Index.yaml | 101 + mmv1/products/firestore/api.yaml | 270 - mmv1/products/firestore/product.yaml | 28 + .../gameservices/GameServerCluster.yaml | 117 + .../gameservices/GameServerConfig.yaml | 157 + .../gameservices/GameServerDeployment.yaml | 75 + .../GameServerDeploymentRollout.yaml | 93 + mmv1/products/gameservices/Realm.yaml | 80 + mmv1/products/gameservices/api.yaml | 492 - mmv1/products/gameservices/product.yaml | 25 + mmv1/products/gameservices/terraform.yaml | 2 + mmv1/products/gkebackup/BackupPlan.yaml | 211 + mmv1/products/gkebackup/api.yaml | 245 - mmv1/products/gkebackup/product.yaml | 46 + mmv1/products/gkehub/Membership.yaml | 111 + mmv1/products/gkehub/api.yaml | 127 - mmv1/products/gkehub/product.yaml | 29 + mmv1/products/healthcare/ConsentStore.yaml | 84 + mmv1/products/healthcare/Dataset.yaml | 61 + mmv1/products/healthcare/DicomStore.yaml | 112 + mmv1/products/healthcare/FhirStore.yaml | 247 + mmv1/products/healthcare/Hl7V2Store.yaml | 184 + mmv1/products/healthcare/api.yaml | 652 - mmv1/products/healthcare/product.yaml | 29 + mmv1/products/healthcare/terraform.yaml | 14 +- mmv1/products/iam2/AccessBoundaryPolicy.yaml | 92 + mmv1/products/iam2/DenyPolicy.yaml | 113 + mmv1/products/iam2/api.yaml | 224 - mmv1/products/iam2/product.yaml | 45 + .../iambeta/WorkloadIdentityPool.yaml | 73 + .../iambeta/WorkloadIdentityPoolProvider.yaml | 201 + mmv1/products/iambeta/api.yaml | 293 - mmv1/products/iambeta/product.yaml | 45 + .../iamworkforcepool/WorkforcePool.yaml | 94 + .../WorkforcePoolProvider.yaml | 202 + mmv1/products/iamworkforcepool/api.yaml | 315 - mmv1/products/iamworkforcepool/product.yaml | 45 + mmv1/products/iap/AppEngineService.yaml | 31 + mmv1/products/iap/AppEngineVersion.yaml | 35 + mmv1/products/iap/Brand.yaml | 58 + mmv1/products/iap/Client.yaml | 57 + mmv1/products/iap/Tunnel.yaml | 27 + mmv1/products/iap/TunnelInstance.yaml | 27 + mmv1/products/iap/Web.yaml | 27 + mmv1/products/iap/WebBackendService.yaml | 27 + mmv1/products/iap/WebTypeAppEngine.yaml | 27 + mmv1/products/iap/WebTypeCompute.yaml | 27 + mmv1/products/iap/api.yaml | 239 - mmv1/products/iap/product.yaml | 26 + mmv1/products/identityplatform/Config.yaml | 43 + .../DefaultSupportedIdpConfig.yaml | 74 + .../identityplatform/InboundSamlConfig.yaml | 102 + .../identityplatform/OauthIdpConfig.yaml | 55 + .../ProjectDefaultConfig.yaml | 106 + mmv1/products/identityplatform/Tenant.yaml | 53 + .../TenantDefaultSupportedIdpConfig.yaml | 81 + .../TenantInboundSamlConfig.yaml | 111 + .../TenantOauthIdpConfig.yaml | 63 + mmv1/products/identityplatform/api.yaml | 599 - mmv1/products/identityplatform/product.yaml | 28 + mmv1/products/kms/CryptoKey.yaml | 113 + mmv1/products/kms/CryptoKeyVersion.yaml | 118 + mmv1/products/kms/KeyRing.yaml | 50 + mmv1/products/kms/KeyRingImportJob.yaml | 131 + mmv1/products/kms/SecretCiphertext.yaml | 50 + mmv1/products/kms/api.yaml | 423 - mmv1/products/kms/product.yaml | 26 + mmv1/products/logging/FolderExclusion.yaml | 44 + mmv1/products/logging/FolderLogSink.yaml | 54 + mmv1/products/logging/Metric.yaml | 244 + .../products/logging/OrganizationLogSink.yaml | 53 + mmv1/products/logging/ProjectExclusion.yaml | 44 + mmv1/products/logging/ProjectLogSink.yaml | 53 + mmv1/products/logging/api.yaml | 440 - mmv1/products/logging/product.yaml | 26 + mmv1/products/memcache/Instance.yaml | 288 + mmv1/products/memcache/api.yaml | 316 - mmv1/products/memcache/product.yaml | 41 + mmv1/products/metastore/Federation.yaml | 121 + mmv1/products/metastore/Service.yaml | 313 + mmv1/products/metastore/api.yaml | 436 - mmv1/products/metastore/product.yaml | 28 + mmv1/products/mlengine/Model.yaml | 84 + mmv1/products/mlengine/Version.yaml | 159 + mmv1/products/mlengine/api.yaml | 243 - mmv1/products/mlengine/product.yaml | 26 + mmv1/products/monitoring/AlertPolicy.yaml | 842 + mmv1/products/monitoring/GenericService.yaml | 95 + mmv1/products/monitoring/Group.yaml | 61 + .../products/monitoring/MetricDescriptor.yaml | 174 + .../monitoring/NotificationChannel.yaml | 140 + mmv1/products/monitoring/Service.yaml | 70 + mmv1/products/monitoring/Slo.yaml | 660 + .../monitoring/UptimeCheckConfig.yaml | 322 + mmv1/products/monitoring/api.yaml | 2285 -- mmv1/products/monitoring/product.yaml | 25 + .../networkmanagement/ConnectivityTest.yaml | 182 + mmv1/products/networkmanagement/api.yaml | 212 - mmv1/products/networkmanagement/product.yaml | 43 + .../networkservices/EdgeCacheKeyset.yaml | 118 + .../networkservices/EdgeCacheOrigin.yaml | 298 + .../networkservices/EdgeCacheService.yaml | 820 + mmv1/products/networkservices/api.yaml | 1225 - mmv1/products/networkservices/product.yaml | 28 + mmv1/products/notebooks/Environment.yaml | 100 + mmv1/products/notebooks/Instance.yaml | 341 + mmv1/products/notebooks/Location.yaml | 26 + mmv1/products/notebooks/Runtime.yaml | 501 + mmv1/products/notebooks/api.yaml | 970 - mmv1/products/notebooks/product.yaml | 50 + mmv1/products/orgpolicy/CustomConstraint.yaml | 85 + mmv1/products/orgpolicy/api.yaml | 98 - mmv1/products/orgpolicy/product.yaml | 26 + mmv1/products/osconfig/GuestPolicies.yaml | 717 + mmv1/products/osconfig/PatchDeployment.yaml | 864 + mmv1/products/osconfig/api.yaml | 1585 -- mmv1/products/osconfig/product.yaml | 30 + mmv1/products/oslogin/SSHPublicKey.yaml | 60 + mmv1/products/oslogin/api.yaml | 74 - mmv1/products/oslogin/product.yaml | 27 + mmv1/products/privateca/CaPool.yaml | 445 + mmv1/products/privateca/Certificate.yaml | 1144 + .../privateca/CertificateAuthority.yaml | 636 + .../privateca/CertificateTemplate.yaml | 28 + mmv1/products/privateca/api.yaml | 1911 -- mmv1/products/privateca/product.yaml | 26 + mmv1/products/pubsub/Schema.yaml | 48 + mmv1/products/pubsub/Subscription.yaml | 295 + mmv1/products/pubsub/Topic.yaml | 100 + mmv1/products/pubsub/api.yaml | 430 - mmv1/products/pubsub/product.yaml | 26 + mmv1/products/pubsub/test.yaml | 70 - mmv1/products/pubsublite/Reservation.yaml | 46 + mmv1/products/pubsublite/Subscription.yaml | 68 + mmv1/products/pubsublite/Topic.yaml | 99 + mmv1/products/pubsublite/api.yaml | 201 - mmv1/products/pubsublite/product.yaml | 27 + mmv1/products/redis/Instance.yaml | 429 + mmv1/products/redis/api.yaml | 455 - mmv1/products/redis/product.yaml | 42 + mmv1/products/redis/terraform.yaml | 2 +- mmv1/products/resourcemanager/Folder.yaml | 56 + mmv1/products/resourcemanager/Lien.yaml | 74 + .../resourcemanager/Organization.yaml | 57 + mmv1/products/resourcemanager/Project.yaml | 98 + mmv1/products/resourcemanager/api.yaml | 260 - mmv1/products/resourcemanager/product.yaml | 27 + mmv1/products/runtimeconfig/Config.yaml | 38 + mmv1/products/runtimeconfig/Variable.yaml | 44 + mmv1/products/runtimeconfig/api.yaml | 82 - mmv1/products/runtimeconfig/product.yaml | 26 + mmv1/products/secretmanager/Secret.yaml | 159 + .../products/secretmanager/SecretVersion.yaml | 69 + mmv1/products/secretmanager/api.yaml | 231 - mmv1/products/secretmanager/product.yaml | 29 + mmv1/products/secretmanager/terraform.yaml | 2 +- mmv1/products/securitycenter/MuteConfig.yaml | 86 + .../securitycenter/NotificationConfig.yaml | 107 + mmv1/products/securitycenter/Source.yaml | 64 + mmv1/products/securitycenter/api.yaml | 240 - mmv1/products/securitycenter/product.yaml | 22 + mmv1/products/securityscanner/ScanConfig.yaml | 151 + mmv1/products/securityscanner/api.yaml | 164 - mmv1/products/securityscanner/product.yaml | 25 + mmv1/products/servicedirectory/Endpoint.yaml | 73 + mmv1/products/servicedirectory/Namespace.yaml | 65 + mmv1/products/servicedirectory/Service.yaml | 63 + mmv1/products/servicedirectory/api.yaml | 188 - mmv1/products/servicedirectory/product.yaml | 26 + mmv1/products/servicemanagement/Service.yaml | 24 + .../servicemanagement/ServiceConsumers.yaml | 29 + .../{api.yaml => product.yaml} | 27 - .../serviceusage/AdminQuotaOverride.yaml | 102 + .../serviceusage/ConsumerQuotaOverride.yaml | 101 + mmv1/products/serviceusage/api.yaml | 284 - mmv1/products/serviceusage/product.yaml | 29 + mmv1/products/serviceusage/terraform.yaml | 2 - mmv1/products/sourcerepo/Repository.yaml | 75 + mmv1/products/sourcerepo/api.yaml | 88 - mmv1/products/sourcerepo/product.yaml | 26 + mmv1/products/spanner/Database.yaml | 108 + mmv1/products/spanner/Instance.yaml | 102 + mmv1/products/spanner/InstanceConfig.yaml | 31 + mmv1/products/spanner/api.yaml | 229 - mmv1/products/spanner/product.yaml | 26 + mmv1/products/sql/Database.yaml | 54 + mmv1/products/sql/Flag.yaml | 61 + mmv1/products/sql/Instance.yaml | 432 + .../sql/SourceRepresentationInstance.yaml | 88 + mmv1/products/sql/SslCert.yaml | 59 + mmv1/products/sql/Tier.yaml | 50 + mmv1/products/sql/User.yaml | 52 + mmv1/products/sql/api.yaml | 760 - mmv1/products/sql/product.yaml | 55 + mmv1/products/storage/Bucket.yaml | 488 + .../products/storage/BucketAccessControl.yaml | 106 + mmv1/products/storage/DefaultObjectACL.yaml | 103 + mmv1/products/storage/HmacKey.yaml | 74 + mmv1/products/storage/Object.yaml | 84 + .../products/storage/ObjectAccessControl.yaml | 102 + mmv1/products/storage/api.yaml | 905 - mmv1/products/storage/product.yaml | 26 + mmv1/products/storagetransfer/AgentPool.yaml | 63 + mmv1/products/storagetransfer/api.yaml | 77 - mmv1/products/storagetransfer/product.yaml | 26 + mmv1/products/tags/TagBinding.yaml | 44 + mmv1/products/tags/TagKey.yaml | 89 + mmv1/products/tags/TagValue.yaml | 71 + mmv1/products/tags/api.yaml | 206 - mmv1/products/tags/product.yaml | 41 + mmv1/products/tags/terraform.yaml | 2 +- mmv1/products/tpu/Node.yaml | 135 + mmv1/products/tpu/api.yaml | 161 - mmv1/products/tpu/product.yaml | 39 + mmv1/products/vertexai/Dataset.yaml | 94 + mmv1/products/vertexai/Endpoint.yaml | 224 + mmv1/products/vertexai/Featurestore.yaml | 128 + .../vertexai/FeaturestoreEntitytype.yaml | 172 + .../FeaturestoreEntitytypeFeature.yaml | 89 + mmv1/products/vertexai/Index.yaml | 204 + mmv1/products/vertexai/MetadataStore.yaml | 94 + mmv1/products/vertexai/Tensorboard.yaml | 96 + mmv1/products/vertexai/api.yaml | 1034 - mmv1/products/vertexai/product.yaml | 25 + mmv1/products/vertexai/terraform.yaml | 3 - mmv1/products/vpcaccess/Connector.yaml | 131 + mmv1/products/vpcaccess/api.yaml | 147 - mmv1/products/vpcaccess/product.yaml | 29 + mmv1/products/workflows/Workflow.yaml | 77 + mmv1/products/workflows/api.yaml | 110 - mmv1/products/workflows/product.yaml | 46 + mmv1/products/workstations/Workstation.yaml | 119 + .../workstations/WorkstationCluster.yaml | 159 + .../workstations/WorkstationConfig.yaml | 288 + mmv1/products/workstations/api.yaml | 554 - mmv1/products/workstations/product.yaml | 27 + mmv1/products/workstations/terraform.yaml | 3 + mmv1/provider/terraform.rb | 5 +- mmv1/provider/terraform_kcc.rb | 6 +- .../data_fusion_instance_option.go.erb | 21 + .../constants/datastream_stream.go.erb | 15 + .../datastream_stream_dataset_id.go.erb | 26 + .../privateca_certificate_509_config.go.erb | 5 + ...anager_certificate_managed_dns_auth.go.erb | 17 - .../privateca_certificate_509_config.go.erb | 2 + ..._manager_authorized_orgs_desc_basic.tf.erb | 13 + ...gquery_datapolicy_data_policy_basic.tf.erb | 3 - .../examples/data_fusion_instance_full.tf.erb | 4 + ...ream_postgresql_bigquery_dataset_id.tf.erb | 106 + .../privateca_capool_all_fields.tf.erb | 11 + ...ateca_certificate_authority_byo_key.tf.erb | 11 + .../privateca_certificate_config.tf.erb | 15 +- .../pubsub_subscription_push_bq.tf.erb | 2 +- .../workstation_config_encryption_key.tf.erb | 1 - .../terraform/post_create/sleep_2_min.go.erb | 4 + mmv1/templates/terraform/resource.erb | 6 +- ..._source_google_firebase_android_app.go.erb | 3 + ...ta_source_google_firebase_apple_app.go.erb | 3 + ...data_source_google_firebase_web_app.go.erb | 3 + .../resources/resource_apigee_flowhook.go | 240 + .../resources/resource_apigee_sharedflow.go | 460 + .../resource_apigee_sharedflow_deployment.go | 198 + .../resource_compute_instance.go.erb | 7 + .../resource_compute_instance_template.go.erb | 6 + .../resource_compute_security_policy.go.erb | 13 +- .../tests/data_source_dns_key_test.go | 2 +- .../data_source_dns_managed_zone_test.go.erb | 2 +- ...gle_compute_instance_group_manager_test.go | 10 +- ...ce_google_firebase_android_app_test.go.erb | 5 + ...urce_google_firebase_apple_app_test.go.erb | 5 + ...source_google_firebase_web_app_test.go.erb | 58 + ..._context_manager_access_policy_test.go.erb | 1 + ...ntext_manager_authorized_orgs_desc_test.go | 84 + .../tests/resource_alloydb_backup_test.go | 2 +- .../tests/resource_apigee_flowhook_test.go | 161 + ...ource_apigee_sharedflow_deployment_test.go | 151 + ...resource_apigee_sharedflow_sweeper_test.go | 128 + .../tests/resource_apigee_sharedflow_test.go | 216 + .../tests/resource_big_query_dataset_test.go | 26 + ...e_bigquery_datapolicy_data_policy_test.go} | 12 +- .../resource_cloudfunction2_function_test.go | 34 +- .../resource_composer_environment_test.go.erb | 24 + ...urce_compute_instance_template_test.go.erb | 145 +- ...e_compute_per_instance_config_test.go.erb} | 5 + ...te_region_per_instance_config_test.go.erb} | 7 +- ...source_compute_security_policy_test.go.erb | 128 +- .../resource_container_cluster_test.go.erb | 2 +- .../resource_data_fusion_instance_test.go | 9 + .../resource_eventarc_channel_test.go.erb | 4 +- ...eventarc_google_channel_config_test.go.erb | 4 +- .../resource_eventarc_trigger_test.go.erb | 4 +- .../tests/resource_google_project_test.go | 9 + .../tests/resource_pubsub_topic_test.go | 4 + .../resource_spanner_database_test.go.erb | 28 + .../tests/resource_spanner_instance_test.go | 41 + .../tests/resource_vertex_ai_endpoint_test.go | 2 +- .../terraform/utils/bootstrap_iam_test.go | 151 + .../terraform/utils/bootstrap_utils_test.go | 111 +- .../utils/compute_instance_helpers.go.erb | 6 + .../terraform/utils/privateca_utils.go | 51 + .../terraform/utils/provider.go.erb | 5 +- .../apigee/apigee_sharedflow_bundle.zip | Bin 0 -> 1016 bytes .../apigee/apigee_sharedflow_bundle2.zip | Bin 0 -> 2645 bytes .../iam_workload_identity_pool.html.markdown | 2 +- ...kload_identity_pool_provider.html.markdown | 2 +- .../guides/provider_reference.html.markdown | 376 +- .../website/docs/index.html.markdown | 33 +- .../docs/r/apigee_flowhook.html.markdown | 71 + .../docs/r/apigee_sharedflow.html.markdown | 105 + ...apigee_sharedflow_deployment.html.markdown | 85 + .../docs/r/compute_instance.html.markdown | 2 +- .../r/compute_instance_template.html.markdown | 9 +- .../tests/data/example_bigquery_dataset.json | 1 + .../example_bigquery_dataset_iam_binding.json | 3 +- .../example_bigquery_dataset_iam_member.json | 3 +- .../example_bigquery_dataset_iam_policy.json | 3 +- ..._dataset_iam_policy_empty_policy_data.json | 3 +- .../dataplex/beta/tpgtools_product.yaml | 6 + 625 files changed, 64668 insertions(+), 57765 deletions(-) create mode 100644 mmv1/products/accesscontextmanager/AuthorizedOrgsDesc.yaml create mode 100644 mmv1/products/certificatemanager/Certificate.yaml create mode 100644 mmv1/products/certificatemanager/CertificateMap.yaml create mode 100644 mmv1/products/certificatemanager/CertificateMapEntry.yaml create mode 100644 mmv1/products/certificatemanager/DnsAuthorization.yaml delete mode 100644 mmv1/products/certificatemanager/api.yaml create mode 100644 mmv1/products/certificatemanager/product.yaml create mode 100644 mmv1/products/cloudasset/FolderFeed.yaml create mode 100644 mmv1/products/cloudasset/OrganizationFeed.yaml create mode 100644 mmv1/products/cloudasset/ProjectFeed.yaml delete mode 100644 mmv1/products/cloudasset/api.yaml create mode 100644 mmv1/products/cloudasset/product.yaml create mode 100644 mmv1/products/cloudbuild/BitbucketServerConfig.yaml create mode 100644 mmv1/products/cloudbuild/Trigger.yaml delete mode 100644 mmv1/products/cloudbuild/api.yaml create mode 100644 mmv1/products/cloudbuild/product.yaml create mode 100644 mmv1/products/cloudbuildv2/Connection.yaml rename mmv1/products/cloudbuildv2/{api.yaml => product.yaml} (60%) create mode 100644 mmv1/products/cloudfunctions/CloudFunction.yaml delete mode 100644 mmv1/products/cloudfunctions/api.yaml create mode 100644 mmv1/products/cloudfunctions/product.yaml create mode 100644 mmv1/products/cloudfunctions2/Function.yaml delete mode 100644 mmv1/products/cloudfunctions2/api.yaml create mode 100644 mmv1/products/cloudfunctions2/product.yaml create mode 100644 mmv1/products/cloudidentity/Group.yaml create mode 100644 mmv1/products/cloudidentity/GroupMembership.yaml delete mode 100644 mmv1/products/cloudidentity/api.yaml create mode 100644 mmv1/products/cloudidentity/product.yaml create mode 100644 mmv1/products/cloudids/Endpoint.yaml delete mode 100644 mmv1/products/cloudids/api.yaml create mode 100644 mmv1/products/cloudids/product.yaml create mode 100644 mmv1/products/cloudiot/Device.yaml create mode 100644 mmv1/products/cloudiot/DeviceRegistry.yaml delete mode 100644 mmv1/products/cloudiot/api.yaml create mode 100644 mmv1/products/cloudiot/product.yaml create mode 100644 mmv1/products/cloudrun/DomainMapping.yaml create mode 100644 mmv1/products/cloudrun/Service.yaml delete mode 100644 mmv1/products/cloudrun/api.yaml create mode 100644 mmv1/products/cloudrun/product.yaml create mode 100644 mmv1/products/cloudrunv2/Job.yaml create mode 100644 mmv1/products/cloudrunv2/Service.yaml delete mode 100644 mmv1/products/cloudrunv2/api.yaml create mode 100644 mmv1/products/cloudrunv2/product.yaml create mode 100644 mmv1/products/cloudscheduler/Job.yaml delete mode 100644 mmv1/products/cloudscheduler/api.yaml create mode 100644 mmv1/products/cloudscheduler/product.yaml create mode 100644 mmv1/products/cloudtasks/Queue.yaml delete mode 100644 mmv1/products/cloudtasks/api.yaml create mode 100644 mmv1/products/cloudtasks/product.yaml create mode 100644 mmv1/products/compute/Address.yaml create mode 100644 mmv1/products/compute/Autoscaler.yaml create mode 100644 mmv1/products/compute/BackendBucket.yaml create mode 100644 mmv1/products/compute/BackendBucketSignedUrlKey.yaml create mode 100644 mmv1/products/compute/BackendService.yaml create mode 100644 mmv1/products/compute/BackendServiceSignedUrlKey.yaml create mode 100644 mmv1/products/compute/Disk.yaml create mode 100644 mmv1/products/compute/DiskResourcePolicyAttachment.yaml create mode 100644 mmv1/products/compute/DiskType.yaml create mode 100644 mmv1/products/compute/ExternalVpnGateway.yaml create mode 100644 mmv1/products/compute/Firewall.yaml create mode 100644 mmv1/products/compute/ForwardingRule.yaml create mode 100644 mmv1/products/compute/GlobalAddress.yaml create mode 100644 mmv1/products/compute/GlobalForwardingRule.yaml create mode 100644 mmv1/products/compute/GlobalNetworkEndpoint.yaml create mode 100644 mmv1/products/compute/GlobalNetworkEndpointGroup.yaml create mode 100644 mmv1/products/compute/HealthCheck.yaml create mode 100644 mmv1/products/compute/HttpHealthCheck.yaml create mode 100644 mmv1/products/compute/HttpsHealthCheck.yaml create mode 100644 mmv1/products/compute/Image.yaml create mode 100644 mmv1/products/compute/Instance.yaml create mode 100644 mmv1/products/compute/InstanceGroup.yaml create mode 100644 mmv1/products/compute/InstanceGroupManager.yaml create mode 100644 mmv1/products/compute/InstanceGroupNamedPort.yaml create mode 100644 mmv1/products/compute/InstanceTemplate.yaml create mode 100644 mmv1/products/compute/InterconnectAttachment.yaml create mode 100644 mmv1/products/compute/License.yaml create mode 100644 mmv1/products/compute/MachineImage.yaml create mode 100644 mmv1/products/compute/MachineType.yaml create mode 100644 mmv1/products/compute/ManagedSslCertificate.yaml create mode 100644 mmv1/products/compute/Network.yaml create mode 100644 mmv1/products/compute/NetworkEndpoint.yaml create mode 100644 mmv1/products/compute/NetworkEndpointGroup.yaml create mode 100644 mmv1/products/compute/NetworkPeeringRoutesConfig.yaml create mode 100644 mmv1/products/compute/NodeGroup.yaml create mode 100644 mmv1/products/compute/NodeTemplate.yaml create mode 100644 mmv1/products/compute/OrganizationSecurityPolicy.yaml create mode 100644 mmv1/products/compute/OrganizationSecurityPolicyAssociation.yaml create mode 100644 mmv1/products/compute/OrganizationSecurityPolicyRule.yaml create mode 100644 mmv1/products/compute/PacketMirroring.yaml create mode 100644 mmv1/products/compute/PerInstanceConfig.yaml create mode 100644 mmv1/products/compute/ProjectInfo.yaml create mode 100644 mmv1/products/compute/Region.yaml create mode 100644 mmv1/products/compute/RegionAutoscaler.yaml create mode 100644 mmv1/products/compute/RegionBackendService.yaml create mode 100644 mmv1/products/compute/RegionDisk.yaml create mode 100644 mmv1/products/compute/RegionDiskResourcePolicyAttachment.yaml create mode 100644 mmv1/products/compute/RegionDiskType.yaml create mode 100644 mmv1/products/compute/RegionHealthCheck.yaml create mode 100644 mmv1/products/compute/RegionInstanceGroupManager.yaml create mode 100644 mmv1/products/compute/RegionNetworkEndpointGroup.yaml create mode 100644 mmv1/products/compute/RegionPerInstanceConfig.yaml create mode 100644 mmv1/products/compute/RegionSslCertificate.yaml create mode 100644 mmv1/products/compute/RegionSslPolicy.yaml create mode 100644 mmv1/products/compute/RegionTargetHttpProxy.yaml create mode 100644 mmv1/products/compute/RegionTargetHttpsProxy.yaml create mode 100644 mmv1/products/compute/RegionTargetTcpProxy.yaml create mode 100644 mmv1/products/compute/RegionUrlMap.yaml create mode 100644 mmv1/products/compute/Reservation.yaml create mode 100644 mmv1/products/compute/ResourcePolicy.yaml create mode 100644 mmv1/products/compute/Route.yaml create mode 100644 mmv1/products/compute/Router.yaml create mode 100644 mmv1/products/compute/RouterBgpPeer.yaml create mode 100644 mmv1/products/compute/RouterNat.yaml create mode 100644 mmv1/products/compute/SecurityPolicy.yaml create mode 100644 mmv1/products/compute/ServiceAttachment.yaml create mode 100644 mmv1/products/compute/Snapshot.yaml create mode 100644 mmv1/products/compute/SslCertificate.yaml create mode 100644 mmv1/products/compute/SslPolicy.yaml create mode 100644 mmv1/products/compute/Subnetwork.yaml create mode 100644 mmv1/products/compute/TargetGrpcProxy.yaml create mode 100644 mmv1/products/compute/TargetHttpProxy.yaml create mode 100644 mmv1/products/compute/TargetHttpsProxy.yaml create mode 100644 mmv1/products/compute/TargetInstance.yaml create mode 100644 mmv1/products/compute/TargetPool.yaml create mode 100644 mmv1/products/compute/TargetSslProxy.yaml create mode 100644 mmv1/products/compute/TargetTcpProxy.yaml create mode 100644 mmv1/products/compute/TargetVpnGateway.yaml create mode 100644 mmv1/products/compute/UrlMap.yaml create mode 100644 mmv1/products/compute/VpnGateway.yaml create mode 100644 mmv1/products/compute/VpnTunnel.yaml create mode 100644 mmv1/products/compute/Zone.yaml delete mode 100644 mmv1/products/compute/api.yaml create mode 100644 mmv1/products/compute/product.yaml create mode 100644 mmv1/products/containeranalysis/Note.yaml create mode 100644 mmv1/products/containeranalysis/Occurrence.yaml delete mode 100644 mmv1/products/containeranalysis/api.yaml create mode 100644 mmv1/products/containeranalysis/product.yaml create mode 100644 mmv1/products/containerattached/Cluster.yaml delete mode 100644 mmv1/products/containerattached/api.yaml create mode 100644 mmv1/products/containerattached/product.yaml create mode 100644 mmv1/products/datacatalog/Entry.yaml create mode 100644 mmv1/products/datacatalog/EntryGroup.yaml create mode 100644 mmv1/products/datacatalog/PolicyTag.yaml create mode 100644 mmv1/products/datacatalog/Tag.yaml create mode 100644 mmv1/products/datacatalog/TagTemplate.yaml create mode 100644 mmv1/products/datacatalog/Taxonomy.yaml delete mode 100644 mmv1/products/datacatalog/api.yaml create mode 100644 mmv1/products/datacatalog/product.yaml create mode 100644 mmv1/products/dataform/Repository.yaml delete mode 100644 mmv1/products/dataform/api.yaml create mode 100644 mmv1/products/dataform/product.yaml create mode 100644 mmv1/products/datafusion/Instance.yaml delete mode 100644 mmv1/products/datafusion/api.yaml create mode 100644 mmv1/products/datafusion/product.yaml create mode 100644 mmv1/products/dataplex/Asset.yaml create mode 100644 mmv1/products/dataplex/Lake.yaml create mode 100644 mmv1/products/dataplex/Zone.yaml delete mode 100644 mmv1/products/dataplex/api.yaml create mode 100644 mmv1/products/dataplex/product.yaml create mode 100644 mmv1/products/dataproc/AutoscalingPolicy.yaml create mode 100644 mmv1/products/dataproc/Cluster.yaml delete mode 100644 mmv1/products/dataproc/api.yaml create mode 100644 mmv1/products/dataproc/product.yaml create mode 100644 mmv1/products/datastore/Index.yaml delete mode 100644 mmv1/products/datastore/api.yaml create mode 100644 mmv1/products/datastore/product.yaml create mode 100644 mmv1/products/datastream/ConnectionProfile.yaml create mode 100644 mmv1/products/datastream/PrivateConnection.yaml create mode 100644 mmv1/products/datastream/Stream.yaml delete mode 100644 mmv1/products/datastream/api.yaml create mode 100644 mmv1/products/datastream/product.yaml create mode 100644 mmv1/products/deploymentmanager/Deployment.yaml delete mode 100644 mmv1/products/deploymentmanager/api.yaml create mode 100644 mmv1/products/deploymentmanager/product.yaml create mode 100644 mmv1/products/dialogflow/Agent.yaml create mode 100644 mmv1/products/dialogflow/EntityType.yaml create mode 100644 mmv1/products/dialogflow/Fulfillment.yaml create mode 100644 mmv1/products/dialogflow/Intent.yaml delete mode 100644 mmv1/products/dialogflow/api.yaml create mode 100644 mmv1/products/dialogflow/product.yaml create mode 100644 mmv1/products/dialogflowcx/Agent.yaml create mode 100644 mmv1/products/dialogflowcx/EntityType.yaml create mode 100644 mmv1/products/dialogflowcx/Environment.yaml create mode 100644 mmv1/products/dialogflowcx/Flow.yaml create mode 100644 mmv1/products/dialogflowcx/Intent.yaml create mode 100644 mmv1/products/dialogflowcx/Page.yaml create mode 100644 mmv1/products/dialogflowcx/Version.yaml create mode 100644 mmv1/products/dialogflowcx/Webhook.yaml delete mode 100644 mmv1/products/dialogflowcx/api.yaml create mode 100644 mmv1/products/dialogflowcx/product.yaml create mode 100644 mmv1/products/dlp/DeidentifyTemplate.yaml create mode 100644 mmv1/products/dlp/InspectTemplate.yaml create mode 100644 mmv1/products/dlp/JobTrigger.yaml create mode 100644 mmv1/products/dlp/StoredInfoType.yaml delete mode 100644 mmv1/products/dlp/api.yaml create mode 100644 mmv1/products/dlp/product.yaml create mode 100644 mmv1/products/dns/ManagedZone.yaml create mode 100644 mmv1/products/dns/Policy.yaml create mode 100644 mmv1/products/dns/Project.yaml create mode 100644 mmv1/products/dns/ResourceRecordSet.yaml create mode 100644 mmv1/products/dns/ResponsePolicy.yaml create mode 100644 mmv1/products/dns/ResponsePolicyRule.yaml delete mode 100644 mmv1/products/dns/api.yaml create mode 100644 mmv1/products/dns/product.yaml create mode 100644 mmv1/products/documentai/Processor.yaml create mode 100644 mmv1/products/documentai/ProcessorDefaultVersion.yaml delete mode 100644 mmv1/products/documentai/api.yaml create mode 100644 mmv1/products/documentai/product.yaml create mode 100644 mmv1/products/essentialcontacts/Contact.yaml delete mode 100644 mmv1/products/essentialcontacts/api.yaml create mode 100644 mmv1/products/essentialcontacts/product.yaml create mode 100644 mmv1/products/filestore/Backup.yaml create mode 100644 mmv1/products/filestore/Instance.yaml create mode 100644 mmv1/products/filestore/Snapshot.yaml delete mode 100644 mmv1/products/filestore/api.yaml create mode 100644 mmv1/products/filestore/product.yaml create mode 100644 mmv1/products/firebase/AndroidApp.yaml create mode 100644 mmv1/products/firebase/AppleApp.yaml create mode 100644 mmv1/products/firebase/Project.yaml create mode 100644 mmv1/products/firebase/ProjectLocation.yaml create mode 100644 mmv1/products/firebase/WebApp.yaml delete mode 100644 mmv1/products/firebase/api.yaml create mode 100644 mmv1/products/firebase/product.yaml create mode 100644 mmv1/products/firebasedatabase/Instance.yaml delete mode 100644 mmv1/products/firebasedatabase/api.yaml create mode 100644 mmv1/products/firebasedatabase/product.yaml create mode 100644 mmv1/products/firebasehosting/Channel.yaml create mode 100644 mmv1/products/firebasehosting/Release.yaml create mode 100644 mmv1/products/firebasehosting/Site.yaml create mode 100644 mmv1/products/firebasehosting/Version.yaml delete mode 100644 mmv1/products/firebasehosting/api.yaml create mode 100644 mmv1/products/firebasehosting/product.yaml create mode 100644 mmv1/products/firebasestorage/Bucket.yaml delete mode 100644 mmv1/products/firebasestorage/api.yaml create mode 100644 mmv1/products/firebasestorage/product.yaml create mode 100644 mmv1/products/firestore/Database.yaml create mode 100644 mmv1/products/firestore/Document.yaml create mode 100644 mmv1/products/firestore/Index.yaml delete mode 100644 mmv1/products/firestore/api.yaml create mode 100644 mmv1/products/firestore/product.yaml create mode 100644 mmv1/products/gameservices/GameServerCluster.yaml create mode 100644 mmv1/products/gameservices/GameServerConfig.yaml create mode 100644 mmv1/products/gameservices/GameServerDeployment.yaml create mode 100644 mmv1/products/gameservices/GameServerDeploymentRollout.yaml create mode 100644 mmv1/products/gameservices/Realm.yaml delete mode 100644 mmv1/products/gameservices/api.yaml create mode 100644 mmv1/products/gameservices/product.yaml create mode 100644 mmv1/products/gkebackup/BackupPlan.yaml delete mode 100644 mmv1/products/gkebackup/api.yaml create mode 100644 mmv1/products/gkebackup/product.yaml create mode 100644 mmv1/products/gkehub/Membership.yaml delete mode 100644 mmv1/products/gkehub/api.yaml create mode 100644 mmv1/products/gkehub/product.yaml create mode 100644 mmv1/products/healthcare/ConsentStore.yaml create mode 100644 mmv1/products/healthcare/Dataset.yaml create mode 100644 mmv1/products/healthcare/DicomStore.yaml create mode 100644 mmv1/products/healthcare/FhirStore.yaml create mode 100644 mmv1/products/healthcare/Hl7V2Store.yaml delete mode 100644 mmv1/products/healthcare/api.yaml create mode 100644 mmv1/products/healthcare/product.yaml create mode 100644 mmv1/products/iam2/AccessBoundaryPolicy.yaml create mode 100644 mmv1/products/iam2/DenyPolicy.yaml delete mode 100644 mmv1/products/iam2/api.yaml create mode 100644 mmv1/products/iam2/product.yaml create mode 100644 mmv1/products/iambeta/WorkloadIdentityPool.yaml create mode 100644 mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml delete mode 100644 mmv1/products/iambeta/api.yaml create mode 100644 mmv1/products/iambeta/product.yaml create mode 100644 mmv1/products/iamworkforcepool/WorkforcePool.yaml create mode 100644 mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml delete mode 100644 mmv1/products/iamworkforcepool/api.yaml create mode 100644 mmv1/products/iamworkforcepool/product.yaml create mode 100644 mmv1/products/iap/AppEngineService.yaml create mode 100644 mmv1/products/iap/AppEngineVersion.yaml create mode 100644 mmv1/products/iap/Brand.yaml create mode 100644 mmv1/products/iap/Client.yaml create mode 100644 mmv1/products/iap/Tunnel.yaml create mode 100644 mmv1/products/iap/TunnelInstance.yaml create mode 100644 mmv1/products/iap/Web.yaml create mode 100644 mmv1/products/iap/WebBackendService.yaml create mode 100644 mmv1/products/iap/WebTypeAppEngine.yaml create mode 100644 mmv1/products/iap/WebTypeCompute.yaml delete mode 100644 mmv1/products/iap/api.yaml create mode 100644 mmv1/products/iap/product.yaml create mode 100644 mmv1/products/identityplatform/Config.yaml create mode 100644 mmv1/products/identityplatform/DefaultSupportedIdpConfig.yaml create mode 100644 mmv1/products/identityplatform/InboundSamlConfig.yaml create mode 100644 mmv1/products/identityplatform/OauthIdpConfig.yaml create mode 100644 mmv1/products/identityplatform/ProjectDefaultConfig.yaml create mode 100644 mmv1/products/identityplatform/Tenant.yaml create mode 100644 mmv1/products/identityplatform/TenantDefaultSupportedIdpConfig.yaml create mode 100644 mmv1/products/identityplatform/TenantInboundSamlConfig.yaml create mode 100644 mmv1/products/identityplatform/TenantOauthIdpConfig.yaml delete mode 100644 mmv1/products/identityplatform/api.yaml create mode 100644 mmv1/products/identityplatform/product.yaml create mode 100644 mmv1/products/kms/CryptoKey.yaml create mode 100644 mmv1/products/kms/CryptoKeyVersion.yaml create mode 100644 mmv1/products/kms/KeyRing.yaml create mode 100644 mmv1/products/kms/KeyRingImportJob.yaml create mode 100644 mmv1/products/kms/SecretCiphertext.yaml delete mode 100644 mmv1/products/kms/api.yaml create mode 100644 mmv1/products/kms/product.yaml create mode 100644 mmv1/products/logging/FolderExclusion.yaml create mode 100644 mmv1/products/logging/FolderLogSink.yaml create mode 100644 mmv1/products/logging/Metric.yaml create mode 100644 mmv1/products/logging/OrganizationLogSink.yaml create mode 100644 mmv1/products/logging/ProjectExclusion.yaml create mode 100644 mmv1/products/logging/ProjectLogSink.yaml delete mode 100644 mmv1/products/logging/api.yaml create mode 100644 mmv1/products/logging/product.yaml create mode 100644 mmv1/products/memcache/Instance.yaml delete mode 100644 mmv1/products/memcache/api.yaml create mode 100644 mmv1/products/memcache/product.yaml create mode 100644 mmv1/products/metastore/Federation.yaml create mode 100644 mmv1/products/metastore/Service.yaml delete mode 100644 mmv1/products/metastore/api.yaml create mode 100644 mmv1/products/metastore/product.yaml create mode 100644 mmv1/products/mlengine/Model.yaml create mode 100644 mmv1/products/mlengine/Version.yaml delete mode 100644 mmv1/products/mlengine/api.yaml create mode 100644 mmv1/products/mlengine/product.yaml create mode 100644 mmv1/products/monitoring/AlertPolicy.yaml create mode 100644 mmv1/products/monitoring/GenericService.yaml create mode 100644 mmv1/products/monitoring/Group.yaml create mode 100644 mmv1/products/monitoring/MetricDescriptor.yaml create mode 100644 mmv1/products/monitoring/NotificationChannel.yaml create mode 100644 mmv1/products/monitoring/Service.yaml create mode 100644 mmv1/products/monitoring/Slo.yaml create mode 100644 mmv1/products/monitoring/UptimeCheckConfig.yaml delete mode 100644 mmv1/products/monitoring/api.yaml create mode 100644 mmv1/products/monitoring/product.yaml create mode 100644 mmv1/products/networkmanagement/ConnectivityTest.yaml delete mode 100644 mmv1/products/networkmanagement/api.yaml create mode 100644 mmv1/products/networkmanagement/product.yaml create mode 100644 mmv1/products/networkservices/EdgeCacheKeyset.yaml create mode 100644 mmv1/products/networkservices/EdgeCacheOrigin.yaml create mode 100644 mmv1/products/networkservices/EdgeCacheService.yaml delete mode 100644 mmv1/products/networkservices/api.yaml create mode 100644 mmv1/products/networkservices/product.yaml create mode 100644 mmv1/products/notebooks/Environment.yaml create mode 100644 mmv1/products/notebooks/Instance.yaml create mode 100644 mmv1/products/notebooks/Location.yaml create mode 100644 mmv1/products/notebooks/Runtime.yaml delete mode 100644 mmv1/products/notebooks/api.yaml create mode 100644 mmv1/products/notebooks/product.yaml create mode 100644 mmv1/products/orgpolicy/CustomConstraint.yaml delete mode 100644 mmv1/products/orgpolicy/api.yaml create mode 100644 mmv1/products/orgpolicy/product.yaml create mode 100644 mmv1/products/osconfig/GuestPolicies.yaml create mode 100644 mmv1/products/osconfig/PatchDeployment.yaml delete mode 100644 mmv1/products/osconfig/api.yaml create mode 100644 mmv1/products/osconfig/product.yaml create mode 100644 mmv1/products/oslogin/SSHPublicKey.yaml delete mode 100644 mmv1/products/oslogin/api.yaml create mode 100644 mmv1/products/oslogin/product.yaml create mode 100644 mmv1/products/privateca/CaPool.yaml create mode 100644 mmv1/products/privateca/Certificate.yaml create mode 100644 mmv1/products/privateca/CertificateAuthority.yaml create mode 100644 mmv1/products/privateca/CertificateTemplate.yaml delete mode 100644 mmv1/products/privateca/api.yaml create mode 100644 mmv1/products/privateca/product.yaml create mode 100644 mmv1/products/pubsub/Schema.yaml create mode 100644 mmv1/products/pubsub/Subscription.yaml create mode 100644 mmv1/products/pubsub/Topic.yaml delete mode 100644 mmv1/products/pubsub/api.yaml create mode 100644 mmv1/products/pubsub/product.yaml delete mode 100644 mmv1/products/pubsub/test.yaml create mode 100644 mmv1/products/pubsublite/Reservation.yaml create mode 100644 mmv1/products/pubsublite/Subscription.yaml create mode 100644 mmv1/products/pubsublite/Topic.yaml delete mode 100644 mmv1/products/pubsublite/api.yaml create mode 100644 mmv1/products/pubsublite/product.yaml create mode 100644 mmv1/products/redis/Instance.yaml delete mode 100644 mmv1/products/redis/api.yaml create mode 100644 mmv1/products/redis/product.yaml create mode 100644 mmv1/products/resourcemanager/Folder.yaml create mode 100644 mmv1/products/resourcemanager/Lien.yaml create mode 100644 mmv1/products/resourcemanager/Organization.yaml create mode 100644 mmv1/products/resourcemanager/Project.yaml delete mode 100644 mmv1/products/resourcemanager/api.yaml create mode 100644 mmv1/products/resourcemanager/product.yaml create mode 100644 mmv1/products/runtimeconfig/Config.yaml create mode 100644 mmv1/products/runtimeconfig/Variable.yaml delete mode 100644 mmv1/products/runtimeconfig/api.yaml create mode 100644 mmv1/products/runtimeconfig/product.yaml create mode 100644 mmv1/products/secretmanager/Secret.yaml create mode 100644 mmv1/products/secretmanager/SecretVersion.yaml delete mode 100644 mmv1/products/secretmanager/api.yaml create mode 100644 mmv1/products/secretmanager/product.yaml create mode 100644 mmv1/products/securitycenter/MuteConfig.yaml create mode 100644 mmv1/products/securitycenter/NotificationConfig.yaml create mode 100644 mmv1/products/securitycenter/Source.yaml delete mode 100644 mmv1/products/securitycenter/api.yaml create mode 100644 mmv1/products/securitycenter/product.yaml create mode 100644 mmv1/products/securityscanner/ScanConfig.yaml delete mode 100644 mmv1/products/securityscanner/api.yaml create mode 100644 mmv1/products/securityscanner/product.yaml create mode 100644 mmv1/products/servicedirectory/Endpoint.yaml create mode 100644 mmv1/products/servicedirectory/Namespace.yaml create mode 100644 mmv1/products/servicedirectory/Service.yaml delete mode 100644 mmv1/products/servicedirectory/api.yaml create mode 100644 mmv1/products/servicedirectory/product.yaml create mode 100644 mmv1/products/servicemanagement/Service.yaml create mode 100644 mmv1/products/servicemanagement/ServiceConsumers.yaml rename mmv1/products/servicemanagement/{api.yaml => product.yaml} (51%) create mode 100644 mmv1/products/serviceusage/AdminQuotaOverride.yaml create mode 100644 mmv1/products/serviceusage/ConsumerQuotaOverride.yaml delete mode 100644 mmv1/products/serviceusage/api.yaml create mode 100644 mmv1/products/serviceusage/product.yaml create mode 100644 mmv1/products/sourcerepo/Repository.yaml delete mode 100644 mmv1/products/sourcerepo/api.yaml create mode 100644 mmv1/products/sourcerepo/product.yaml create mode 100644 mmv1/products/spanner/Database.yaml create mode 100644 mmv1/products/spanner/Instance.yaml create mode 100644 mmv1/products/spanner/InstanceConfig.yaml delete mode 100644 mmv1/products/spanner/api.yaml create mode 100644 mmv1/products/spanner/product.yaml create mode 100644 mmv1/products/sql/Database.yaml create mode 100644 mmv1/products/sql/Flag.yaml create mode 100644 mmv1/products/sql/Instance.yaml create mode 100644 mmv1/products/sql/SourceRepresentationInstance.yaml create mode 100644 mmv1/products/sql/SslCert.yaml create mode 100644 mmv1/products/sql/Tier.yaml create mode 100644 mmv1/products/sql/User.yaml delete mode 100644 mmv1/products/sql/api.yaml create mode 100644 mmv1/products/sql/product.yaml create mode 100644 mmv1/products/storage/Bucket.yaml create mode 100644 mmv1/products/storage/BucketAccessControl.yaml create mode 100644 mmv1/products/storage/DefaultObjectACL.yaml create mode 100644 mmv1/products/storage/HmacKey.yaml create mode 100644 mmv1/products/storage/Object.yaml create mode 100644 mmv1/products/storage/ObjectAccessControl.yaml delete mode 100644 mmv1/products/storage/api.yaml create mode 100644 mmv1/products/storage/product.yaml create mode 100644 mmv1/products/storagetransfer/AgentPool.yaml delete mode 100644 mmv1/products/storagetransfer/api.yaml create mode 100644 mmv1/products/storagetransfer/product.yaml create mode 100644 mmv1/products/tags/TagBinding.yaml create mode 100644 mmv1/products/tags/TagKey.yaml create mode 100644 mmv1/products/tags/TagValue.yaml delete mode 100644 mmv1/products/tags/api.yaml create mode 100644 mmv1/products/tags/product.yaml create mode 100644 mmv1/products/tpu/Node.yaml delete mode 100644 mmv1/products/tpu/api.yaml create mode 100644 mmv1/products/tpu/product.yaml create mode 100644 mmv1/products/vertexai/Dataset.yaml create mode 100644 mmv1/products/vertexai/Endpoint.yaml create mode 100644 mmv1/products/vertexai/Featurestore.yaml create mode 100644 mmv1/products/vertexai/FeaturestoreEntitytype.yaml create mode 100644 mmv1/products/vertexai/FeaturestoreEntitytypeFeature.yaml create mode 100644 mmv1/products/vertexai/Index.yaml create mode 100644 mmv1/products/vertexai/MetadataStore.yaml create mode 100644 mmv1/products/vertexai/Tensorboard.yaml delete mode 100644 mmv1/products/vertexai/api.yaml create mode 100644 mmv1/products/vertexai/product.yaml create mode 100644 mmv1/products/vpcaccess/Connector.yaml delete mode 100644 mmv1/products/vpcaccess/api.yaml create mode 100644 mmv1/products/vpcaccess/product.yaml create mode 100644 mmv1/products/workflows/Workflow.yaml delete mode 100644 mmv1/products/workflows/api.yaml create mode 100644 mmv1/products/workflows/product.yaml create mode 100644 mmv1/products/workstations/Workstation.yaml create mode 100644 mmv1/products/workstations/WorkstationCluster.yaml create mode 100644 mmv1/products/workstations/WorkstationConfig.yaml delete mode 100644 mmv1/products/workstations/api.yaml create mode 100644 mmv1/products/workstations/product.yaml create mode 100644 mmv1/templates/terraform/constants/data_fusion_instance_option.go.erb create mode 100644 mmv1/templates/terraform/custom_expand/datastream_stream_dataset_id.go.erb delete mode 100644 mmv1/templates/terraform/custom_flatten/certificate_manager_certificate_managed_dns_auth.go.erb create mode 100644 mmv1/templates/terraform/examples/access_context_manager_authorized_orgs_desc_basic.tf.erb create mode 100644 mmv1/templates/terraform/examples/datastream_stream_postgresql_bigquery_dataset_id.tf.erb create mode 100644 mmv1/templates/terraform/post_create/sleep_2_min.go.erb create mode 100644 mmv1/third_party/terraform/resources/resource_apigee_flowhook.go create mode 100644 mmv1/third_party/terraform/resources/resource_apigee_sharedflow.go create mode 100644 mmv1/third_party/terraform/resources/resource_apigee_sharedflow_deployment.go create mode 100644 mmv1/third_party/terraform/tests/data_source_google_firebase_web_app_test.go.erb create mode 100644 mmv1/third_party/terraform/tests/resource_access_context_manager_authorized_orgs_desc_test.go create mode 100644 mmv1/third_party/terraform/tests/resource_apigee_flowhook_test.go create mode 100644 mmv1/third_party/terraform/tests/resource_apigee_sharedflow_deployment_test.go create mode 100644 mmv1/third_party/terraform/tests/resource_apigee_sharedflow_sweeper_test.go create mode 100644 mmv1/third_party/terraform/tests/resource_apigee_sharedflow_test.go rename mmv1/third_party/terraform/tests/{resource_bigquery_datapolicy_data_policy_test.go.erb => resource_bigquery_datapolicy_data_policy_test.go} (91%) rename mmv1/third_party/terraform/tests/{resource_compute_per_instance_config_test.go => resource_compute_per_instance_config_test.go.erb} (99%) rename mmv1/third_party/terraform/tests/{resource_compute_region_per_instance_config_test.go => resource_compute_region_per_instance_config_test.go.erb} (99%) create mode 100644 mmv1/third_party/terraform/utils/bootstrap_iam_test.go create mode 100644 mmv1/third_party/terraform/utils/test-fixtures/apigee/apigee_sharedflow_bundle.zip create mode 100644 mmv1/third_party/terraform/utils/test-fixtures/apigee/apigee_sharedflow_bundle2.zip create mode 100644 mmv1/third_party/terraform/website/docs/r/apigee_flowhook.html.markdown create mode 100644 mmv1/third_party/terraform/website/docs/r/apigee_sharedflow.html.markdown create mode 100644 mmv1/third_party/terraform/website/docs/r/apigee_sharedflow_deployment.html.markdown create mode 100644 tpgtools/overrides/dataplex/beta/tpgtools_product.yaml diff --git a/.ci/containers/downstream-builder/generate_downstream.sh b/.ci/containers/downstream-builder/generate_downstream.sh index 31ada2b59705..e0443b8504fa 100755 --- a/.ci/containers/downstream-builder/generate_downstream.sh +++ b/.ci/containers/downstream-builder/generate_downstream.sh @@ -170,10 +170,6 @@ popd pushd $LOCAL_PATH -if [ "$REPO" == "terraform" ]; then - make generate -fi - git config --local user.name "Modular Magician" git config --local user.email "magic-modules@google.com" git add . diff --git a/.ci/gcb-generate-diffs.yml b/.ci/gcb-generate-diffs.yml index d272a3be014e..7b2fe632e9d9 100644 --- a/.ci/gcb-generate-diffs.yml +++ b/.ci/gcb-generate-diffs.yml @@ -255,18 +255,27 @@ availableSecrets: secretManager: - versionName: projects/673497134629/secrets/github-magician-token/versions/latest env: GITHUB_TOKEN - inline: - - kmsKeyName: projects/graphite-docker-images/locations/global/keyRings/environment-keyring/cryptoKeys/ci-project-key - envMap: - GOOGLE_BILLING_ACCOUNT: CiQAis6xrGyvnmGipEEjCQVUzu3o1H4XRJSsp/B8A0IFqwRwnogSPQDOc1nLdG/+VCWpKtYtbEl12+luWkHmOYn/VtkDuMkz3bCj2DNbcuLw2fgvmkha1IjnouGPIah0qLkDmTU= - GOOGLE_CUST_ID: CiQAis6xrAfbX3gtctcnZnt8n5DDZjercDObUGlyN4CqIpWKu5kSMgDOc1nLhLObfpnlhaUxdZ6Aoo38TBtRXoXAW5W4dbdyP+8ILKjtx1+zVL5WV641NM90 - GOOGLE_FIRESTORE_PROJECT: CiQAis6xrGkbSHeyBpgJg7/DkxNbHgqVJn3iaMYL7ybzkvDUzLESQgDOc1nLn0yUyrqLVfEujlbJEO4HDsk+o+6w608UfOXExJ3v3CTL+DwVwhXqIK/Vbo7UIMUyuP+Lu497BlcDIYyOwQ== - GOOGLE_IDENTITY_USER: CiQAis6xrIAUUrjZprRYZbrKhXrJfDbPrS1U70QL0jjgpiasNKUSOwDOc1nLX7ZFC5iLlRrapGh6ochTC81Qdy8z3IU6z4su2KRXp1ZXV6jQMl1FYkowHbM25+3biRPeIgGb - GOOGLE_MASTER_BILLING_ACCOUNT: CiQAis6xrNBeiUd50+56ELaUrfTT3Hdh78S/OP+3CHXbxPVQDecSPQDOc1nLVf8kgra2dt7uuX7pj1nyJR2qBFnzhi7xhJ7hywQouWI3FQCQaXX3MnuCWpYm8wt8Sa1GO1isi08= - GOOGLE_ORG: CiQAis6xrHFon9Jttc+4n2yYzZ92kaX5vPnz80NJrctWOq9BN+USNQDOc1nLiPHtfp1feWj8fS/dg3X9gOKB9NrthAv2BfJq3ZTg2YGNMLKzoYbvnxFigd1TWMbS - GOOGLE_ORG_2: CiQAis6xrLvdsAHjiguVOgyUoWzK5Y6wJ7cXBx68i4zbn6Yoey8SNADOc1nL66f7SmZLL/v6Dosd9+1Q/W7HYLSoVf4IYKGljgd/ifsZ+SV7TF3c+Oa/BdClnz8= - GOOGLE_ORG_DOMAIN: CiQAis6xrGrkuYXv9D9yng1BQ5RIt2vm59GMjKgJd3NU5eQDf/4SSwDOc1nLZlvBClvdGK+BJ69RTnLxa8dgkIQBL2euwFscEcen3fNJGKnQSNldBEXjX7Gb6YfsMe2Hh7cLoHFZddz7TLnbSE/que9jGA== - GOOGLE_PROJECT: CiQAis6xrDDU4Wcxn5s8Y790IMxTUEe2d3SaYEXUGScHfaLjOw8SPwDOc1nLe6Yz0zzA0mcYTsXaeGSFYu7uQ5+QCtTProJWRv2ITrNwCS3AF/kvMCrHvltx7O1CZnJveutlVpZH3w== - GOOGLE_PROJECT_NUMBER: CiQAis6xrI1acdU70fzEoGjhHjY8pkaxe70elqTta/DNunxU/WMSNgDOc1nLcMorWf2UmT286zagIsEBc2uliBqC/95aqG1gMpWY9FA74UY/F//4nf1uQS6CIpbymQ== - GOOGLE_SERVICE_ACCOUNT: CiQAis6xrMybAFX/c/b8yIaJ9eVJeSRnNUDqMIpmiRzE147JKiQSbQDOc1nL37iIT0wK6ih6ftYYrybF0WmaV/b1/loPKwkQ7ESXCrmviHmjAofa4o/B3MlrEOvUE1Kc3Pxzz+Uia/OD6lqpsxbf787UdocfkAkQXRDLEc7Xv01nYHCtRkYHlPrFAAyvietTjbzW+zw= - SA_KEY: CiQAis6xrJPJj2FrHRGSoxdFnHmMYOLcb8bodTGY2irQivi/mG8S6RIAznNZyyOvKEtoxaIkK9riw6o833W5ikZePYPQW2vVe0DX2GMsQya05F5X4WVhnPuWyZvTtBmo47AQUd1yIdlfshxdkLGPZDVZ/KPb926XZQLZkDBGg8r4LndrMAFK0zy01jlXZATMz9iXaK8B9qv1iBfoeDfoariu0CjH5qtKry4v4pWVGkKFk64Rkp72/gDWsoFgXNR123gP81wY4thpdvfHXYI7GMzlYq8KMuMNxYaO3kdziRp+2RZq8NFXVK1m3y+s275IAA52lB8oUpNYalhUvzF3lWoY3XTCaH5DSqPhj4sf3FV/XUfPDoX6M50oIj6EQ9iWjdlWx62m0TiM4kWyXpABT9egZj/hEmoZ2hLjLSOt1trOrBDK6Qv8q9GjO4bfVXbM9lEugjLsmk7aX3q39vX3GWbQzoqp1NoIpMKcL2/EiuvdbrJWEvu3yF2CEQPvYacXBWaVPHe/fdm0rS8lbyQEH/8lS3sus0FjE/t+BGNLxHf3tENMxD9Hi7uBrI0QxS+GYKCBlwQOOAozV4oWboKwjpsSAVOTDIp9aZk11zkAQLVXjpInxzfZk73i3FI6RmbZEd3qhHU0mx0IAw4GBqqvmiA8xIqW9QjUhGl8IAz4t24BON+8a3iXE5g2UxjKl+NM59GwY/zn4IBOGvbKCWsz2JfgflEQLihMt4nrFyai/0E3xWyWiTL13PtT1n1I96wbLCuQFeB8k6f6r9aoSXNGQvSfdGbzgljVMzCrjC3QPzZwGLjK4Xqvt7VoJ9Dx3JUrJPQE6od+Tj4BtELDxd4iLpKzM2zMPprceLm6DnTTOg4/OcrZaEigbW/qveaexspxp0N99MqgdAfnEp9c78P+W4H++fMFV1YWq4yrXoG3YOoJ98mbB1bXRwZSgutWVxXOQpKo+j5WbM7h9ItteO17g5P5R2sSgrtVMFKEQGb/SztvZ3aZsCkwaX9n7Y+FVKAd3n3H5as5dnaZiFLq1DP1iK7veoyL9PSpwLtJJ5eS+Sfddszb1mbxkkNrsHWnvROOQMbr42r0s5CNN3ZtjDn+I6gxtqo10pPeJuv6GShS7aaJfjUYzW1EW7Wu4CzyGtEcPhwlRPDfE5UqNCuTqCgKTECDYKoMWzhK4lrsssGJI13bWyiUA1fi0600K9KhNApbJkBqXz+Efj4sdZaHCST+cigzgbUHb4X/6sFsew8JhTk03dVBPZZPMqUthEoBM3p9EbCj7E7Q4/m9xD33j5ZOprBw0qYuePnU+reJ4N8zl2jwOQyiH7o9XlhxNfgLZ1SmmOLWUaJuy2dVN8AGjvFUOzTjfy/ocKqXTwaKImRXstzTDE5Zqt+xjpkBPD5tot5gbUaXDjWkxEohp0Edt+E4y2VEsO0UMkkr67m/R1laICUhDhGg+ZWLUOuTUcNDpL8ByuEsolBoSzPP3ZoAFahTWLvlmogbhg2XOcWW8c7rvCwjABFYExMXQQIhqRgtoNl5vYavwrcXQRAVPpHqqimhieqFcp6FkzQ+xMYa93CBroosA1kLTmOP5YWuTU4uobszlTTWgncJZHNL+MMFPA2goppSFPBm80Yq7hCNdD1iN9Ua9ZUmQQm/AqA6hBOCqpJUAPqTDGjs9+q2aZBvF1t+ytTJQvZ3UmkTd3pOULvia9JsS0LVvkcrdSlmE3OPKdgNayzxwjVnTap2gwxlOtNNU13RCrpGO6dY/9Ker1bswB23y97ruRQ93NVJBKjLirB0OtKx9nta2WW+MM7iSVrZSQrZaI8qtJwQhIQ3j6TlCsKp0WAbPXMIenqMCMnAU/hj+pmz7XVO5yEtAqs4gt7x90rdXeKhHJO+rdcaDbLjyftk5w3Wb105xLq0Ecjy59eBJ0YeTLj6rt8e0LVIq/3MmYUlFfC7ugCHmvpaLiGSfRCXuqKWlMRutvm1dOQqQAVs4DE6OhFLIz5nZIMcQHrZXM/QJcw9SKJdCIaFtJuJ/MzeiVg979t4Y216kWG+55WiLfsfqL5Nz9wme9wlaSP82VzUfIpOryYYgzmiMc8HDwoUmG0np10+jPkqVF+85J2ftBSwUUEiRwyUgRUG18Uxt1sHQWNmsmzpt4Yiu/aBEmBhwyDOiF2OswQRa/cAC6k1NC5ojSlcXd1PYsxCnAYSkIFnhUEC4PNFum451Q3SjrMTjSFJPI6SQczb8Q2UYiC5pro67pSGHt5QP6IeVpuGaNR9+sekobnMuVWv8KIXt0xaKIQZ1lDp9CloElR9+N8+7pK7cFnpfwcSycy2zSvEr4ZFXwdTsiipKDTHdbidX9dmaxd/xYFqazOqz7pybu4IHJb9uylME15rZylE6TmDQt3RdrBtF/4NjNorikSBcBBRyuwTbIUkG24ylmJ2YvjizLIYNmyHkua0lbZw95Yv/OdWBSSZmgMFmF9yf6+ZOa6l6HvuRRSoAc916ZZtWvg/apEakFUXd8j6I8K0dEToeL+San+imKrlGjr9bNeJIIsPFMdFh7fYTnp0DMplPPunYGBskYB+OUdp2DkoQaCyK9kPkRzuh5OfBxHn+UsgSu7NHthYF2K5ClztJAgCoekmzB0XZdbMTLk4ZNbUfB4SRNHBOWgvfPiz240bqJ7vlGiRVX5P99QE8+1QTvRqZknvXCh3pS5epaJGSAUPV9YKmsndIs+v40vLcyFCw1jiTwD/yqqVNBQ5vWUwKDYXuvh5ojpe8YlWTYbfHEvlmGIOVV+QbV73ZOOMHBt1okTteSmsYQuHh2z39m+6V3qxlPu4A6LDOC2FcXL39sp2aECLWTho7wQlQKg4GVgDK60P7fSvpuv1H9ozfPg0K9loI+utG9QYZNQ0RJ8heGnB30lcGPwUXJg2FRsAqzk29pg+PP7hwYfoVi7/8pD5i+1b2iVR2NaYUdJA/2z7v0pGxPGWtpIVYYZ4xVaTFXj6wUefjTHYq/SZZwHphP1iUpFyL7HfB52KOjohyrYEIpeT1eh+l7jot9aMshIXDOicpVIQiiDpHxZtP3gTrcWXpLUc/QSQIFIaUZioe0D9oIIfXrgo3N7WI01vy73q0DebasnBfDUk96aql11ZWeCQ4F4Yy3gOZJiJs7dmQ4BXoaTNNiFi64gzefSHQPlPBLgotGIhGBcT0xucjSye+UwVVfUiSyvPCeFYLqncp3nM2A+1fLl3Ej42Pr/+3eVFGgyf1LBhDaC9mr+4E04HQadwfjD65dnLNr4= \ No newline at end of file + - versionName: projects/673497134629/secrets/ci-test-billing-account/versions/latest + env: GOOGLE_BILLING_ACCOUNT + - versionName: projects/673497134629/secrets/ci-test-cust-id/versions/latest + env: GOOGLE_CUST_ID + - versionName: projects/673497134629/secrets/ci-test-firestore-project/versions/latest + env: GOOGLE_FIRESTORE_PROJECT + - versionName: projects/673497134629/secrets/ci-test-identity-user/versions/latest + env: GOOGLE_IDENTITY_USER + - versionName: projects/673497134629/secrets/ci-test-master-billing-account/versions/latest + env: GOOGLE_MASTER_BILLING_ACCOUNT + - versionName: projects/673497134629/secrets/ci-test-org/versions/latest + env: GOOGLE_ORG + - versionName: projects/673497134629/secrets/ci-test-org-2/versions/latest + env: GOOGLE_ORG_2 + - versionName: projects/673497134629/secrets/ci-test-org-domain/versions/latest + env: GOOGLE_ORG_DOMAIN + - versionName: projects/673497134629/secrets/ci-test-project/versions/latest + env: GOOGLE_PROJECT + - versionName: projects/673497134629/secrets/ci-test-project-number/versions/latest + env: GOOGLE_PROJECT_NUMBER + - versionName: projects/673497134629/secrets/ci-test-service-account/versions/latest + env: GOOGLE_SERVICE_ACCOUNT + - versionName: projects/673497134629/secrets/ci-test-service-account-key/versions/latest + env: SA_KEY \ No newline at end of file diff --git a/.ci/gcb-push-downstream.yml b/.ci/gcb-push-downstream.yml index 0eb90ea677d3..100c04ffede5 100644 --- a/.ci/gcb-push-downstream.yml +++ b/.ci/gcb-push-downstream.yml @@ -152,8 +152,5 @@ availableSecrets: secretManager: - versionName: projects/673497134629/secrets/github-magician-token/versions/latest env: GITHUB_TOKEN - inline: -# This is the ciphertext of the token, encrypted using the above KMS key. - - kmsKeyName: projects/graphite-docker-images/locations/global/keyRings/environment-keyring/cryptoKeys/ci-project-key - envMap: - GOOGLE_PROJECT: CiQAis6xrDDU4Wcxn5s8Y790IMxTUEe2d3SaYEXUGScHfaLjOw8SPwDOc1nLe6Yz0zzA0mcYTsXaeGSFYu7uQ5+QCtTProJWRv2ITrNwCS3AF/kvMCrHvltx7O1CZnJveutlVpZH3w== + - versionName: projects/673497134629/secrets/ci-test-project/versions/latest + env: GOOGLE_PROJECT diff --git a/docs/content/docs/how-to/add-mmv1-iam.md b/docs/content/docs/how-to/add-mmv1-iam.md index bdaa4c09f829..aa021de8881b 100644 --- a/docs/content/docs/how-to/add-mmv1-iam.md +++ b/docs/content/docs/how-to/add-mmv1-iam.md @@ -102,4 +102,8 @@ annotation can be used. To use it, partially define the resource in the product's `api.yaml` file and apply the annotation. MMv1 won't attempt to generate the resource itself and will only generate IAM resources targeting it. -The IAP product is a good reference for adding these: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iap \ No newline at end of file +For tpgtools/DCL resources, you may need to set the `PRODUCT_BASE_PATH` override +to ensure that MMv1 is the sole library trying to set the base product URL. + +The IAP product is a good reference for adding IAM support to nonexistent resources: +https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/iap diff --git a/docs/content/docs/how-to/add-mmv1-resource.md b/docs/content/docs/how-to/add-mmv1-resource.md index 6be65325b34e..1a4f52b50d87 100644 --- a/docs/content/docs/how-to/add-mmv1-resource.md +++ b/docs/content/docs/how-to/add-mmv1-resource.md @@ -40,7 +40,7 @@ as the following adding support for a `fooBar` field in the API: - !ruby/object:Api::Type::String name: 'fooBar' min_version: beta - input: true + immutable: true description: | The cloud.google.com description of this field. ``` @@ -59,7 +59,7 @@ setting values to `false`, and omit them instead. * `required: true` indicates that a field is required. New top-level fields should not be considered required, as that is a breaking change. Subfields of newly-added optional fields can be added as required. -* `input: true` indicates that a field can only be set when the API resource is +* `immutable: true` indicates that a field can only be set when the API resource is created. Changing the field will force the resource to be recreated. * `output: true` indicates that a field is output-only in the API and cannot be configured by the user. diff --git a/mmv1/api/resource.rb b/mmv1/api/resource.rb index 426e1fcd0c51..10695c8ba5fb 100644 --- a/mmv1/api/resource.rb +++ b/mmv1/api/resource.rb @@ -44,7 +44,7 @@ module Properties # [Optional] If set to true, don't generate the resource. attr_reader :exclude # [Optional] If set to true, the resource is not able to be updated. - attr_reader :input + attr_reader :immutable # [Optional] If set to true, this resource uses an update mask to perform # updates. This is typical of newer GCP APIs. attr_reader :update_mask @@ -244,7 +244,7 @@ def validate check :delete_verb, type: Symbol, default: :DELETE, allowed: %i[POST PUT PATCH DELETE] check :update_verb, type: Symbol, default: :PUT, allowed: %i[POST PUT PATCH] - check :input, type: :boolean + check :immutable, type: :boolean check :min_version, type: String check :has_self_link, type: :boolean, default: false diff --git a/mmv1/api/type.rb b/mmv1/api/type.rb index e0d0822d38d4..b609262609a6 100644 --- a/mmv1/api/type.rb +++ b/mmv1/api/type.rb @@ -37,7 +37,7 @@ module Fields attr_reader :removed_message attr_reader :output # If set value will not be sent to server on sync - attr_reader :input # If set to true value is used only on creation + attr_reader :immutable # If set to true value is used only on creation # url_param_only will not send the field in the resource body and will # not attempt to read the field from the API response. @@ -214,7 +214,7 @@ def validate check :allow_empty_object, type: :boolean check :url_param_only, type: :boolean check :read_query_params, type: ::String - check :input, type: :boolean + check :immutable, type: :boolean raise 'Property cannot be output and required at the same time.' \ if @output && @required diff --git a/mmv1/compiler.rb b/mmv1/compiler.rb index c3cbbc842976..c014c274310c 100755 --- a/mmv1/compiler.rb +++ b/mmv1/compiler.rb @@ -210,24 +210,40 @@ resources = [] Dir["#{product_name}/*"].each do |file_path| next if File.basename(file_path) == 'product.yaml' \ - || File.basename(file_path) == 'terraform.yaml' + || File.basename(file_path) == 'terraform.yaml' \ + || File.extname(file_path) != '.yaml' if override_dir + # Skip if resource will be merged in the override loop resource_override_path = File.join(override_dir, file_path) - res_yaml = if File.exist?(resource_override_path) + next if File.exist?(resource_override_path) + end + res_yaml = File.read(file_path) + resource = Api::Compiler.new(res_yaml).run + resource.validate + resources.push(resource) + end + + if override_dir + ovr_prod_dir = File.join(override_dir, product_name) + Dir["#{ovr_prod_dir}/*"].each do |override_path| + next if File.basename(override_path) == 'product.yaml' \ + || File.basename(override_path) == 'terraform.yaml' \ + || File.extname(override_path) != '.yaml' + + file_path = File.join(product_name, File.basename(override_path)) + res_yaml = if File.exist?(file_path) YAML.load_file(file_path, permitted_classes: allowed_classes) \ .merge(YAML \ - .load_file(resource_override_path, permitted_classes: allowed_classes)) \ + .load_file(override_path, permitted_classes: allowed_classes)) \ .to_yaml else - File.read(file_path) + File.read(override_path) end - else - res_yaml = File.read(file_path) + resource = Api::Compiler.new(res_yaml).run + resource.validate + resources.push(resource) end - resource = Api::Compiler.new(res_yaml).run - resource.validate - resources.push(resource) end product_api.set_variable(resources, 'objects') end diff --git a/mmv1/products/accessapproval/FolderSettings.yaml b/mmv1/products/accessapproval/FolderSettings.yaml index bbb591fb255f..25be34542976 100644 --- a/mmv1/products/accessapproval/FolderSettings.yaml +++ b/mmv1/products/accessapproval/FolderSettings.yaml @@ -28,7 +28,7 @@ description: | ID of the folder of the access approval settings. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/accessapproval/OrganizationSettings.yaml b/mmv1/products/accessapproval/OrganizationSettings.yaml index bffe76756963..46e4196715eb 100644 --- a/mmv1/products/accessapproval/OrganizationSettings.yaml +++ b/mmv1/products/accessapproval/OrganizationSettings.yaml @@ -28,7 +28,7 @@ description: | ID of the organization of the access approval settings. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/accessapproval/ProjectSettings.yaml b/mmv1/products/accessapproval/ProjectSettings.yaml index eebb5bca91eb..a23b9143b714 100644 --- a/mmv1/products/accessapproval/ProjectSettings.yaml +++ b/mmv1/products/accessapproval/ProjectSettings.yaml @@ -28,7 +28,7 @@ description: | ID of the project of the access approval settings. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/accesscontextmanager/AccessLevel.yaml b/mmv1/products/accesscontextmanager/AccessLevel.yaml index 3f63b2b46a7d..40fcd9967dac 100644 --- a/mmv1/products/accesscontextmanager/AccessLevel.yaml +++ b/mmv1/products/accesscontextmanager/AccessLevel.yaml @@ -57,7 +57,7 @@ # This must be done at the provider level. - !ruby/object:Api::Type::String name: parent - input: true + immutable: true required: true description: | The AccessPolicy this AccessLevel lives in. @@ -65,7 +65,7 @@ ignore_read: true - !ruby/object:Api::Type::String name: name - input: true + immutable: true required: true description: | Resource name for the Access Level. The short_name component must begin diff --git a/mmv1/products/accesscontextmanager/AccessLevelCondition.yaml b/mmv1/products/accesscontextmanager/AccessLevelCondition.yaml index 9d5c4d66e35b..a255f6dcfc8a 100644 --- a/mmv1/products/accesscontextmanager/AccessLevelCondition.yaml +++ b/mmv1/products/accesscontextmanager/AccessLevelCondition.yaml @@ -22,7 +22,7 @@ self_link: "{{access_level}}" create_verb: :PATCH delete_verb: :PATCH - input: true + immutable: true update_mask: true identity: - ipSubnetworks @@ -82,7 +82,7 @@ description: | The name of the Access Level to add this condition to. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::Array diff --git a/mmv1/products/accesscontextmanager/AccessLevels.yaml b/mmv1/products/accesscontextmanager/AccessLevels.yaml index a42084891f5a..a308cee9deba 100644 --- a/mmv1/products/accesscontextmanager/AccessLevels.yaml +++ b/mmv1/products/accesscontextmanager/AccessLevels.yaml @@ -46,7 +46,7 @@ # This must be done at the provider level. - !ruby/object:Api::Type::String name: parent - input: true + immutable: true required: true url_param_only: true description: | @@ -63,7 +63,7 @@ properties: - !ruby/object:Api::Type::String name: name - input: true + immutable: true required: true description: | Resource name for the Access Level. The short_name component must begin diff --git a/mmv1/products/accesscontextmanager/AccessPolicy.yaml b/mmv1/products/accesscontextmanager/AccessPolicy.yaml index f5feb2298662..04983e881f29 100644 --- a/mmv1/products/accesscontextmanager/AccessPolicy.yaml +++ b/mmv1/products/accesscontextmanager/AccessPolicy.yaml @@ -63,7 +63,7 @@ parameters: - !ruby/object:Api::Type::String name: parent - input: true + immutable: true required: true description: | The parent of this AccessPolicy in the Cloud Resource Hierarchy. diff --git a/mmv1/products/accesscontextmanager/AuthorizedOrgsDesc.yaml b/mmv1/products/accesscontextmanager/AuthorizedOrgsDesc.yaml new file mode 100644 index 000000000000..ad2b4e07218b --- /dev/null +++ b/mmv1/products/accesscontextmanager/AuthorizedOrgsDesc.yaml @@ -0,0 +1,127 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- !ruby/object:Api::Resource + name: 'AuthorizedOrgsDesc' + base_url: "" + create_url: "{{parent}}/authorizedOrgsDescs" + self_link: "{{name}}" + update_verb: :PATCH + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'gcloud docs': 'https://cloud.google.com/beyondcorp-enterprise/docs/cross-org-authorization' + api: 'https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.authorizedOrgsDescs' + description: | + An authorized organizations description describes a list of organizations + (1) that have been authorized to use certain asset (for example, device) data + owned by different organizations at the enforcement points, or (2) with certain + asset (for example, device) have been authorized to access the resources in + another organization at the enforcement points. + docs: !ruby/object:Provider::Terraform::Docs + warning: | + If you are using User ADCs (Application Default Credentials) with this resource, + you must specify a `billing_project` and set `user_project_override` to true + in the provider configuration. Otherwise the ACM API will return a 403 error. + Your account must have the `serviceusage.services.use` permission on the + `billing_project` you defined. + autogen_async: true + id_format: "{{name}}" + import_format: ["{{name}}"] + examples: + - !ruby/object:Provider::Terraform::Examples + name: "access_context_manager_authorized_orgs_desc_basic" + primary_resource_id: "authorized-orgs-desc" + skip_test: true + # Skipping the sweeper due to the non-standard base_url + skip_sweeper: true + custom_code: !ruby/object:Provider::Terraform::CustomCode + encoder: templates/terraform/encoders/access_level_never_send_parent.go.erb + pre_update: templates/terraform/update_mask.erb + post_create: templates/terraform/post_create/sleep_2_min.go.erb + custom_import: templates/terraform/custom_import/set_access_policy_parent_from_self_link.go.erb + parameters: + - !ruby/object:Api::Type::String + name: parent + immutable: true + required: true + description: | + Required. Resource name for the access policy which owns this `AuthorizedOrgsDesc`. + ignore_read: true + - !ruby/object:Api::Type::String + name: name + immutable: true + required: true + description: | + Resource name for the `AuthorizedOrgsDesc`. Format: + `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. + The `authorized_orgs_desc` component must begin with a letter, followed by + alphanumeric characters or `_`. + After you create an `AuthorizedOrgsDesc`, you cannot change its `name`. + - !ruby/object:Api::Type::Array + name: orgs + description: | + The list of organization ids in this AuthorizedOrgsDesc. + Format: `organizations/` + Example: `organizations/123456` + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: assetType + immutable: true + description: | + The type of entities that need to use the authorization relationship during + evaluation, such as a device. Valid values are "ASSET_TYPE_DEVICE" and + "ASSET_TYPE_CREDENTIAL_STRENGTH". + values: + - :ASSET_TYPE_DEVICE + - :ASSET_TYPE_CREDENTIAL_STRENGTH + - !ruby/object:Api::Type::Enum + name: authorizationDirection + immutable: true + description: | + The direction of the authorization relationship between this organization + and the organizations listed in the "orgs" field. The valid values for this + field include the following: + + AUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic + in the organizations listed in the `orgs` field. + + AUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the `orgs` + field to evaluate the traffic in this organization. + + For the authorization relationship to take effect, all of the organizations + must authorize and specify the appropriate relationship direction. For + example, if organization A authorized organization B and C to evaluate its + traffic, by specifying "AUTHORIZATION_DIRECTION_TO" as the authorization + direction, organizations B and C must specify + "AUTHORIZATION_DIRECTION_FROM" as the authorization direction in their + "AuthorizedOrgsDesc" resource. + values: + - :AUTHORIZATION_DIRECTION_TO + - :AUTHORIZATION_DIRECTION_FROM + - !ruby/object:Api::Type::Enum + name: authorizationType + immutable: true + description: | + A granular control type for authorization levels. Valid value is "AUTHORIZATION_TYPE_TRUST". + values: + - :AUTHORIZATION_TYPE_TRUST + properties: + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + Time the AuthorizedOrgsDesc was created in UTC. + output: true + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: | + Time the AuthorizedOrgsDesc was updated in UTC. + output: true diff --git a/mmv1/products/accesscontextmanager/GcpUserAccessBinding.yaml b/mmv1/products/accesscontextmanager/GcpUserAccessBinding.yaml index 5f267256c90f..9dd848fea78f 100644 --- a/mmv1/products/accesscontextmanager/GcpUserAccessBinding.yaml +++ b/mmv1/products/accesscontextmanager/GcpUserAccessBinding.yaml @@ -45,7 +45,7 @@ # This must be done at the provider level. - !ruby/object:Api::Type::String name: organizationId - input: true + immutable: true required: true url_param_only: true description: | @@ -59,7 +59,7 @@ - !ruby/object:Api::Type::String name: 'groupKey' required: true - input: true + immutable: true description: | Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht" - !ruby/object:Api::Type::Array diff --git a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml index c950043c89fa..c8cdb51051a8 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeter.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeter.yaml @@ -78,7 +78,7 @@ # This must be done at the provider level. - !ruby/object:Api::Type::String name: parent - input: true + immutable: true required: true description: | The AccessPolicy this ServicePerimeter lives in. @@ -86,7 +86,7 @@ ignore_read: true - !ruby/object:Api::Type::String name: name - input: true + immutable: true required: true description: | Resource name for the ServicePerimeter. The short_name component must @@ -137,7 +137,7 @@ - :PERIMETER_TYPE_BRIDGE default_value: :PERIMETER_TYPE_REGULAR custom_flatten: templates/terraform/custom_flatten/default_if_empty.erb - input: true + immutable: true - !ruby/object:Api::Type::NestedObject name: 'status' description: | diff --git a/mmv1/products/accesscontextmanager/ServicePerimeterResource.yaml b/mmv1/products/accesscontextmanager/ServicePerimeterResource.yaml index 211a8d737f75..4d5d8b85943d 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeterResource.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeterResource.yaml @@ -17,7 +17,7 @@ self_link: "{{perimeter_name}}" create_verb: :PATCH delete_verb: :PATCH - input: true + immutable: true update_mask: true identity: - resource @@ -71,7 +71,7 @@ description: | The name of the Service Perimeter to add this resource to. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String @@ -81,4 +81,4 @@ Currently only projects are allowed. Format: projects/{project_number} required: true - input: true + immutable: true diff --git a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml index 82f826ed9648..e7c1eb9b088a 100644 --- a/mmv1/products/accesscontextmanager/ServicePerimeters.yaml +++ b/mmv1/products/accesscontextmanager/ServicePerimeters.yaml @@ -46,7 +46,7 @@ # This must be done at the provider level. - !ruby/object:Api::Type::String name: parent - input: true + immutable: true required: true description: | The AccessPolicy this ServicePerimeter lives in. @@ -62,7 +62,7 @@ properties: - !ruby/object:Api::Type::String name: name - input: true + immutable: true required: true description: | Resource name for the ServicePerimeter. The short_name component must @@ -112,7 +112,7 @@ - :PERIMETER_TYPE_BRIDGE default_value: :PERIMETER_TYPE_REGULAR custom_flatten: templates/terraform/custom_flatten/default_if_empty.erb - input: true + immutable: true - !ruby/object:Api::Type::NestedObject name: 'status' description: | diff --git a/mmv1/products/activedirectory/Domain.yaml b/mmv1/products/activedirectory/Domain.yaml index 378b8c4653fa..b5a6528764fd 100644 --- a/mmv1/products/activedirectory/Domain.yaml +++ b/mmv1/products/activedirectory/Domain.yaml @@ -52,7 +52,7 @@ name: domainName required: true url_param_only: true - input: true + immutable: true description: | The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. @@ -73,7 +73,7 @@ - !ruby/object:Api::Type::String name: 'reservedIpRange' required: true - input: true + immutable: true description: | The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger. Ranges must be unique and non-overlapping with existing subnets in authorizedNetworks @@ -87,7 +87,7 @@ - !ruby/object:Api::Type::String name: 'admin' default_value: 'setupadmin' - input: true + immutable: true description: | The name of delegated administrator account used to perform Active Directory operations. If not specified, setupadmin will be used. diff --git a/mmv1/products/activedirectory/DomainTrust.yaml b/mmv1/products/activedirectory/DomainTrust.yaml index 2e7af5c26141..f198430b0d7c 100644 --- a/mmv1/products/activedirectory/DomainTrust.yaml +++ b/mmv1/products/activedirectory/DomainTrust.yaml @@ -53,7 +53,7 @@ name: domain required: true url_param_only: true - input: true + immutable: true description: | The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains. @@ -65,7 +65,7 @@ - !ruby/object:Api::Type::Enum name: 'trustType' required: true - input: true + immutable: true description: 'The type of trust represented by the trust resource.' values: - FOREST @@ -73,7 +73,7 @@ - !ruby/object:Api::Type::Enum name: 'trustDirection' required: true - input: true + immutable: true description: 'The trust direction, which decides if the current domain is trusted, trusting, or both.' values: - INBOUND @@ -81,7 +81,7 @@ - BIDIRECTIONAL - !ruby/object:Api::Type::Boolean name: 'selectiveAuthentication' - input: true + immutable: true description: | Whether the trusted side has forest/domain wide access or selective access to an approved set of resources. - !ruby/object:Api::Type::Array @@ -93,6 +93,6 @@ - !ruby/object:Api::Type::String name: 'trustHandshakeSecret' required: true - input: true + immutable: true description: | The trust secret used for the handshake with the target domain. This will not be stored. diff --git a/mmv1/products/activedirectory/Peering.yaml b/mmv1/products/activedirectory/Peering.yaml index 9e08d249397e..a4513dd67e8f 100644 --- a/mmv1/products/activedirectory/Peering.yaml +++ b/mmv1/products/activedirectory/Peering.yaml @@ -48,7 +48,7 @@ name: peeringId required: true url_param_only: true - input: true + immutable: true description: "" properties: - !ruby/object:Api::Type::String @@ -62,13 +62,13 @@ - !ruby/object:Api::Type::String name: authorizedNetwork required: true - input: true + immutable: true description: | The full names of the Google Compute Engine networks to which the instance is connected. Caller needs to make sure that CIDR subnets do not overlap between networks, else peering creation will fail. - !ruby/object:Api::Type::String name: domainResource required: true - input: true + immutable: true description: | Full domain resource path for the Managed AD Domain involved in peering. The resource path should be in the form projects/{projectId}/locations/global/domains/{domainName} - !ruby/object:Api::Type::String diff --git a/mmv1/products/alloydb/Backup.yaml b/mmv1/products/alloydb/Backup.yaml index 612782407edb..50dddfd889ca 100644 --- a/mmv1/products/alloydb/Backup.yaml +++ b/mmv1/products/alloydb/Backup.yaml @@ -47,13 +47,13 @@ - !ruby/object:Api::Type::String name: "backupId" required: true - input: true + immutable: true url_param_only: true description: | The ID of the alloydb backup. - !ruby/object:Api::Type::String name: "location" - input: true + immutable: true url_param_only: true description: | The location where the alloydb backup should reside. @@ -72,7 +72,7 @@ name: "clusterName" description: "The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId})." required: true - input: true + immutable: true - !ruby/object:Api::Type::KeyValuePairs name: "labels" description: "User-defined labels for the alloydb backup." @@ -95,7 +95,7 @@ name: "description" description: | User-provided description of the backup. - input: true + immutable: true - !ruby/object:Api::Type::Boolean name: "reconciling" output: true diff --git a/mmv1/products/alloydb/Cluster.yaml b/mmv1/products/alloydb/Cluster.yaml index 2da3ed7b5af0..776763a6ca4a 100644 --- a/mmv1/products/alloydb/Cluster.yaml +++ b/mmv1/products/alloydb/Cluster.yaml @@ -47,13 +47,13 @@ - !ruby/object:Api::Type::String name: "clusterId" required: true - input: true + immutable: true url_param_only: true description: | The ID of the alloydb cluster. - !ruby/object:Api::Type::String name: "location" - input: true + immutable: true url_param_only: true description: | The location where the alloydb cluster should reside. @@ -89,7 +89,7 @@ The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation. - !ruby/object:Api::Type::NestedObject name: "initialUser" - input: true + immutable: true description: | Initial user to setup during cluster creation. properties: @@ -126,7 +126,7 @@ description: "Labels to apply to backups created using this configuration." - !ruby/object:Api::Type::NestedObject name: "weeklySchedule" - input: true + immutable: true required: true description: "Weekly schedule for the Backup." properties: diff --git a/mmv1/products/alloydb/Instance.yaml b/mmv1/products/alloydb/Instance.yaml index d44fb1b59b5f..07a25941537a 100644 --- a/mmv1/products/alloydb/Instance.yaml +++ b/mmv1/products/alloydb/Instance.yaml @@ -50,14 +50,14 @@ Identifies the alloydb cluster. Must be in the format 'projects/{project}/locations/{location}/clusters/{cluster_id}' required: true - input: true + immutable: true resource: 'Cluster' imports: 'name' url_param_only: true - !ruby/object:Api::Type::String name: "instanceId" required: true - input: true + immutable: true url_param_only: true description: | The ID of the alloydb instance. @@ -120,7 +120,7 @@ - !ruby/object:Api::Type::Enum name: "instanceType" required: true - input: true + immutable: true description: | The type of the instance. values: diff --git a/mmv1/products/alloydb/terraform.yaml b/mmv1/products/alloydb/terraform.yaml index c18e4ce05d5a..a3f00a3a59e6 100644 --- a/mmv1/products/alloydb/terraform.yaml +++ b/mmv1/products/alloydb/terraform.yaml @@ -24,6 +24,10 @@ overrides: !ruby/object:Overrides::ResourceOverrides sensitive: true network: !ruby/object:Overrides::Terraform::PropertyOverride diff_suppress_func: "projectNumberDiffSuppress" + automatedBackupPolicy: !ruby/object:Overrides::Terraform::PropertyOverride + default_from_api: true + automatedBackupPolicy.weeklySchedule: !ruby/object:Overrides::Terraform::PropertyOverride + default_from_api: true autogen_async: true examples: - !ruby/object:Provider::Terraform::Examples @@ -76,11 +80,10 @@ overrides: !ruby/object:Overrides::ResourceOverrides alloydb_instance_name: "alloydb-instance" network_name: "alloydb-network" test_vars_overrides: - network_name: 'BootstrapSharedTestNetwork(t, "alloydb")' + network_name: 'BootstrapSharedTestNetwork(t, "alloydb-basic")' ignore_read_extra: - "reconciling" - "update_time" - examples: - !ruby/object:Provider::Terraform::Examples name: "alloydb_backup_full" primary_resource_id: "default" @@ -90,7 +93,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides alloydb_instance_name: "alloydb-instance" network_name: "alloydb-network" test_vars_overrides: - network_name: 'BootstrapSharedTestNetwork(t, "alloydb")' + network_name: 'BootstrapSharedTestNetwork(t, "alloydb-full")' ignore_read_extra: - "reconciling" - "update_time" diff --git a/mmv1/products/apigateway/ApiConfig.yaml b/mmv1/products/apigateway/ApiConfig.yaml index b564f83b9cf0..c0f9e32c68f2 100644 --- a/mmv1/products/apigateway/ApiConfig.yaml +++ b/mmv1/products/apigateway/ApiConfig.yaml @@ -35,13 +35,13 @@ description: | The API to attach the config to. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: apiConfigId description: | Identifier to assign to the API Config. Must be unique within scope of the parent resource(api). - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String @@ -63,7 +63,7 @@ Resource labels to represent user-provided metadata. - !ruby/object:Api::Type::NestedObject name: 'gatewayConfig' - input: true + immutable: true description: | Immutable. Gateway specific configuration. If not specified, backend authentication will be set to use OIDC authentication using the default compute service account @@ -76,7 +76,7 @@ properties: - !ruby/object:Api::Type::String name: 'googleServiceAccount' - input: true + immutable: true required: true description: | Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured @@ -98,13 +98,13 @@ - !ruby/object:Api::Type::String name: 'path' required: true - input: true + immutable: true description: | The file path (full or relative path). This is typically the path of the file when it is uploaded. - !ruby/object:Api::Type::String name: 'contents' required: true - input: true + immutable: true description: | Base64 encoded content of the file. - !ruby/object:Api::Type::Array @@ -121,7 +121,7 @@ - !ruby/object:Api::Type::NestedObject name: 'fileDescriptorSet' required: true - input: true + immutable: true description: | Input only. File descriptor set, generated by protoc. To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. @@ -131,13 +131,13 @@ - !ruby/object:Api::Type::String name: 'path' required: true - input: true + immutable: true description: | The file path (full or relative path). This is typically the path of the file when it is uploaded. - !ruby/object:Api::Type::String name: 'contents' required: true - input: true + immutable: true description: | Base64 encoded content of the file. - !ruby/object:Api::Type::Array @@ -149,13 +149,13 @@ - !ruby/object:Api::Type::String name: 'path' required: true - input: true + immutable: true description: | The file path (full or relative path). This is typically the path of the file when it is uploaded. - !ruby/object:Api::Type::String name: 'contents' required: true - input: true + immutable: true description: | Base64 encoded content of the file. - !ruby/object:Api::Type::Array @@ -170,13 +170,13 @@ - !ruby/object:Api::Type::String name: 'path' required: true - input: true + immutable: true description: | The file path (full or relative path). This is typically the path of the file when it is uploaded. - !ruby/object:Api::Type::String name: 'contents' required: true - input: true + immutable: true description: | Base64 encoded content of the file. diff --git a/mmv1/products/apigateway/ApiResource.yaml b/mmv1/products/apigateway/ApiResource.yaml index 878025360d39..956cbc726c4d 100644 --- a/mmv1/products/apigateway/ApiResource.yaml +++ b/mmv1/products/apigateway/ApiResource.yaml @@ -34,7 +34,7 @@ description: | Identifier to assign to the API. Must be unique within scope of the parent resource(project) required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String @@ -48,7 +48,7 @@ A user-visible name for the API. - !ruby/object:Api::Type::String name: 'managedService' - input: true + immutable: true description: | Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). If not specified, a new Service will automatically be created in the same project as this API. diff --git a/mmv1/products/apigateway/Gateway.yaml b/mmv1/products/apigateway/Gateway.yaml index 823b1ea5d2a3..29407e0cc186 100644 --- a/mmv1/products/apigateway/Gateway.yaml +++ b/mmv1/products/apigateway/Gateway.yaml @@ -33,14 +33,14 @@ name: 'region' description: | The region of the gateway for the API. - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: gatewayId description: | Identifier to assign to the Gateway. Must be unique within scope of the parent resource(project). required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/apigee/AddonsConfig.yaml b/mmv1/products/apigee/AddonsConfig.yaml index 35141b56cc6d..6a7ce8cd0016 100644 --- a/mmv1/products/apigee/AddonsConfig.yaml +++ b/mmv1/products/apigee/AddonsConfig.yaml @@ -47,7 +47,7 @@ description: | Name of the Apigee organization. url_param_only: true - input: true + immutable: true properties: - !ruby/object:Api::Type::NestedObject name: 'addonsConfig' diff --git a/mmv1/products/apigee/EndpointAttachment.yaml b/mmv1/products/apigee/EndpointAttachment.yaml index 613cabba3c11..fbc27ccd053c 100644 --- a/mmv1/products/apigee/EndpointAttachment.yaml +++ b/mmv1/products/apigee/EndpointAttachment.yaml @@ -33,7 +33,7 @@ error: !ruby/object:Api::OpAsync::Error path: 'error' message: 'message' - input: true + immutable: true description: | Apigee Endpoint Attachment. parameters: @@ -43,14 +43,14 @@ The Apigee Organization associated with the Apigee instance, in the format `organizations/{{org_name}}`. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: 'endpointAttachmentId' description: | ID of the endpoint attachment. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/apigee/EnvKeystore.yaml b/mmv1/products/apigee/EnvKeystore.yaml index c13f1d217cc4..68c3c3c66c56 100644 --- a/mmv1/products/apigee/EnvKeystore.yaml +++ b/mmv1/products/apigee/EnvKeystore.yaml @@ -17,7 +17,7 @@ create_url: '{{env_id}}/keystores' delete_url: '{{env_id}}/keystores/{{name}}' self_link: '{{env_id}}/keystores/{{name}}' - input: true + immutable: true description: | An `Environment KeyStore` in Apigee. parameters: @@ -27,13 +27,13 @@ The Apigee environment group associated with the Apigee environment, in the format `organizations/{{org_name}}/environments/{{env_name}}`. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: 'name' description: | The name of the newly created keystore. - input: true + immutable: true properties: - !ruby/object:Api::Type::Array name: 'aliases' diff --git a/mmv1/products/apigee/EnvReferences.yaml b/mmv1/products/apigee/EnvReferences.yaml index 0280a9aad9ea..e1940707567e 100644 --- a/mmv1/products/apigee/EnvReferences.yaml +++ b/mmv1/products/apigee/EnvReferences.yaml @@ -17,7 +17,7 @@ create_url: '{{env_id}}/references/' delete_url: '{{env_id}}/references/{{name}}' self_link: '{{env_id}}/references/{{name}}' - input: true + immutable: true description: | An `Environment Reference` in Apigee. parameters: @@ -27,31 +27,31 @@ The Apigee environment group associated with the Apigee environment, in the format `organizations/{{org_name}}/environments/{{env_name}}`. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String name: 'name' description: | Required. The resource id of this reference. Values must match the regular expression [\w\s-.]+. - input: true + immutable: true required: true - !ruby/object:Api::Type::String name: 'description' description: | Optional. A human-readable description of this reference. - input: true + immutable: true - !ruby/object:Api::Type::String name: 'resourceType' description: | The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'. - input: true + immutable: true required: true - !ruby/object:Api::Type::String name: 'refers' description: | Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType. - input: true + immutable: true required: true references: !ruby/object:Api::Resource::ReferenceLinks guides: diff --git a/mmv1/products/apigee/Envgroup.yaml b/mmv1/products/apigee/Envgroup.yaml index 118b1323e3e3..38a6b91eae2d 100644 --- a/mmv1/products/apigee/Envgroup.yaml +++ b/mmv1/products/apigee/Envgroup.yaml @@ -44,7 +44,7 @@ The Apigee Organization associated with the Apigee environment group, in the format `organizations/{{org_name}}`. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String @@ -52,7 +52,7 @@ description: | The resource ID of the environment group. required: true - input: true + immutable: true - !ruby/object:Api::Type::Array name: 'hostnames' description: | diff --git a/mmv1/products/apigee/EnvgroupAttachment.yaml b/mmv1/products/apigee/EnvgroupAttachment.yaml index ed543dfbea0e..efa5d866a9c1 100644 --- a/mmv1/products/apigee/EnvgroupAttachment.yaml +++ b/mmv1/products/apigee/EnvgroupAttachment.yaml @@ -34,7 +34,7 @@ error: !ruby/object:Api::OpAsync::Error path: 'error' message: 'message' - input: true + immutable: true description: | An `Environment Group attachment` in Apigee. parameters: diff --git a/mmv1/products/apigee/Environment.yaml b/mmv1/products/apigee/Environment.yaml index ebaf2c6d9506..99738c6a14c0 100644 --- a/mmv1/products/apigee/Environment.yaml +++ b/mmv1/products/apigee/Environment.yaml @@ -52,7 +52,7 @@ The Apigee Organization associated with the Apigee environment, in the format `organizations/{{org_name}}`. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String @@ -60,19 +60,19 @@ description: | The resource ID of the environment. required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: 'displayName' description: | Display name of the environment. required: false - input: true + immutable: true - !ruby/object:Api::Type::String name: 'description' description: | Description of the environment. required: false - input: true + immutable: true - !ruby/object:Api::Type::Enum name: 'deploymentType' description: | @@ -87,7 +87,7 @@ - "DEPLOYMENT_TYPE_UNSPECIFIED" - "PROXY" - "ARCHIVE" - input: true + immutable: true - !ruby/object:Api::Type::Enum name: 'apiProxyType' description: | @@ -97,7 +97,7 @@ - "API_PROXY_TYPE_UNSPECIFIED" - "PROGRAMMABLE" - "CONFIGURABLE" - input: true + immutable: true - !ruby/object:Api::Type::NestedObject name: 'nodeConfig' description: | diff --git a/mmv1/products/apigee/Instance.yaml b/mmv1/products/apigee/Instance.yaml index 6ca5a2b60885..b4532befa3ab 100644 --- a/mmv1/products/apigee/Instance.yaml +++ b/mmv1/products/apigee/Instance.yaml @@ -33,7 +33,7 @@ error: !ruby/object:Api::OpAsync::Error path: 'error' message: 'message' - input: true + immutable: true description: | An `Instance` is the runtime dataplane in Apigee. parameters: @@ -43,7 +43,7 @@ The Apigee Organization associated with the Apigee instance, in the format `organizations/{{org_name}}`. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String @@ -84,7 +84,7 @@ description: | Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. Use the following format: `projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)` - input: true + immutable: true - !ruby/object:Api::Type::String name: 'host' description: | diff --git a/mmv1/products/apigee/InstanceAttachment.yaml b/mmv1/products/apigee/InstanceAttachment.yaml index dedf9ae232d9..984b2885880e 100644 --- a/mmv1/products/apigee/InstanceAttachment.yaml +++ b/mmv1/products/apigee/InstanceAttachment.yaml @@ -34,7 +34,7 @@ error: !ruby/object:Api::OpAsync::Error path: 'error' message: 'message' - input: true + immutable: true description: | An `Instance attachment` in Apigee. parameters: diff --git a/mmv1/products/apigee/NatAddress.yaml b/mmv1/products/apigee/NatAddress.yaml index c6647211ff9c..cba5639f0a8c 100644 --- a/mmv1/products/apigee/NatAddress.yaml +++ b/mmv1/products/apigee/NatAddress.yaml @@ -34,7 +34,7 @@ error: !ruby/object:Api::OpAsync::Error path: 'error' message: 'message' - input: true + immutable: true description: | Apigee NAT (network address translation) address. A NAT address is a static external IP address used for Internet egress traffic. This is not avaible for Apigee hybrid. Apigee NAT addresses are not automatically activated because they might require explicit allow entries on the target systems first. See https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses/activate diff --git a/mmv1/products/apigee/Organization.yaml b/mmv1/products/apigee/Organization.yaml index 289c08afa6a5..afa3c658fe05 100644 --- a/mmv1/products/apigee/Organization.yaml +++ b/mmv1/products/apigee/Organization.yaml @@ -43,7 +43,7 @@ description: | The project ID associated with the Apigee organization. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::Enum name: 'retention' @@ -76,7 +76,7 @@ name: 'analyticsRegion' description: | Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). - input: true + immutable: true - !ruby/object:Api::Type::String name: 'authorizedNetwork' description: | @@ -91,7 +91,7 @@ - "CLOUD" - "HYBRID" default_value: :CLOUD - input: true + immutable: true - !ruby/object:Api::Type::String name: 'subscriptionType' description: | @@ -102,7 +102,7 @@ name: 'billingType' description: | Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing). - input: true + immutable: true - !ruby/object:Api::Type::String name: 'caCertificate' description: | @@ -116,7 +116,7 @@ Update is not allowed after the organization is created. If not specified, a Google-Managed encryption key will be used. Valid only when `RuntimeType` is CLOUD. For example: `projects/foo/locations/us/keyRings/bar/cryptoKeys/baz`. - input: true + immutable: true - !ruby/object:Api::Type::NestedObject name: 'properties' description: Properties defined in the Apigee organization profile. diff --git a/mmv1/products/apigee/SyncAuthorization.yaml b/mmv1/products/apigee/SyncAuthorization.yaml index 4d3d2382b745..83eb1929b862 100644 --- a/mmv1/products/apigee/SyncAuthorization.yaml +++ b/mmv1/products/apigee/SyncAuthorization.yaml @@ -28,7 +28,7 @@ description: | Name of the Apigee organization. url_param_only: true - input: true + immutable: true properties: - !ruby/object:Api::Type::Array name: 'identities' diff --git a/mmv1/products/appengine/DomainMapping.yaml b/mmv1/products/appengine/DomainMapping.yaml index 00e573dde5ae..790223e971c9 100644 --- a/mmv1/products/appengine/DomainMapping.yaml +++ b/mmv1/products/appengine/DomainMapping.yaml @@ -56,7 +56,7 @@ name: 'id' description: | Relative name of the domain serving the application. Example: example.com. - input: true + immutable: true required: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/appengine/FlexibleAppVersion.yaml b/mmv1/products/appengine/FlexibleAppVersion.yaml index bd809233d6d7..ab3c833fa8f8 100644 --- a/mmv1/products/appengine/FlexibleAppVersion.yaml +++ b/mmv1/products/appengine/FlexibleAppVersion.yaml @@ -68,7 +68,7 @@ Full path to the Version resource in the API. Example, "v1". - !ruby/object:Api::Type::String name: 'id' - input: true + immutable: true description: | Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,"default", "latest", and any name with the prefix "ah-". diff --git a/mmv1/products/appengine/StandardAppVersion.yaml b/mmv1/products/appengine/StandardAppVersion.yaml index 3f125b8c6ec0..32ba68aaf04f 100644 --- a/mmv1/products/appengine/StandardAppVersion.yaml +++ b/mmv1/products/appengine/StandardAppVersion.yaml @@ -75,7 +75,7 @@ Full path to the Version resource in the API. Example, "v1". - !ruby/object:Api::Type::String name: 'id' - input: true + immutable: true description: | Relative name of the version within the service. For example, `v1`. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,"default", "latest", and any name with the prefix "ah-". - !ruby/object:Api::Type::String diff --git a/mmv1/products/artifactregistry/Repository.yaml b/mmv1/products/artifactregistry/Repository.yaml index 9aa35857e98c..4447b5181986 100644 --- a/mmv1/products/artifactregistry/Repository.yaml +++ b/mmv1/products/artifactregistry/Repository.yaml @@ -46,14 +46,14 @@ The last part of the repository name, for example: "repo1" required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: 'location' description: | The name of the location this repository is located in. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: format @@ -63,7 +63,7 @@ You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: description description: |- @@ -83,7 +83,7 @@ used to encrypt the contents of the Repository. Has the form: `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. This value may not be changed after the Repository has been created. - input: true + immutable: true - !ruby/object:Api::Type::Time name: createTime description: The time when the repository was created. @@ -105,12 +105,12 @@ description: |- The repository with this flag will allow publishing the same snapshot versions. - input: true + immutable: true - !ruby/object:Api::Type::Enum name: 'versionPolicy' description: |- Version policy defines the versions that the registry will accept. - input: true + immutable: true values: - :VERSION_POLICY_UNSPECIFIED - :RELEASE @@ -121,7 +121,7 @@ min_version: beta description: |- The mode configures the repository to serve artifacts from different sources. - input: true + immutable: true values: - :STANDARD_REPOSITORY - :VIRTUAL_REPOSITORY @@ -162,13 +162,13 @@ - virtual_repository_config description: |- Configuration specific for a Remote Repository. - input: true + immutable: true properties: - !ruby/object:Api::Type::String name: 'description' description: |- The description of the remote source. - input: true + immutable: true - !ruby/object:Api::Type::NestedObject name: 'dockerRepository' exactly_one_of: @@ -178,7 +178,7 @@ - remoteRepositoryConfig.0.python_repository description: |- Specific settings for a Docker remote repository. - input: true + immutable: true properties: - !ruby/object:Api::Type::Enum name: 'publicRepository' @@ -186,7 +186,7 @@ - remoteRepositoryConfig.0.docker_repository.0.public_repository description: |- Address of the remote repository. - input: true + immutable: true values: - :DOCKER_HUB default_value: :DOCKER_HUB @@ -199,7 +199,7 @@ - remoteRepositoryConfig.0.python_repository description: |- Specific settings for a Maven remote repository. - input: true + immutable: true properties: - !ruby/object:Api::Type::Enum name: 'publicRepository' @@ -207,7 +207,7 @@ - remoteRepositoryConfig.0.maven_repository.0.public_repository description: |- Address of the remote repository. - input: true + immutable: true values: - :MAVEN_CENTRAL default_value: :MAVEN_CENTRAL @@ -220,7 +220,7 @@ - remoteRepositoryConfig.0.python_repository description: |- Specific settings for an Npm remote repository. - input: true + immutable: true properties: - !ruby/object:Api::Type::Enum name: 'publicRepository' @@ -228,7 +228,7 @@ - remoteRepositoryConfig.0.npm_repository.0.public_repository description: |- Address of the remote repository. - input: true + immutable: true values: - :NPMJS default_value: :NPMJS @@ -241,7 +241,7 @@ - remoteRepositoryConfig.0.python_repository description: |- Specific settings for a Python remote repository. - input: true + immutable: true properties: - !ruby/object:Api::Type::Enum name: 'publicRepository' @@ -249,7 +249,7 @@ - remoteRepositoryConfig.0.python_repository.0.public_repository description: |- Address of the remote repository. - input: true + immutable: true values: - :PYPI default_value: :PYPI diff --git a/mmv1/products/beyondcorp/AppConnection.yaml b/mmv1/products/beyondcorp/AppConnection.yaml index b6a6d33ac6c0..70520ec00713 100644 --- a/mmv1/products/beyondcorp/AppConnection.yaml +++ b/mmv1/products/beyondcorp/AppConnection.yaml @@ -51,7 +51,7 @@ properties: - !ruby/object:Api::Type::String name: 'name' required: true - input: true + immutable: true description: | ID of the AppConnection. url_param_only: true @@ -59,7 +59,7 @@ properties: name: 'region' description: | The region of the AppConnection. - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: 'displayName' @@ -75,7 +75,7 @@ properties: The type of network connectivity used by the AppConnection. Refer to https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type for a list of possible values. - input: true + immutable: true - !ruby/object:Api::Type::NestedObject name: 'applicationEndpoint' description: | diff --git a/mmv1/products/beyondcorp/AppConnector.yaml b/mmv1/products/beyondcorp/AppConnector.yaml index 1665a0f984fb..0d069cf322f2 100644 --- a/mmv1/products/beyondcorp/AppConnector.yaml +++ b/mmv1/products/beyondcorp/AppConnector.yaml @@ -48,7 +48,7 @@ properties: - !ruby/object:Api::Type::String name: 'name' required: true - input: true + immutable: true description: | ID of the AppConnector. url_param_only: true @@ -56,7 +56,7 @@ properties: name: 'region' description: | The region of the AppConnector. - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: 'displayName' diff --git a/mmv1/products/beyondcorp/AppGateway.yaml b/mmv1/products/beyondcorp/AppGateway.yaml index 2d90460319aa..48f756b445c0 100644 --- a/mmv1/products/beyondcorp/AppGateway.yaml +++ b/mmv1/products/beyondcorp/AppGateway.yaml @@ -25,7 +25,7 @@ base_url: projects/{{project}}/locations/{{region}}/appGateways self_link: projects/{{project}}/locations/{{region}}/appGateways/{{name}} create_url: projects/{{project}}/locations/{{region}}/appGateways?app_gateway_id={{name}} # This resources is not updatable -input: true +immutable: true async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation path: 'name' @@ -50,7 +50,7 @@ properties: - !ruby/object:Api::Type::String name: 'name' required: true - input: true + immutable: true description: | ID of the AppGateway. url_param_only: true @@ -58,7 +58,7 @@ properties: name: 'region' description: | The region of the AppGateway. - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::Enum name: 'type' diff --git a/mmv1/products/bigquery/Dataset.yaml b/mmv1/products/bigquery/Dataset.yaml index 65b644308860..eb9e6dc6d1df 100644 --- a/mmv1/products/bigquery/Dataset.yaml +++ b/mmv1/products/bigquery/Dataset.yaml @@ -161,7 +161,7 @@ properties: name: 'datasetReference' description: 'A reference that identifies the dataset.' required: true - input: true + immutable: true properties: - !ruby/object:Api::Type::String name: 'datasetId' @@ -170,11 +170,11 @@ properties: must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: 'projectId' description: The ID of the project containing this dataset. - input: true + immutable: true - !ruby/object:Api::Type::Integer name: 'defaultTableExpirationMs' description: | diff --git a/mmv1/products/bigquery/DatasetAccess.yaml b/mmv1/products/bigquery/DatasetAccess.yaml index fa7f1aa326cb..869d3dead0d3 100644 --- a/mmv1/products/bigquery/DatasetAccess.yaml +++ b/mmv1/products/bigquery/DatasetAccess.yaml @@ -13,7 +13,7 @@ --- !ruby/object:Api::Resource name: 'DatasetAccess' -input: true +immutable: true base_url: projects/{{project}}/datasets/{{dataset_id}} self_link: projects/{{project}}/datasets/{{dataset_id}} create_verb: :PATCH diff --git a/mmv1/products/bigquery/Job.yaml b/mmv1/products/bigquery/Job.yaml index b4f43187dc50..bf54854735f0 100644 --- a/mmv1/products/bigquery/Job.yaml +++ b/mmv1/products/bigquery/Job.yaml @@ -16,7 +16,7 @@ name: 'Job' kind: 'bigquery#job' base_url: projects/{{project}}/jobs self_link: projects/{{project}}/jobs/{{job_id}}?location={{location}} -input: true +immutable: true description: | Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data. Once a BigQuery job is created, it cannot be changed or deleted. diff --git a/mmv1/products/bigquery/Routine.yaml b/mmv1/products/bigquery/Routine.yaml index a504c23201bd..016e82d82d2b 100644 --- a/mmv1/products/bigquery/Routine.yaml +++ b/mmv1/products/bigquery/Routine.yaml @@ -32,22 +32,22 @@ properties: name: 'datasetId' description: The ID of the dataset containing this routine required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: 'projectId' description: The ID of the project containing this routine required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: 'routineId' description: The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters. required: true - input: true + immutable: true - !ruby/object:Api::Type::Enum name: 'routineType' - input: true + immutable: true description: The type of routine. values: - :SCALAR_FUNCTION diff --git a/mmv1/products/bigquery/terraform.yaml b/mmv1/products/bigquery/terraform.yaml index c36e52f44c87..57db5702b920 100644 --- a/mmv1/products/bigquery/terraform.yaml +++ b/mmv1/products/bigquery/terraform.yaml @@ -84,7 +84,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides id: !ruby/object:Overrides::Terraform::PropertyOverride exclude: true location: !ruby/object:Overrides::Terraform::PropertyOverride - input: true + immutable: true custom_flatten: templates/terraform/custom_flatten/bigquery_dataset_location.go.erb diff_suppress_func: 'caseDiffSuppress' name: !ruby/object:Overrides::Terraform::PropertyOverride @@ -93,6 +93,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides default_from_api: true maxTimeTravelHours: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true + friendlyName: !ruby/object:Overrides::Terraform::PropertyOverride + send_empty_value: true custom_code: !ruby/object:Provider::Terraform::CustomCode constants: templates/terraform/constants/bigquery_dataset.go.erb docs: !ruby/object:Provider::Terraform::Docs diff --git a/mmv1/products/bigqueryanalyticshub/DataExchange.yaml b/mmv1/products/bigqueryanalyticshub/DataExchange.yaml index 826dc74f4ac7..8d1a096c29db 100644 --- a/mmv1/products/bigqueryanalyticshub/DataExchange.yaml +++ b/mmv1/products/bigqueryanalyticshub/DataExchange.yaml @@ -41,14 +41,14 @@ properties: description: |- The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: "location" description: | The name of the location this data exchange. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: displayName diff --git a/mmv1/products/bigqueryanalyticshub/Listing.yaml b/mmv1/products/bigqueryanalyticshub/Listing.yaml index 07e1ac8c9168..1b37b7d77014 100644 --- a/mmv1/products/bigqueryanalyticshub/Listing.yaml +++ b/mmv1/products/bigqueryanalyticshub/Listing.yaml @@ -40,21 +40,21 @@ properties: description: |- The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: listing_id description: |- The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: "location" description: | The name of the location this data exchange listing. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: displayName diff --git a/mmv1/products/bigqueryconnection/Connection.yaml b/mmv1/products/bigqueryconnection/Connection.yaml index 17b61e5e6170..bf85b48754bb 100644 --- a/mmv1/products/bigqueryconnection/Connection.yaml +++ b/mmv1/products/bigqueryconnection/Connection.yaml @@ -36,11 +36,11 @@ properties: description: | Optional connection id that should be assigned to the created connection. required: false - input: true + immutable: true - !ruby/object:Api::Type::String name: 'location' required: false - input: true + immutable: true url_param_only: true description: |- The geographic location where the connection should reside. diff --git a/mmv1/products/bigquerydatapolicy/DataPolicy.yaml b/mmv1/products/bigquerydatapolicy/DataPolicy.yaml index 457678bdb5a1..8d3dec473210 100644 --- a/mmv1/products/bigquerydatapolicy/DataPolicy.yaml +++ b/mmv1/products/bigquerydatapolicy/DataPolicy.yaml @@ -11,9 +11,9 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- !ruby/object:Api::Resource +--- +!ruby/object:Api::Resource name: "DataPolicy" -min_version: beta base_url: projects/{{project}}/locations/{{location}}/dataPolicies create_url: projects/{{project}}/locations/{{location}}/dataPolicies self_link: projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} @@ -32,7 +32,7 @@ iam_policy: !ruby/object:Api::Resource::IamPolicy import_format: [ "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}", - "{{data_policy_id}}" + "{{data_policy_id}}", ] properties: - !ruby/object:Api::Type::String @@ -45,13 +45,13 @@ properties: description: |- User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: location description: | The name of the location of the data policy. required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: policyTag @@ -84,4 +84,3 @@ properties: - :FIRST_FOUR_CHARACTERS - :EMAIL_MASK - :DATE_YEAR_MASK - diff --git a/mmv1/products/bigquerydatapolicy/product.yaml b/mmv1/products/bigquerydatapolicy/product.yaml index 1663467bc8d0..3e082fe29a34 100644 --- a/mmv1/products/bigquerydatapolicy/product.yaml +++ b/mmv1/products/bigquerydatapolicy/product.yaml @@ -21,6 +21,9 @@ versions: - !ruby/object:Api::Product::Version name: beta base_url: https://bigquerydatapolicy.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://bigquerydatapolicy.googleapis.com/v1/ apis_required: - !ruby/object:Api::Product::ApiReference name: BigQuery Data Policy API diff --git a/mmv1/products/bigquerydatapolicy/terraform.yaml b/mmv1/products/bigquerydatapolicy/terraform.yaml index 90763c880703..1419ad1a3106 100644 --- a/mmv1/products/bigquerydatapolicy/terraform.yaml +++ b/mmv1/products/bigquerydatapolicy/terraform.yaml @@ -20,12 +20,11 @@ overrides: !ruby/object:Overrides::ResourceOverrides [ "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}", "{{project}}/{{location}}/{{data_policy_id}}", - "{{location}}/{{data_policy_id}}" + "{{location}}/{{data_policy_id}}", ] examples: - !ruby/object:Provider::Terraform::Examples name: "bigquery_datapolicy_data_policy_basic" - min_version: beta primary_resource_id: "data_policy" primary_resource_name: 'fmt.Sprintf("tf_test_data_policy%s", context["random_suffix"])' vars: diff --git a/mmv1/products/bigquerydatatransfer/Config.yaml b/mmv1/products/bigquerydatatransfer/Config.yaml index 5e603b6bf574..c0e94761fbce 100644 --- a/mmv1/products/bigquerydatatransfer/Config.yaml +++ b/mmv1/products/bigquerydatatransfer/Config.yaml @@ -30,7 +30,7 @@ parameters: - !ruby/object:Api::Type::String name: 'location' url_param_only: true - input: true + immutable: true default_value: US description: | The geographic location where the transfer config should reside. @@ -41,7 +41,7 @@ parameters: # The API would support PATCHing the service account, but setting the # update_mask accordingly for a url_param_only is currently not # supported in magic-modules - input: true + immutable: true default_value: '' description: | Service account email. If this field is set, transfer config will @@ -67,7 +67,7 @@ properties: The BigQuery target dataset id. - !ruby/object:Api::Type::String name: 'dataSourceId' - input: true + immutable: true required: true description: | The data source id. Cannot be changed once the transfer config is created. diff --git a/mmv1/products/bigqueryreservation/CapacityCommitment.yaml b/mmv1/products/bigqueryreservation/CapacityCommitment.yaml index 6e34734d929e..c56ef0740272 100644 --- a/mmv1/products/bigqueryreservation/CapacityCommitment.yaml +++ b/mmv1/products/bigqueryreservation/CapacityCommitment.yaml @@ -30,7 +30,7 @@ parameters: - !ruby/object:Api::Type::String name: 'capacityCommitmentId' url_param_only: true - input: true + immutable: true description: | The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is empty. This field must only contain lower case alphanumeric characters or dashes. The first and last character @@ -39,7 +39,7 @@ parameters: - !ruby/object:Api::Type::String name: 'location' url_param_only: true - input: true + immutable: true default_value: US description: | The geographic location where the transfer config should reside. @@ -47,7 +47,7 @@ parameters: - !ruby/object:Api::Type::String name: 'enforceSingleAdminProjectPerOrg' url_param_only: true - input: true + immutable: true description: | If true, fail the request if another project in the organization has a capacity commitment. properties: @@ -59,7 +59,7 @@ properties: - !ruby/object:Api::Type::Integer name: 'slotCount' required: true - input: true + immutable: true description: | Number of slots in this commitment. - !ruby/object:Api::Type::String diff --git a/mmv1/products/bigqueryreservation/Reservation.yaml b/mmv1/products/bigqueryreservation/Reservation.yaml index 98a1d8683c7b..3b7bdd04d150 100644 --- a/mmv1/products/bigqueryreservation/Reservation.yaml +++ b/mmv1/products/bigqueryreservation/Reservation.yaml @@ -27,7 +27,7 @@ parameters: - !ruby/object:Api::Type::String name: 'location' url_param_only: true - input: true + immutable: true default_value: US description: | The geographic location where the transfer config should reside. @@ -35,7 +35,7 @@ parameters: - !ruby/object:Api::Type::String name: 'name' url_param_only: true - input: true + immutable: true required: true description: | The name of the reservation. This field must only contain alphanumeric characters or dash. diff --git a/mmv1/products/bigtable/AppProfile.yaml b/mmv1/products/bigtable/AppProfile.yaml index f04c29e7d2e5..dfff10267e70 100644 --- a/mmv1/products/bigtable/AppProfile.yaml +++ b/mmv1/products/bigtable/AppProfile.yaml @@ -30,12 +30,12 @@ parameters: name: 'appProfileId' description: 'The unique name of the app profile in the form `[_a-zA-Z0-9][-_.a-zA-Z0-9]*`.' required: true - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::String name: 'instance' description: 'The name of the instance to create the app profile within.' - input: true + immutable: true url_param_only: true - !ruby/object:Api::Type::Boolean name: 'ignoreWarnings' diff --git a/mmv1/products/billingbudget/Budget.yaml b/mmv1/products/billingbudget/Budget.yaml index 47dfd0d4b88b..01ed02d72370 100644 --- a/mmv1/products/billingbudget/Budget.yaml +++ b/mmv1/products/billingbudget/Budget.yaml @@ -30,7 +30,7 @@ parameters: description: | ID of the billing account to set a budget on. required: true - input: true + immutable: true url_param_only: true properties: - !ruby/object:Api::Type::String diff --git a/mmv1/products/binaryauthorization/Attestor.yaml b/mmv1/products/binaryauthorization/Attestor.yaml index 0961bd8ec985..b3ab1b53581d 100644 --- a/mmv1/products/binaryauthorization/Attestor.yaml +++ b/mmv1/products/binaryauthorization/Attestor.yaml @@ -32,7 +32,7 @@ properties: description: | The resource name. required: true - input: true + immutable: true - !ruby/object:Api::Type::String name: description description: | @@ -55,7 +55,7 @@ properties: ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. required: true - input: true + immutable: true - !ruby/object:Api::Type::Array name: publicKeys description: | diff --git a/mmv1/products/certificatemanager/Certificate.yaml b/mmv1/products/certificatemanager/Certificate.yaml new file mode 100644 index 000000000000..5125a0a240d5 --- /dev/null +++ b/mmv1/products/certificatemanager/Certificate.yaml @@ -0,0 +1,191 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Certificate' +base_url: 'projects/{{project}}/locations/global/certificates' +create_url: 'projects/{{project}}/locations/global/certificates?certificateId={{name}}' +self_link: 'projects/{{project}}/locations/global/certificates/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + Certificate represents a HTTP-reachable backend for a Certificate. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + A user-defined name of the certificate. Certificate names must be unique + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'Set of label tags associated with the Certificate resource.' + - !ruby/object:Api::Type::String + name: scope + immutable: true + description: | + The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + default_value: DEFAULT + - !ruby/object:Api::Type::NestedObject + name: selfManaged + immutable: true + exactly_one_of: + - self_managed + - managed + description: | + Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + - !ruby/object:Api::Type::String + name: certificatePem + exactly_one_of: + - self_managed.0.certificate_pem + - self_managed.0.pem_certificate + deprecation_message: "Deprecated in favor of `pem_certificate`" + description: | + **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + - !ruby/object:Api::Type::String + name: privateKeyPem + exactly_one_of: + - self_managed.0.private_key_pem + - self_managed.0.pem_private_key + deprecation_message: "Deprecated in favor of `pem_private_key`" + description: | + **Deprecated** The private key of the leaf certificate in PEM-encoded form. + - !ruby/object:Api::Type::String + name: pemCertificate + exactly_one_of: + - self_managed.0.certificate_pem + - self_managed.0.pem_certificate + description: | + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + - !ruby/object:Api::Type::String + name: pemPrivateKey + exactly_one_of: + - self_managed.0.private_key_pem + - self_managed.0.pem_private_key + description: | + The private key of the leaf certificate in PEM-encoded form. + - !ruby/object:Api::Type::NestedObject + name: managed + immutable: true + exactly_one_of: + - self_managed + - managed + description: | + Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + - !ruby/object:Api::Type::Array + name: domains + immutable: true + description: | + The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: dnsAuthorizations + immutable: true + description: | + Authorizations that will be used for performing domain authorization + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + A state of this Managed Certificate. + - !ruby/object:Api::Type::NestedObject + name: 'provisioningIssue' + output: true + description: | + Information about issues with provisioning this Managed Certificate. + properties: + - !ruby/object:Api::Type::String + name: 'reason' + output: true + description: | + Reason for provisioning failures. + - !ruby/object:Api::Type::String + name: details + output: true + description: | + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use `reason` field. + - !ruby/object:Api::Type::Array + name: 'authorizationAttemptInfo' + output: true + description: | + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: domain + output: true + description: | + Domain name of the authorization attempt. + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + State of the domain for managed certificate issuance. + - !ruby/object:Api::Type::String + name: 'failureReason' + output: true + description: | + Reason for failure of the authorization attempt for the domain. + - !ruby/object:Api::Type::String + name: details + output: true + description: | + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use `failure_reason` field. diff --git a/mmv1/products/certificatemanager/CertificateMap.yaml b/mmv1/products/certificatemanager/CertificateMap.yaml new file mode 100644 index 000000000000..1e78d1e296f0 --- /dev/null +++ b/mmv1/products/certificatemanager/CertificateMap.yaml @@ -0,0 +1,106 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CertificateMap' +base_url: 'projects/{{project}}/locations/global/certificateMaps' +create_url: 'projects/{{project}}/locations/global/certificateMaps?certificateMapId={{name}}' +self_link: 'projects/{{project}}/locations/global/certificateMaps/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + CertificateMap defines a collection of certificate configurations, + which are usable by any associated target proxies +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/global/certificateMaps/{{name}} + description: | + A user-defined name of the Certificate Map. Certificate Map names must be unique + globally and match the pattern `projects/*/locations/*/certificateMaps/*`. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: | + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Set of labels associated with a Certificate Map resource. + - !ruby/object:Api::Type::Array + name: 'gclbTargets' + description: | + A list of target proxies that use this Certificate Map + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'ipConfigs' + description: | + An IP configuration where this Certificate Map is serving + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipAddress' + description : | + An external IP address + - !ruby/object:Api::Type::Array + name: 'ports' + description : | + A list of ports + item_type: Api::Type::Integer + - !ruby/object:Api::Type::String + name: 'targetHttpsProxy' + description: | + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field `target_proxy`: Only one of `targetHttpsProxy` or + `targetSslProxy` may be set. + - !ruby/object:Api::Type::String + name: 'targetSslProxy' + description: | + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field `target_proxy`: Only one of `targetHttpsProxy` or + `targetSslProxy` may be set. diff --git a/mmv1/products/certificatemanager/CertificateMapEntry.yaml b/mmv1/products/certificatemanager/CertificateMapEntry.yaml new file mode 100644 index 000000000000..a3609483a935 --- /dev/null +++ b/mmv1/products/certificatemanager/CertificateMapEntry.yaml @@ -0,0 +1,116 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource + name: 'CertificateMapEntry' + base_url: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries' + create_url: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries?certificateMapEntryId={{name}}' + self_link: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries/{{name}}' + update_verb: :PATCH + update_mask: true + description: | + CertificateMapEntry is a list of certificate configurations, + that have been issued for a particular hostname + async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'state' + complete: 'ACTIVE' + allowed: + - 'PENDING' + - 'ACTIVE' + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + # url_param_only: true + description: | + A user-defined name of the Certificate Map Entry. Certificate Map Entry + names must be unique globally and match pattern + 'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*' + - !ruby/object:Api::Type::ResourceRef + name: 'map' + required: true + immutable: true + url_param_only: true + imports: 'name' + resource: 'CertificateMap' + description: | + A map entry that is inputted into the cetrificate map + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: | + Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Set of labels associated with a Certificate Map Entry. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::Array + name: 'certificates' + required: true + description: | + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + A serving state of this Certificate Map Entry. + - !ruby/object:Api::Type::String + name: 'hostname' + immutable: true + description: | + A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + exactly_one_of: + - hostname + - matcher + - !ruby/object:Api::Type::String + name: 'matcher' + immutable: true + exactly_one_of: + - hostname + - matcher + description: | + A predefined matcher for particular cases, other than SNI selection + + diff --git a/mmv1/products/certificatemanager/DnsAuthorization.yaml b/mmv1/products/certificatemanager/DnsAuthorization.yaml new file mode 100644 index 000000000000..94e1fc5f4f3b --- /dev/null +++ b/mmv1/products/certificatemanager/DnsAuthorization.yaml @@ -0,0 +1,88 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DnsAuthorization' +base_url: 'projects/{{project}}/locations/global/dnsAuthorizations' +create_url: 'projects/{{project}}/locations/global/dnsAuthorizations?dnsAuthorizationId={{name}}' +self_link: 'projects/{{project}}/locations/global/dnsAuthorizations/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + DnsAuthorization represents a HTTP-reachable backend for a DnsAuthorization. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'Set of label tags associated with the DNS Authorization resource.' + - !ruby/object:Api::Type::String + name: 'domain' + immutable: true + required: true + description: | + A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + - !ruby/object:Api::Type::NestedObject + name: 'dnsResourceRecord' + output: true + description: | + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + Fully qualified name of the DNS Resource Record. + E.g. `_acme-challenge.example.com`. + - !ruby/object:Api::Type::String + name: 'type' + output: true + description: | + Type of the DNS Resource Record. + - !ruby/object:Api::Type::String + name: 'data' + output: true + description: | + Data of the DNS Resource Record. diff --git a/mmv1/products/certificatemanager/api.yaml b/mmv1/products/certificatemanager/api.yaml deleted file mode 100644 index 7d4e22f6f891..000000000000 --- a/mmv1/products/certificatemanager/api.yaml +++ /dev/null @@ -1,475 +0,0 @@ -# Copyright 2021 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CertificateManager -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://certificatemanager.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://certificatemanager.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-identity -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Network Services API - url: https://console.cloud.google.com/apis/library/certificatemanager.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'DnsAuthorization' - base_url: 'projects/{{project}}/locations/global/dnsAuthorizations' - create_url: 'projects/{{project}}/locations/global/dnsAuthorizations?dnsAuthorizationId={{name}}' - self_link: 'projects/{{project}}/locations/global/dnsAuthorizations/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - DnsAuthorization represents a HTTP-reachable backend for a DnsAuthorization. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - url_param_only: true - description: | - Name of the resource; provided by the client when the resource is created. - The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, - and all following characters must be a dash, underscore, letter or digit. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'Set of label tags associated with the DNS Authorization resource.' - - !ruby/object:Api::Type::String - name: 'domain' - input: true - required: true - description: | - A domain which is being authorized. A DnsAuthorization resource covers a - single domain and its wildcard, e.g. authorization for "example.com" can - be used to issue certificates for "example.com" and "*.example.com". - - !ruby/object:Api::Type::NestedObject - name: 'dnsResourceRecord' - output: true - description: | - The structure describing the DNS Resource Record that needs to be added - to DNS configuration for the authorization to be usable by - certificate. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - Fully qualified name of the DNS Resource Record. - E.g. `_acme-challenge.example.com`. - - !ruby/object:Api::Type::String - name: 'type' - output: true - description: | - Type of the DNS Resource Record. - - !ruby/object:Api::Type::String - name: 'data' - output: true - description: | - Data of the DNS Resource Record. - - !ruby/object:Api::Resource - name: 'Certificate' - base_url: 'projects/{{project}}/locations/global/certificates' - create_url: 'projects/{{project}}/locations/global/certificates?certificateId={{name}}' - self_link: 'projects/{{project}}/locations/global/certificates/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - Certificate represents a HTTP-reachable backend for a Certificate. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - url_param_only: true - description: | - A user-defined name of the certificate. Certificate names must be unique - The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, - and all following characters must be a dash, underscore, letter or digit. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'Set of label tags associated with the Certificate resource.' - - !ruby/object:Api::Type::String - name: scope - input: true - description: | - The scope of the certificate. - - DEFAULT: Certificates with default scope are served from core Google data centers. - If unsure, choose this option. - - EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, - served from non-core Google data centers. - Currently allowed only for managed certificates. - default_value: DEFAULT - - !ruby/object:Api::Type::NestedObject - name: selfManaged - input: true - exactly_one_of: - - self_managed - - managed - description: | - Certificate data for a SelfManaged Certificate. - SelfManaged Certificates are uploaded by the user. Updating such - certificates before they expire remains the user's responsibility. - properties: - - !ruby/object:Api::Type::String - name: certificatePem - exactly_one_of: - - self_managed.0.certificate_pem - - self_managed.0.pem_certificate - deprecation_message: "Deprecated in favor of `pem_certificate`" - description: | - **Deprecated** The certificate chain in PEM-encoded form. - - Leaf certificate comes first, followed by intermediate ones if any. - - !ruby/object:Api::Type::String - name: privateKeyPem - exactly_one_of: - - self_managed.0.private_key_pem - - self_managed.0.pem_private_key - deprecation_message: "Deprecated in favor of `pem_private_key`" - description: | - **Deprecated** The private key of the leaf certificate in PEM-encoded form. - - !ruby/object:Api::Type::String - name: pemCertificate - exactly_one_of: - - self_managed.0.certificate_pem - - self_managed.0.pem_certificate - description: | - The certificate chain in PEM-encoded form. - - Leaf certificate comes first, followed by intermediate ones if any. - - !ruby/object:Api::Type::String - name: pemPrivateKey - exactly_one_of: - - self_managed.0.private_key_pem - - self_managed.0.pem_private_key - description: | - The private key of the leaf certificate in PEM-encoded form. - - !ruby/object:Api::Type::NestedObject - name: managed - input: true - exactly_one_of: - - self_managed - - managed - description: | - Configuration and state of a Managed Certificate. - Certificate Manager provisions and renews Managed Certificates - automatically, for as long as it's authorized to do so. - properties: - - !ruby/object:Api::Type::Array - name: domains - input: true - description: | - The domains for which a managed SSL certificate will be generated. - Wildcard domains are only supported with DNS challenge resolution - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: dnsAuthorizations - input: true - description: | - Authorizations that will be used for performing domain authorization - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - A state of this Managed Certificate. - - !ruby/object:Api::Type::NestedObject - name: 'provisioningIssue' - output: true - description: | - Information about issues with provisioning this Managed Certificate. - properties: - - !ruby/object:Api::Type::String - name: 'reason' - output: true - description: | - Reason for provisioning failures. - - !ruby/object:Api::Type::String - name: details - output: true - description: | - Human readable explanation about the issue. Provided to help address - the configuration issues. - Not guaranteed to be stable. For programmatic access use `reason` field. - - !ruby/object:Api::Type::Array - name: 'authorizationAttemptInfo' - output: true - description: | - Detailed state of the latest authorization attempt for each domain - specified for this Managed Certificate. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: domain - output: true - description: | - Domain name of the authorization attempt. - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - State of the domain for managed certificate issuance. - - !ruby/object:Api::Type::String - name: 'failureReason' - output: true - description: | - Reason for failure of the authorization attempt for the domain. - - !ruby/object:Api::Type::String - name: details - output: true - description: | - Human readable explanation for reaching the state. Provided to help - address the configuration issues. - Not guaranteed to be stable. For programmatic access use `failure_reason` field. - - !ruby/object:Api::Resource - name: 'CertificateMap' - base_url: 'projects/{{project}}/locations/global/certificateMaps' - create_url: 'projects/{{project}}/locations/global/certificateMaps?certificateMapId={{name}}' - self_link: 'projects/{{project}}/locations/global/certificateMaps/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - CertificateMap defines a collection of certificate configurations, - which are usable by any associated target proxies - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/global/certificateMaps/{{name}} - description: | - A user-defined name of the Certificate Map. Certificate Map names must be unique - globally and match the pattern `projects/*/locations/*/certificateMaps/*`. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, - accurate to nanoseconds with up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::Time - name: 'updateTime' - description: | - Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, - accurate to nanoseconds with up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Set of labels associated with a Certificate Map resource. - - !ruby/object:Api::Type::Array - name: 'gclbTargets' - description: | - A list of target proxies that use this Certificate Map - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'ipConfigs' - description: | - An IP configuration where this Certificate Map is serving - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipAddress' - description : | - An external IP address - - !ruby/object:Api::Type::Array - name: 'ports' - description : | - A list of ports - item_type: Api::Type::Integer - - !ruby/object:Api::Type::String - name: 'targetHttpsProxy' - description: | - Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. - This field is part of a union field `target_proxy`: Only one of `targetHttpsProxy` or - `targetSslProxy` may be set. - - !ruby/object:Api::Type::String - name: 'targetSslProxy' - description: | - Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. - This field is part of a union field `target_proxy`: Only one of `targetHttpsProxy` or - `targetSslProxy` may be set. - - !ruby/object:Api::Resource - name: 'CertificateMapEntry' - base_url: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries' - create_url: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries?certificateMapEntryId={{name}}' - self_link: 'projects/{{project}}/locations/global/certificateMaps/{{map}}/certificateMapEntries/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - CertificateMapEntry is a list of certificate configurations, - that have been issued for a particular hostname - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'state' - complete: 'ACTIVE' - allowed: - - 'PENDING' - - 'ACTIVE' - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - # url_param_only: true - description: | - A user-defined name of the Certificate Map Entry. Certificate Map Entry - names must be unique globally and match pattern - 'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*' - - !ruby/object:Api::Type::ResourceRef - name: 'map' - required: true - input: true - url_param_only: true - imports: 'name' - resource: 'CertificateMap' - description: | - A map entry that is inputted into the cetrificate map - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, - with nanosecond resolution and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::Time - name: 'updateTime' - description: | - Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, - with nanosecond resolution and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Set of labels associated with a Certificate Map Entry. - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::Array - name: 'certificates' - required: true - description: | - A set of Certificates defines for the given hostname. - There can be defined up to fifteen certificates in each Certificate Map Entry. - Each certificate must match pattern projects/*/locations/*/certificates/*. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - A serving state of this Certificate Map Entry. - - !ruby/object:Api::Type::String - name: 'hostname' - description: | - A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) - for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for - selecting a proper certificate. - exactly_one_of: - - hostname - - matcher - - !ruby/object:Api::Type::String - name: 'matcher' - exactly_one_of: - - hostname - - matcher - description: | - A predefined matcher for particular cases, other than SNI selection - diff --git a/mmv1/products/certificatemanager/product.yaml b/mmv1/products/certificatemanager/product.yaml new file mode 100644 index 000000000000..5753577bcc35 --- /dev/null +++ b/mmv1/products/certificatemanager/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2021 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CertificateManager +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://certificatemanager.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://certificatemanager.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-identity +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Network Services API + url: https://console.cloud.google.com/apis/library/certificatemanager.googleapis.com diff --git a/mmv1/products/certificatemanager/terraform.yaml b/mmv1/products/certificatemanager/terraform.yaml index a841eb81070b..820ca8a5d9b9 100644 --- a/mmv1/products/certificatemanager/terraform.yaml +++ b/mmv1/products/certificatemanager/terraform.yaml @@ -38,19 +38,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides dns_auth_name2: "dns-auth2" dns_auth_subdomain2: "subdomain2" cert_name: "dns-cert" - ignore_read_extra: - - "managed.0.dns_authorizations" - examples: - !ruby/object:Provider::Terraform::Examples name: "certificate_manager_self_managed_certificate" primary_resource_id: "default" vars: cert_name: "self-managed-cert" properties: - managed.dnsAuthorizations: !ruby/object:Overrides::Terraform::PropertyOverride - # We don't support ignore_read on nested fields - ignore_read: true - custom_flatten: "templates/terraform/custom_flatten/certificate_manager_certificate_managed_dns_auth.go.erb" selfManaged.certificatePem: !ruby/object:Overrides::Terraform::PropertyOverride sensitive: true selfManaged.privateKeyPem: !ruby/object:Overrides::Terraform::PropertyOverride @@ -61,6 +54,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides ignore_read: true scope: !ruby/object:Overrides::Terraform::PropertyOverride diff_suppress_func: 'certManagerDefaultScopeDiffSuppress' + managed.dnsAuthorizations: !ruby/object:Overrides::Terraform::PropertyOverride + diff_suppress_func: 'projectNumberDiffSuppress' custom_code: !ruby/object:Provider::Terraform::CustomCode constants: templates/terraform/constants/cert_manager.erb CertificateMap: !ruby/object:Overrides::Terraform::ResourceOverride diff --git a/mmv1/products/cloudasset/FolderFeed.yaml b/mmv1/products/cloudasset/FolderFeed.yaml new file mode 100644 index 000000000000..a740e54aec15 --- /dev/null +++ b/mmv1/products/cloudasset/FolderFeed.yaml @@ -0,0 +1,137 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: FolderFeed +base_url: folders/{{folder_id}}/feeds +create_url: folders/{{folder_id}}/feeds?feedId={{feed_id}} +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +collection_url_key: 'feeds' +description: | + Describes a Cloud Asset Inventory feed used to to listen to asset updates. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/asset-inventory/docs' + api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' +parameters: + - !ruby/object:Api::Type::String + name: folder + required: true + immutable: true + url_param_only: true + description: | + The folder this feed should be created in. +properties: + - !ruby/object:Api::Type::String + name: billing_project + required: true + immutable: true + url_param_only: true + description: | + The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + - !ruby/object:Api::Type::String + name: folder_id + output: true + description: | + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. + - !ruby/object:Api::Type::String + name: feedId + description: | + This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Array + name: assetNames + item_type: Api::Type::String + description: | + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + - !ruby/object:Api::Type::Array + name: assetTypes + item_type: Api::Type::String + description: | + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + - !ruby/object:Api::Type::Enum + name: contentType + description: | + Asset content type. If not specified, no content but the asset name and type will be returned. + values: + - :CONTENT_TYPE_UNSPECIFIED + - :RESOURCE + - :IAM_POLICY + - :ORG_POLICY + - :ACCESS_POLICY + - !ruby/object:Api::Type::NestedObject + name: feedOutputConfig + required: true + description: | + Output configuration for asset feed destination. + properties: + - !ruby/object:Api::Type::NestedObject + name: pubsubDestination + required: true + description: | + Destination on Cloud Pubsub. + properties: + - !ruby/object:Api::Type::String + name: topic + required: true + description: | + Destination on Cloud Pubsub topic. + - !ruby/object:Api::Type::NestedObject + name: condition + description: | + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + - !ruby/object:Api::Type::String + name: expression + required: true + description: | + Textual representation of an expression in Common Expression Language syntax. + - !ruby/object:Api::Type::String + name: title + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: description + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: location + description: | + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. diff --git a/mmv1/products/cloudasset/OrganizationFeed.yaml b/mmv1/products/cloudasset/OrganizationFeed.yaml new file mode 100644 index 000000000000..10a42e003018 --- /dev/null +++ b/mmv1/products/cloudasset/OrganizationFeed.yaml @@ -0,0 +1,132 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: OrganizationFeed +base_url: "organizations/{{org_id}}/feeds" +create_url: "organizations/{{org_id}}/feeds?feedId={{feed_id}}" +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +collection_url_key: 'feeds' +description: | + Describes a Cloud Asset Inventory feed used to to listen to asset updates. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/asset-inventory/docs' + api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' +parameters: + - !ruby/object:Api::Type::String + name: org_id + required: true + immutable: true + url_param_only: true + description: | + The organization this feed should be created in. +properties: + - !ruby/object:Api::Type::String + name: billing_project + required: true + immutable: true + url_param_only: true + description: | + The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + - !ruby/object:Api::Type::String + name: feedId + description: | + This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Array + name: assetNames + item_type: Api::Type::String + description: | + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + - !ruby/object:Api::Type::Array + name: assetTypes + item_type: Api::Type::String + description: | + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + - !ruby/object:Api::Type::Enum + name: contentType + description: | + Asset content type. If not specified, no content but the asset name and type will be returned. + values: + - :CONTENT_TYPE_UNSPECIFIED + - :RESOURCE + - :IAM_POLICY + - :ORG_POLICY + - :ACCESS_POLICY + - !ruby/object:Api::Type::NestedObject + name: feedOutputConfig + required: true + description: | + Output configuration for asset feed destination. + properties: + - !ruby/object:Api::Type::NestedObject + name: pubsubDestination + required: true + description: | + Destination on Cloud Pubsub. + properties: + - !ruby/object:Api::Type::String + name: topic + required: true + description: | + Destination on Cloud Pubsub topic. + - !ruby/object:Api::Type::NestedObject + name: condition + description: | + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + - !ruby/object:Api::Type::String + name: expression + required: true + description: | + Textual representation of an expression in Common Expression Language syntax. + - !ruby/object:Api::Type::String + name: title + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: description + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: location + description: | + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + diff --git a/mmv1/products/cloudasset/ProjectFeed.yaml b/mmv1/products/cloudasset/ProjectFeed.yaml new file mode 100644 index 000000000000..6c77b6e205f5 --- /dev/null +++ b/mmv1/products/cloudasset/ProjectFeed.yaml @@ -0,0 +1,123 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: ProjectFeed +base_url: projects/{{project}}/feeds +create_url: projects/{{project}}/feeds?feedId={{feed_id}} +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +collection_url_key: 'feeds' +description: | + Describes a Cloud Asset Inventory feed used to to listen to asset updates. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/asset-inventory/docs' + api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' +properties: + - !ruby/object:Api::Type::String + name: billing_project + url_param_only: true + immutable: true + description: | + The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. If not specified, the resource's + project will be used. + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. + - !ruby/object:Api::Type::String + name: feedId + description: | + This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Array + name: assetNames + item_type: Api::Type::String + description: | + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + - !ruby/object:Api::Type::Array + name: assetTypes + item_type: Api::Type::String + description: | + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + - !ruby/object:Api::Type::Enum + name: contentType + description: | + Asset content type. If not specified, no content but the asset name and type will be returned. + values: + - :CONTENT_TYPE_UNSPECIFIED + - :RESOURCE + - :IAM_POLICY + - :ORG_POLICY + - :ACCESS_POLICY + - !ruby/object:Api::Type::NestedObject + name: feedOutputConfig + required: true + description: | + Output configuration for asset feed destination. + properties: + - !ruby/object:Api::Type::NestedObject + name: pubsubDestination + required: true + description: | + Destination on Cloud Pubsub. + properties: + - !ruby/object:Api::Type::String + name: topic + required: true + description: | + Destination on Cloud Pubsub topic. + - !ruby/object:Api::Type::NestedObject + name: condition + description: | + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + - !ruby/object:Api::Type::String + name: expression + required: true + description: | + Textual representation of an expression in Common Expression Language syntax. + - !ruby/object:Api::Type::String + name: title + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: description + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: location + description: | + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. diff --git a/mmv1/products/cloudasset/api.yaml b/mmv1/products/cloudasset/api.yaml deleted file mode 100644 index dbbd199bfe6a..000000000000 --- a/mmv1/products/cloudasset/api.yaml +++ /dev/null @@ -1,378 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- !ruby/object:Api::Product -name: CloudAsset -display_name: Cloud Asset Inventory -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudasset.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Asset API - url: https://console.cloud.google.com/apis/library/cloudasset.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: ProjectFeed - base_url: projects/{{project}}/feeds - create_url: projects/{{project}}/feeds?feedId={{feed_id}} - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - collection_url_key: 'feeds' - description: | - Describes a Cloud Asset Inventory feed used to to listen to asset updates. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/asset-inventory/docs' - api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' - properties: - - !ruby/object:Api::Type::String - name: billing_project - url_param_only: true - input: true - description: | - The project whose identity will be used when sending messages to the - destination pubsub topic. It also specifies the project for API - enablement check, quota, and billing. If not specified, the resource's - project will be used. - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. - - !ruby/object:Api::Type::String - name: feedId - description: | - This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Array - name: assetNames - item_type: Api::Type::String - description: | - A list of the full names of the assets to receive updates. You must specify either or both of - assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are - exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. - See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. - - !ruby/object:Api::Type::Array - name: assetTypes - item_type: Api::Type::String - description: | - A list of types of the assets to receive updates. You must specify either or both of assetNames - and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to - the feed. For example: "compute.googleapis.com/Disk" - See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all - supported asset types. - - !ruby/object:Api::Type::Enum - name: contentType - description: | - Asset content type. If not specified, no content but the asset name and type will be returned. - values: - - :CONTENT_TYPE_UNSPECIFIED - - :RESOURCE - - :IAM_POLICY - - :ORG_POLICY - - :ACCESS_POLICY - - !ruby/object:Api::Type::NestedObject - name: feedOutputConfig - required: true - description: | - Output configuration for asset feed destination. - properties: - - !ruby/object:Api::Type::NestedObject - name: pubsubDestination - required: true - description: | - Destination on Cloud Pubsub. - properties: - - !ruby/object:Api::Type::String - name: topic - required: true - description: | - Destination on Cloud Pubsub topic. - - !ruby/object:Api::Type::NestedObject - name: condition - description: | - A condition which determines whether an asset update should be published. If specified, an asset - will be returned only when the expression evaluates to true. When set, expression field - must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with - expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of - condition are optional. - properties: - - !ruby/object:Api::Type::String - name: expression - required: true - description: | - Textual representation of an expression in Common Expression Language syntax. - - !ruby/object:Api::Type::String - name: title - description: | - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: description - description: | - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: location - description: | - String indicating the location of the expression for error reporting, e.g. a file - name and a position in the file. - - !ruby/object:Api::Resource - name: FolderFeed - base_url: folders/{{folder_id}}/feeds - create_url: folders/{{folder_id}}/feeds?feedId={{feed_id}} - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - collection_url_key: 'feeds' - description: | - Describes a Cloud Asset Inventory feed used to to listen to asset updates. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/asset-inventory/docs' - api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' - parameters: - - !ruby/object:Api::Type::String - name: folder - required: true - input: true - url_param_only: true - description: | - The folder this feed should be created in. - properties: - - !ruby/object:Api::Type::String - name: billing_project - required: true - input: true - url_param_only: true - description: | - The project whose identity will be used when sending messages to the - destination pubsub topic. It also specifies the project for API - enablement check, quota, and billing. - - !ruby/object:Api::Type::String - name: folder_id - output: true - description: | - The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] - and folders/[FOLDER_NUMBER] are accepted. - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. - - !ruby/object:Api::Type::String - name: feedId - description: | - This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Array - name: assetNames - item_type: Api::Type::String - description: | - A list of the full names of the assets to receive updates. You must specify either or both of - assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are - exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. - See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. - - !ruby/object:Api::Type::Array - name: assetTypes - item_type: Api::Type::String - description: | - A list of types of the assets to receive updates. You must specify either or both of assetNames - and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to - the feed. For example: "compute.googleapis.com/Disk" - See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all - supported asset types. - - !ruby/object:Api::Type::Enum - name: contentType - description: | - Asset content type. If not specified, no content but the asset name and type will be returned. - values: - - :CONTENT_TYPE_UNSPECIFIED - - :RESOURCE - - :IAM_POLICY - - :ORG_POLICY - - :ACCESS_POLICY - - !ruby/object:Api::Type::NestedObject - name: feedOutputConfig - required: true - description: | - Output configuration for asset feed destination. - properties: - - !ruby/object:Api::Type::NestedObject - name: pubsubDestination - required: true - description: | - Destination on Cloud Pubsub. - properties: - - !ruby/object:Api::Type::String - name: topic - required: true - description: | - Destination on Cloud Pubsub topic. - - !ruby/object:Api::Type::NestedObject - name: condition - description: | - A condition which determines whether an asset update should be published. If specified, an asset - will be returned only when the expression evaluates to true. When set, expression field - must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with - expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of - condition are optional. - properties: - - !ruby/object:Api::Type::String - name: expression - required: true - description: | - Textual representation of an expression in Common Expression Language syntax. - - !ruby/object:Api::Type::String - name: title - description: | - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: description - description: | - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: location - description: | - String indicating the location of the expression for error reporting, e.g. a file - name and a position in the file. - - !ruby/object:Api::Resource - name: OrganizationFeed - base_url: "organizations/{{org_id}}/feeds" - create_url: "organizations/{{org_id}}/feeds?feedId={{feed_id}}" - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - collection_url_key: 'feeds' - description: | - Describes a Cloud Asset Inventory feed used to to listen to asset updates. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/asset-inventory/docs' - api: 'https://cloud.google.com/asset-inventory/docs/reference/rest/' - parameters: - - !ruby/object:Api::Type::String - name: org_id - required: true - input: true - url_param_only: true - description: | - The organization this feed should be created in. - properties: - - !ruby/object:Api::Type::String - name: billing_project - required: true - input: true - url_param_only: true - description: | - The project whose identity will be used when sending messages to the - destination pubsub topic. It also specifies the project for API - enablement check, quota, and billing. - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. - - !ruby/object:Api::Type::String - name: feedId - description: | - This is the client-assigned asset feed identifier and it needs to be unique under a specific parent. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Array - name: assetNames - item_type: Api::Type::String - description: | - A list of the full names of the assets to receive updates. You must specify either or both of - assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are - exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. - See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. - - !ruby/object:Api::Type::Array - name: assetTypes - item_type: Api::Type::String - description: | - A list of types of the assets to receive updates. You must specify either or both of assetNames - and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to - the feed. For example: "compute.googleapis.com/Disk" - See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all - supported asset types. - - !ruby/object:Api::Type::Enum - name: contentType - description: | - Asset content type. If not specified, no content but the asset name and type will be returned. - values: - - :CONTENT_TYPE_UNSPECIFIED - - :RESOURCE - - :IAM_POLICY - - :ORG_POLICY - - :ACCESS_POLICY - - !ruby/object:Api::Type::NestedObject - name: feedOutputConfig - required: true - description: | - Output configuration for asset feed destination. - properties: - - !ruby/object:Api::Type::NestedObject - name: pubsubDestination - required: true - description: | - Destination on Cloud Pubsub. - properties: - - !ruby/object:Api::Type::String - name: topic - required: true - description: | - Destination on Cloud Pubsub topic. - - !ruby/object:Api::Type::NestedObject - name: condition - description: | - A condition which determines whether an asset update should be published. If specified, an asset - will be returned only when the expression evaluates to true. When set, expression field - must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with - expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of - condition are optional. - properties: - - !ruby/object:Api::Type::String - name: expression - required: true - description: | - Textual representation of an expression in Common Expression Language syntax. - - !ruby/object:Api::Type::String - name: title - description: | - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: description - description: | - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: location - description: | - String indicating the location of the expression for error reporting, e.g. a file - name and a position in the file. diff --git a/mmv1/products/cloudasset/product.yaml b/mmv1/products/cloudasset/product.yaml new file mode 100644 index 000000000000..75ac4015241d --- /dev/null +++ b/mmv1/products/cloudasset/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- !ruby/object:Api::Product +name: CloudAsset +display_name: Cloud Asset Inventory +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudasset.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Asset API + url: https://console.cloud.google.com/apis/library/cloudasset.googleapis.com/ diff --git a/mmv1/products/cloudbuild/BitbucketServerConfig.yaml b/mmv1/products/cloudbuild/BitbucketServerConfig.yaml new file mode 100644 index 000000000000..0319a12f9593 --- /dev/null +++ b/mmv1/products/cloudbuild/BitbucketServerConfig.yaml @@ -0,0 +1,137 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BitbucketServerConfig' +base_url: projects/{{project}}/locations/{{location}}/bitbucketServerConfigs +self_link: projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{bitbucketServerConfigId}} +create_url: projects/{{project}}/locations/{{location}}/bitbucketServerConfigs?bitbucketServerConfigId={{bitbucketServerConfigId}} +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Connect to a Bitbucket Server host': 'https://cloud.google.com/build/docs/automating-builds/bitbucket/connect-host-bitbucket-server' + api: 'https://cloud.google.com/build/docs/api/reference/rest/v1/projects.locations.bitbucketServerConfigs' +description: | + BitbucketServerConfig represents the configuration for a Bitbucket Server. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'bitbucketServerConfigId' + required: true + url_param_only: true + immutable: true + description: | + The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name. + - !ruby/object:Api::Type::String + name: 'location' + url_param_only: true + immutable: true + required: true + description: | + The location of this bitbucket server config. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The resource name for the config. + - !ruby/object:Api::Type::String + name: 'hostUri' + required: true + description: | + Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed. + If you need to change it, please create another BitbucketServerConfig. + - !ruby/object:Api::Type::NestedObject + name: 'secrets' + required: true + description: | + Secret Manager secrets needed by the config. + properties: + - !ruby/object:Api::Type::String + name: 'adminAccessTokenVersionName' + required: true + description: | + The resource name for the admin access token's secret version. + - !ruby/object:Api::Type::String + name: 'readAccessTokenVersionName' + required: true + description: | + The resource name for the read access token's secret version. + - !ruby/object:Api::Type::String + name: 'webhookSecretVersionName' + required: true + immutable: true + description: | + Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed. + Changing this field will result in deleting/ recreating the resource. + - !ruby/object:Api::Type::String + name: 'username' + required: true + description: | + Username of the account Cloud Build will use on Bitbucket Server. + - !ruby/object:Api::Type::String + name: 'webhookKey' + output: true + description: | + Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config. + - !ruby/object:Api::Type::String + name: 'apiKey' + required: true + immutable: true + description: | + Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed. + Changing this field will result in deleting/ recreating the resource. + - !ruby/object:Api::Type::Array + name: 'connectedRepositories' + description: | + Connected Bitbucket Server repositories for this config. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'projectKey' + required: true + description: | + Identifier for the project storing the repository. + - !ruby/object:Api::Type::String + name: 'repoSlug' + required: true + description: | + Identifier for the repository. + - !ruby/object:Api::Type::String + name: 'peeredNetwork' + description: | + The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection. + This should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty, + no network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format + projects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project. + - !ruby/object:Api::Type::String + name: 'sslCa' + description: | + SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt. diff --git a/mmv1/products/cloudbuild/Trigger.yaml b/mmv1/products/cloudbuild/Trigger.yaml new file mode 100644 index 000000000000..bd6b9fb91669 --- /dev/null +++ b/mmv1/products/cloudbuild/Trigger.yaml @@ -0,0 +1,1082 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Trigger' +base_url: projects/{{project}}/locations/{{location}}/triggers +self_link: projects/{{project}}/locations/{{location}}/triggers/{{id}} +update_verb: :PATCH +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Automating builds using build triggers': 'https://cloud.google.com/cloud-build/docs/running-builds/automate-builds' + api: 'https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers' +description: | + Configuration for an automated build in response to source repository changes. +parameters: + - !ruby/object:Api::Type::String + name: 'location' + description: | + The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + default_value: global + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'id' + description: | + The unique identifier for the trigger. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the trigger. Must be unique within the project. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Human-readable description of the trigger. + - !ruby/object:Api::Type::Array + name: 'tags' + item_type: Api::Type::String + description: | + Tags for annotation of a BuildTrigger + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Whether the trigger is disabled or not. If true, the trigger will never result in a build. + - !ruby/object:Api::Type::Time + name: 'createTime' + output: true + description: | + Time when the trigger was created. + - !ruby/object:Api::Type::KeyValuePairs + name: 'substitutions' + description: | + Substitutions data for Build resource. + - !ruby/object:Api::Type::String + name: 'serviceAccount' + description: | + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + Format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL} + - !ruby/object:Api::Type::Enum + name: 'includeBuildLogs' + values: + - :INCLUDE_BUILD_LOGS_UNSPECIFIED + - :INCLUDE_BUILD_LOGS_WITH_STATUS + description: | + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS + - !ruby/object:Api::Type::String + name: 'filename' + exactly_one_of: + - filename + - build + - git_file_source + description: | + Path, from the source root, to a file whose contents is used for the template. + Either a filename or build template must be provided. Set this only when using trigger_template or github. + When using Pub/Sub, Webhook or Manual set the file name using git_file_source instead. + - !ruby/object:Api::Type::String + name: 'filter' + description: | + A Common Expression Language string. Used only with Pub/Sub and Webhook. + - !ruby/object:Api::Type::NestedObject + name: 'gitFileSource' + exactly_one_of: + - filename + - git_file_source + - build + description: | + The file source describing the local or remote Build template. + properties: + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + The path of the file, with the repo root as the root of the path. + - !ruby/object:Api::Type::String + name: 'uri' + description: | + The URI of the repo (optional). If unspecified, the repo from which the trigger + invocation originated is assumed to be the repo from which to read the specified path. + - !ruby/object:Api::Type::Enum + name: 'repoType' + required: true + description: | + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER + values: + - :UNKNOWN + - :CLOUD_SOURCE_REPOSITORIES + - :GITHUB + - :BITBUCKET_SERVER + - !ruby/object:Api::Type::String + name: 'revision' + description: | + The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the + filename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions + If unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path. + - !ruby/object:Api::Type::String + name: 'githubEnterpriseConfig' + description: | + The full resource name of the github enterprise config. + Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. + - !ruby/object:Api::Type::NestedObject + name: "repositoryEventConfig" + min_version: beta + description: | + The configuration of a trigger that creates a build whenever an event from Repo API is received. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: "repository" + description: | + The resource name of the Repo API resource. + - !ruby/object:Api::Type::NestedObject + name: "pullRequest" + description: | + Contains filter properties for matching Pull Requests. + exactly_one_of: + - pull_request + - push + properties: + - !ruby/object:Api::Type::String + name: "branch" + description: | + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - branch + - !ruby/object:Api::Type::Boolean + name: "invertRegex" + description: | + If true, branches that do NOT match the git_ref will trigger a build. + - !ruby/object:Api::Type::Enum + name: "commentControl" + description: | + Configure builds to run whether a repository owner or collaborator need to comment `/gcbrun`. + values: + - :COMMENTS_DISABLED + - :COMMENTS_ENABLED + - :COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + - !ruby/object:Api::Type::NestedObject + name: "push" + description: | + Contains filter properties for matching git pushes. + exactly_one_of: + - pull_request + - push + properties: + - !ruby/object:Api::Type::String + name: "branch" + description: | + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - branch + - tag + - !ruby/object:Api::Type::String + name: "tag" + description: | + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - branch + - tag + - !ruby/object:Api::Type::Boolean + name: "invertRegex" + description: | + If true, only trigger a build if the revision regex does NOT match the git_ref regex. + - !ruby/object:Api::Type::NestedObject + name: 'sourceToBuild' + description: | + The repo and ref of the repository from which to build. + This field is used only for those triggers that do not respond to SCM events. + Triggers that respond to such events build source at whatever commit caused the event. + This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: 'uri' + required: true + description: | + The URI of the repo (required). + - !ruby/object:Api::Type::String + name: 'ref' + required: true + description: | + The branch or tag to use. Must start with "refs/" (required). + - !ruby/object:Api::Type::Enum + name: 'repoType' + required: true + description: | + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER + values: + - :UNKNOWN + - :CLOUD_SOURCE_REPOSITORIES + - :GITHUB + - :BITBUCKET_SERVER + - !ruby/object:Api::Type::String + name: 'githubEnterpriseConfig' + description: | + The full resource name of the github enterprise config. + Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. + - !ruby/object:Api::Type::Array + name: 'ignoredFiles' + item_type: Api::Type::String + description: | + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for `**`. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + - !ruby/object:Api::Type::Array + name: 'includedFiles' + item_type: Api::Type::String + description: | + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for `**`. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + - !ruby/object:Api::Type::NestedObject + name: 'triggerTemplate' + description: | + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + description: | + ID of the project that owns the Cloud Source Repository. If + omitted, the project ID requesting the build is assumed. + - !ruby/object:Api::Type::String + name: 'repoName' + default_value: 'default' + description: | + Name of the Cloud Source Repository. If omitted, the name "default" is assumed. + - !ruby/object:Api::Type::String + name: 'dir' + description: | + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + Only trigger a build if the revision regex does NOT match the revision regex. + - !ruby/object:Api::Type::String + name: 'branchName' + description: | + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + exactly_one_of: + - trigger_template.0.branch_name + - trigger_template.0.tag_name + - trigger_template.0.commit_sha + - !ruby/object:Api::Type::String + name: 'tagName' + description: | + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + exactly_one_of: + - trigger_template.0.branch_name + - trigger_template.0.tag_name + - trigger_template.0.commit_sha + - !ruby/object:Api::Type::String + name: 'commitSha' + description: | + Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided. + exactly_one_of: + - trigger_template.0.branch_name + - trigger_template.0.tag_name + - trigger_template.0.commit_sha + - !ruby/object:Api::Type::NestedObject + name: 'github' + description: | + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: 'owner' + description: | + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + - !ruby/object:Api::Type::NestedObject + name: 'pullRequest' + description: | + filter to match changes in pull requests. Specify only one of `pull_request` or `push`. + exactly_one_of: + - github.0.pull_request + - github.0.push + properties: + - !ruby/object:Api::Type::String + name: 'branch' + required: true + description: | + Regex of branches to match. + - !ruby/object:Api::Type::Enum + name: 'commentControl' + description: | + Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. + values: + - :COMMENTS_DISABLED + - :COMMENTS_ENABLED + - :COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + If true, branches that do NOT match the git_ref will trigger a build. + - !ruby/object:Api::Type::NestedObject + name: 'push' + description: | + filter to match changes in refs, like branches or tags. Specify only one of `pull_request` or `push`. + exactly_one_of: + - github.0.pull_request + - github.0.push + properties: + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + When true, only trigger a build if the revision regex does NOT match the git_ref regex. + - !ruby/object:Api::Type::String + name: 'branch' + description: | + Regex of branches to match. Specify only one of branch or tag. + exactly_one_of: + - github.0.push.0.branch + - github.0.push.0.tag + - !ruby/object:Api::Type::String + name: 'tag' + description: | + Regex of tags to match. Specify only one of branch or tag. + exactly_one_of: + - github.0.push.0.branch + - github.0.push.0.tag + - !ruby/object:Api::Type::String + name: 'enterpriseConfigResourceName' + description: | + The resource name of the github enterprise config that should be applied to this installation. + For example: "projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}" + - !ruby/object:Api::Type::NestedObject + name: "bitbucketServerTriggerConfig" + description: | + BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: "repoSlug" + required: true + description: | + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + - !ruby/object:Api::Type::String + name: "projectKey" + required: true + description: | + Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is "TEST". + - !ruby/object:Api::Type::String + name: "bitbucketServerConfigResource" + required: true + description: | + The Bitbucket server config resource that this trigger config maps to. + - !ruby/object:Api::Type::NestedObject + name: 'pullRequest' + description: | + Filter to match changes in pull requests. + exactly_one_of: + - bitbucket_server_trigger_config.0.pull_request + - bitbucket_server_trigger_config.0.push + properties: + - !ruby/object:Api::Type::String + name: 'branch' + required: true + description: | + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax + - !ruby/object:Api::Type::Enum + name: 'commentControl' + description: | + Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. + values: + - :COMMENTS_DISABLED + - :COMMENTS_ENABLED + - :COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + If true, branches that do NOT match the git_ref will trigger a build. + - !ruby/object:Api::Type::NestedObject + name: 'push' + description: | + Filter to match changes in refs like branches, tags. + exactly_one_of: + - bitbucket_server_trigger_config.0.pull_request + - bitbucket_server_trigger_config.0.push + properties: + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + When true, only trigger a build if the revision regex does NOT match the gitRef regex. + - !ruby/object:Api::Type::String + name: 'branch' + description: | + Regex of branches to match. Specify only one of branch or tag. + exactly_one_of: + - bitbucket_server_trigger_config.0.push.0.branch + - bitbucket_server_trigger_config.0.push.0.tag + - !ruby/object:Api::Type::String + name: 'tag' + description: | + Regex of tags to match. Specify only one of branch or tag. + exactly_one_of: + - bitbucket_server_trigger_config.0.push.0.branch + - bitbucket_server_trigger_config.0.push.0.tag + - !ruby/object:Api::Type::NestedObject + name: 'pubsubConfig' + description: | + PubsubConfig describes the configuration of a trigger that creates + a build whenever a Pub/Sub message is published. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: 'subscription' + description: | + Output only. Name of the subscription. + output: true + - !ruby/object:Api::Type::String + name: 'topic' + required: true + description: | + The name of the topic from which this subscription is receiving messages. + - !ruby/object:Api::Type::String + name: 'service_account_email' + description: | + Service account that will make the push request. + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + - !ruby/object:Api::Type::NestedObject + name: 'webhookConfig' + description: | + WebhookConfig describes the configuration of a trigger that creates + a build whenever a webhook is sent to a trigger's webhook URL. + at_least_one_of: + - trigger_template + - github + - bitbucket_server_trigger_config + - pubsub_config + - webhook_config + - source_to_build + - repository_event_config + properties: + - !ruby/object:Api::Type::String + name: 'secret' + required: true + description: | + Resource name for the secret required as a URL parameter. + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + - !ruby/object:Api::Type::NestedObject + name: 'approvalConfig' + description: | + Configuration for manual approval to start a build invocation of this BuildTrigger. + Builds created by this trigger will require approval before they execute. + Any user with a Cloud Build Approver role for the project can approve a build. + properties: + - !ruby/object:Api::Type::Boolean + name: 'approvalRequired' + default_value: false + description: | + Whether or not approval is needed. If this is set on a build, it will become pending when run, + and will need to be explicitly approved to start. + - !ruby/object:Api::Type::NestedObject + name: 'build' + exactly_one_of: + - filename + - build + - git_file_source + description: | + Contents of the build template. Either a filename or build template must be provided. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'source' + description: | + The location of the source files to build. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'storageSource' + description: | + Location of the source in an archive file in Google Cloud Storage. + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + Google Cloud Storage bucket containing the source. + - !ruby/object:Api::Type::String + name: 'object' + required: true + description: | + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + - !ruby/object:Api::Type::String + name: 'generation' + description: | + Google Cloud Storage generation for the object. + If the generation is omitted, the latest generation will be used + - !ruby/object:Api::Type::NestedObject + name: 'repoSource' + description: | + Location of the source in a Google Cloud Source Repository. + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + description: | + ID of the project that owns the Cloud Source Repository. + If omitted, the project ID requesting the build is assumed. + - !ruby/object:Api::Type::String + name: 'repoName' + required: true + description: | + Name of the Cloud Source Repository. + - !ruby/object:Api::Type::String + name: 'dir' + description: | + Directory, relative to the source root, in which to run the build. + This must be a relative path. If a step's dir is specified and is an absolute path, + this value is ignored for that step's execution. + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + Only trigger a build if the revision regex does NOT match the revision regex. + - !ruby/object:Api::Type::KeyValuePairs + name: 'substitutions' + description: | + Substitutions to use in a triggered build. Should only be used with triggers.run + - !ruby/object:Api::Type::String + name: 'branchName' + description: | + Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - build.0.source.0.repo_source.0.branch_name + - build.0.source.0.repo_source.0.commit_sha + - build.0.source.0.repo_source.0.tag_name + - !ruby/object:Api::Type::String + name: 'tagName' + description: | + Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax + exactly_one_of: + - build.0.source.0.repo_source.0.branch_name + - build.0.source.0.repo_source.0.commit_sha + - build.0.source.0.repo_source.0.tag_name + - !ruby/object:Api::Type::String + name: 'commitSha' + description: | + Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided. + exactly_one_of: + - build.0.source.0.repo_source.0.branch_name + - build.0.source.0.repo_source.0.commit_sha + - build.0.source.0.repo_source.0.tag_name + - !ruby/object:Api::Type::Array + name: 'tags' + item_type: Api::Type::String + description: | + Tags for annotation of a Build. These are not docker tags. + - !ruby/object:Api::Type::Array + name: 'images' + item_type: Api::Type::String + description: | + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + - !ruby/object:Api::Type::KeyValuePairs + name: 'substitutions' + description: | + Substitutions data for Build resource. + - !ruby/object:Api::Type::String + name: 'queueTtl' + description: | + TTL in queue for this build. If provided and the build is enqueued longer than this value, + the build will expire and the build status will be EXPIRED. + The TTL starts ticking from createTime. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: 'logsBucket' + description: | + Google Cloud Storage bucket where logs should be written. + Logs file names will be of the format ${logsBucket}/log-${build_id}.txt. + - !ruby/object:Api::Type::String + name: 'timeout' + description: | + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + default_value: '600s' + - !ruby/object:Api::Type::Array + name: 'secrets' + description: | + Secrets to decrypt using Cloud Key Management Service. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + required: true + description: | + Cloud KMS key name to use to decrypt these envs. + - !ruby/object:Api::Type::KeyValuePairs + name: 'secretEnv' + description: | + Map of environment variable name to its encrypted value. + Secret environment variables must be unique across all of a build's secrets, + and must be used by at least one build step. Values can be at most 64 KB in size. + There can be at most 100 secret values across all of a build's secrets. + - !ruby/object:Api::Type::NestedObject + name: 'availableSecrets' + description: | + Secrets and secret environment variables. + properties: + - !ruby/object:Api::Type::Array + name: 'secretManager' + required: true + description: | + Pairs a secret environment variable with a SecretVersion in Secret Manager. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'versionName' + required: true + description: | + Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/* + - !ruby/object:Api::Type::String + name: 'env' + required: true + description: | + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + - !ruby/object:Api::Type::Array + name: 'steps' + required: true + description: | + The operations to be performed on the workspace. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name of the container image that will run this particular build step. + + If the image is available in the host's Docker daemon's cache, it will be + run directly. If not, the host will attempt to pull the image first, using + the builder service account's credentials if necessary. + + The Docker daemon's cache will already have the latest versions of all of + the officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + for images and examples). + The Docker daemon will also have cached many of the layers for some popular + images, like "ubuntu", "debian", but they will be refreshed at the time + you attempt to use them. + + If you built an image in a previous build step, it will be stored in the + host's Docker daemon's cache and is available to use as the name for a + later build step. + - !ruby/object:Api::Type::Array + name: 'args' + item_type: Api::Type::String + description: | + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + - !ruby/object:Api::Type::Array + name: 'env' + item_type: Api::Type::String + description: | + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + - !ruby/object:Api::Type::String + name: 'id' + description: | + Unique identifier for this build step, used in `wait_for` to + reference this build step as a dependency. + - !ruby/object:Api::Type::String + name: 'entrypoint' + description: | + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used + - !ruby/object:Api::Type::String + name: 'dir' + description: | + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a `volume` for that path is specified. + + If the build specifies a `RepoSource` with `dir` and a step with a + `dir`, + which specifies an absolute path, the `RepoSource` `dir` is ignored + for the step's execution. + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'secretEnv' + description: | + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's `Secret`. + - !ruby/object:Api::Type::String + name: 'timeout' + description: | + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + - !ruby/object:Api::Type::String + name: 'timing' + immutable: false + description: | + Output only. Stores timing information for executing this + build step. + - !ruby/object:Api::Type::Array + name: 'volumes' + description: | + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + - !ruby/object:Api::Type::Array + name: 'waitFor' + item_type: Api::Type::String + description: | + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in `wait_for` + have completed successfully. If `wait_for` is empty, this build step + will start when all previous build steps in the `Build.Steps` list + have completed successfully. + - !ruby/object:Api::Type::String + name: 'script' + description: | + A shell script to be executed in the step. + When script is provided, the user cannot specify the entrypoint or args. + - !ruby/object:Api::Type::NestedObject + name: 'artifacts' + description: | + Artifacts produced by the build that should be uploaded upon successful completion of all build steps. + properties: + - !ruby/object:Api::Type::Array + name: 'images' + item_type: Api::Type::String + description: | + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + - !ruby/object:Api::Type::NestedObject + name: 'objects' + description: | + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + - !ruby/object:Api::Type::String + name: 'location' + description: | + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + - !ruby/object:Api::Type::Array + name: 'paths' + item_type: Api::Type::String + description: | + Path globs used to match files in the build's workspace. + - !ruby/object:Api::Type::NestedObject + name: 'timing' + description: | + Output only. Stores timing information for pushing all artifact objects. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'endTime' + description: | + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: 'options' + description: | + Special options for this build. + properties: + - !ruby/object:Api::Type::Array + name: 'sourceProvenanceHash' + description: | + Requested hash for SourceProvenance. + item_type: !ruby/object:Api::Type::Enum + name: 'hashType' + description: | + Specifies the hash algorithm, if any. + values: + - :NONE + - :SHA256 + - :MD5 + - !ruby/object:Api::Type::Enum + name: 'requestedVerifyOption' + description: | + Requested verifiability options. + values: + - :NOT_VERIFIED + - :VERIFIED + - !ruby/object:Api::Type::Enum + name: 'machineType' + description: | + Compute Engine machine type on which to run the build. + values: + - :UNSPECIFIED + - :N1_HIGHCPU_8 + - :N1_HIGHCPU_32 + - :E2_HIGHCPU_8 + - :E2_HIGHCPU_32 + - !ruby/object:Api::Type::Integer + name: 'diskSizeGb' + description: | + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + - !ruby/object:Api::Type::Enum + name: 'substitutionOption' + description: | + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. + values: + - :MUST_MATCH + - :ALLOW_LOOSE + - !ruby/object:Api::Type::Boolean + name: 'dynamicSubstitutions' + send_empty_value: true + description: | + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + - !ruby/object:Api::Type::Enum + name: 'logStreamingOption' + description: | + Option to define build log streaming behavior to Google Cloud Storage. + values: + - :STREAM_DEFAULT + - :STREAM_ON + - :STREAM_OFF + - !ruby/object:Api::Type::String + name: 'workerPool' + description: | + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + - !ruby/object:Api::Type::Enum + name: 'logging' + description: | + Option to specify the logging mode, which determines if and where build logs are stored. + values: + - :LOGGING_UNSPECIFIED + - :LEGACY + - :GCS_ONLY + - :STACKDRIVER_ONLY + - :CLOUD_LOGGING_ONLY + - :NONE + - !ruby/object:Api::Type::Array + name: 'env' + item_type: Api::Type::String + description: | + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + - !ruby/object:Api::Type::Array + name: 'secretEnv' + item_type: Api::Type::String + description: | + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + - !ruby/object:Api::Type::Array + name: 'volumes' + description: | + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + - !ruby/object:Api::Type::String + name: 'path' + description: | + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + diff --git a/mmv1/products/cloudbuild/api.yaml b/mmv1/products/cloudbuild/api.yaml deleted file mode 100644 index 4ee918eff350..000000000000 --- a/mmv1/products/cloudbuild/api.yaml +++ /dev/null @@ -1,1222 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudBuild -display_name: Cloud Build -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudbuild.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://cloudbuild.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Build API - url: https://console.cloud.google.com/apis/library/cloudbuild.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'BitbucketServerConfig' - base_url: projects/{{project}}/locations/{{location}}/bitbucketServerConfigs - self_link: projects/{{project}}/locations/{{location}}/bitbucketServerConfigs/{{bitbucketServerConfigId}} - create_url: projects/{{project}}/locations/{{location}}/bitbucketServerConfigs?bitbucketServerConfigId={{bitbucketServerConfigId}} - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Connect to a Bitbucket Server host': 'https://cloud.google.com/build/docs/automating-builds/bitbucket/connect-host-bitbucket-server' - api: 'https://cloud.google.com/build/docs/api/reference/rest/v1/projects.locations.bitbucketServerConfigs' - description: | - BitbucketServerConfig represents the configuration for a Bitbucket Server. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'bitbucketServerConfigId' - required: true - url_param_only: true - input: true - description: | - The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name. - - !ruby/object:Api::Type::String - name: 'location' - url_param_only: true - input: true - required: true - description: | - The location of this bitbucket server config. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The resource name for the config. - - !ruby/object:Api::Type::String - name: 'hostUri' - required: true - description: | - Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed. - If you need to change it, please create another BitbucketServerConfig. - - !ruby/object:Api::Type::NestedObject - name: 'secrets' - required: true - description: | - Secret Manager secrets needed by the config. - properties: - - !ruby/object:Api::Type::String - name: 'adminAccessTokenVersionName' - required: true - description: | - The resource name for the admin access token's secret version. - - !ruby/object:Api::Type::String - name: 'readAccessTokenVersionName' - required: true - description: | - The resource name for the read access token's secret version. - - !ruby/object:Api::Type::String - name: 'webhookSecretVersionName' - required: true - input: true - description: | - Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed. - Changing this field will result in deleting/ recreating the resource. - - !ruby/object:Api::Type::String - name: 'username' - required: true - description: | - Username of the account Cloud Build will use on Bitbucket Server. - - !ruby/object:Api::Type::String - name: 'webhookKey' - output: true - description: | - Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config. - - !ruby/object:Api::Type::String - name: 'apiKey' - required: true - input: true - description: | - Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed. - Changing this field will result in deleting/ recreating the resource. - - !ruby/object:Api::Type::Array - name: 'connectedRepositories' - description: | - Connected Bitbucket Server repositories for this config. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'projectKey' - required: true - description: | - Identifier for the project storing the repository. - - !ruby/object:Api::Type::String - name: 'repoSlug' - required: true - description: | - Identifier for the repository. - - !ruby/object:Api::Type::String - name: 'peeredNetwork' - description: | - The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection. - This should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty, - no network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format - projects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project. - - !ruby/object:Api::Type::String - name: 'sslCa' - description: | - SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt. - - !ruby/object:Api::Resource - name: 'Trigger' - base_url: projects/{{project}}/locations/{{location}}/triggers - self_link: projects/{{project}}/locations/{{location}}/triggers/{{id}} - update_verb: :PATCH - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Automating builds using build triggers': 'https://cloud.google.com/cloud-build/docs/running-builds/automate-builds' - api: 'https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers' - description: | - Configuration for an automated build in response to source repository changes. - parameters: - - !ruby/object:Api::Type::String - name: 'location' - description: | - The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. - default_value: global - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'id' - description: | - The unique identifier for the trigger. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the trigger. Must be unique within the project. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Human-readable description of the trigger. - - !ruby/object:Api::Type::Array - name: 'tags' - item_type: Api::Type::String - description: | - Tags for annotation of a BuildTrigger - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Whether the trigger is disabled or not. If true, the trigger will never result in a build. - - !ruby/object:Api::Type::Time - name: 'createTime' - output: true - description: | - Time when the trigger was created. - - !ruby/object:Api::Type::KeyValuePairs - name: 'substitutions' - description: | - Substitutions data for Build resource. - - !ruby/object:Api::Type::String - name: 'serviceAccount' - description: | - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - Format: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL} - - !ruby/object:Api::Type::Enum - name: 'includeBuildLogs' - values: - - :INCLUDE_BUILD_LOGS_UNSPECIFIED - - :INCLUDE_BUILD_LOGS_WITH_STATUS - description: | - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS - - !ruby/object:Api::Type::String - name: 'filename' - exactly_one_of: - - filename - - build - - git_file_source - description: | - Path, from the source root, to a file whose contents is used for the template. - Either a filename or build template must be provided. Set this only when using trigger_template or github. - When using Pub/Sub, Webhook or Manual set the file name using git_file_source instead. - - !ruby/object:Api::Type::String - name: 'filter' - description: | - A Common Expression Language string. Used only with Pub/Sub and Webhook. - - !ruby/object:Api::Type::NestedObject - name: 'gitFileSource' - exactly_one_of: - - filename - - git_file_source - - build - description: | - The file source describing the local or remote Build template. - properties: - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - The path of the file, with the repo root as the root of the path. - - !ruby/object:Api::Type::String - name: 'uri' - description: | - The URI of the repo (optional). If unspecified, the repo from which the trigger - invocation originated is assumed to be the repo from which to read the specified path. - - !ruby/object:Api::Type::Enum - name: 'repoType' - required: true - description: | - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER - values: - - :UNKNOWN - - :CLOUD_SOURCE_REPOSITORIES - - :GITHUB - - :BITBUCKET_SERVER - - !ruby/object:Api::Type::String - name: 'revision' - description: | - The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the - filename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions - If unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path. - - !ruby/object:Api::Type::String - name: 'githubEnterpriseConfig' - description: | - The full resource name of the github enterprise config. - Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. - - !ruby/object:Api::Type::NestedObject - name: "repositoryEventConfig" - min_version: beta - description: | - The configuration of a trigger that creates a build whenever an event from Repo API is received. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: "repository" - description: | - The resource name of the Repo API resource. - - !ruby/object:Api::Type::NestedObject - name: "pullRequest" - description: | - Contains filter properties for matching Pull Requests. - exactly_one_of: - - pull_request - - push - properties: - - !ruby/object:Api::Type::String - name: "branch" - description: | - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax - exactly_one_of: - - branch - - !ruby/object:Api::Type::Boolean - name: "invertRegex" - description: | - If true, branches that do NOT match the git_ref will trigger a build. - - !ruby/object:Api::Type::Enum - name: "commentControl" - description: | - Configure builds to run whether a repository owner or collaborator need to comment `/gcbrun`. - values: - - :COMMENTS_DISABLED - - :COMMENTS_ENABLED - - :COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY - - !ruby/object:Api::Type::NestedObject - name: "push" - description: | - Contains filter properties for matching git pushes. - exactly_one_of: - - pull_request - - push - properties: - - !ruby/object:Api::Type::String - name: "branch" - description: | - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax - exactly_one_of: - - branch - - tag - - !ruby/object:Api::Type::String - name: "tag" - description: | - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax - exactly_one_of: - - branch - - tag - - !ruby/object:Api::Type::Boolean - name: "invertRegex" - description: | - If true, only trigger a build if the revision regex does NOT match the git_ref regex. - - !ruby/object:Api::Type::NestedObject - name: 'sourceToBuild' - description: | - The repo and ref of the repository from which to build. - This field is used only for those triggers that do not respond to SCM events. - Triggers that respond to such events build source at whatever commit caused the event. - This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: 'uri' - required: true - description: | - The URI of the repo (required). - - !ruby/object:Api::Type::String - name: 'ref' - required: true - description: | - The branch or tag to use. Must start with "refs/" (required). - - !ruby/object:Api::Type::Enum - name: 'repoType' - required: true - description: | - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER - values: - - :UNKNOWN - - :CLOUD_SOURCE_REPOSITORIES - - :GITHUB - - :BITBUCKET_SERVER - - !ruby/object:Api::Type::String - name: 'githubEnterpriseConfig' - description: | - The full resource name of the github enterprise config. - Format: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}. - - !ruby/object:Api::Type::Array - name: 'ignoredFiles' - item_type: Api::Type::String - description: | - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for `**`. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. - - !ruby/object:Api::Type::Array - name: 'includedFiles' - item_type: Api::Type::String - description: | - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for `**`. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - - !ruby/object:Api::Type::NestedObject - name: 'triggerTemplate' - description: | - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - description: | - ID of the project that owns the Cloud Source Repository. If - omitted, the project ID requesting the build is assumed. - - !ruby/object:Api::Type::String - name: 'repoName' - default_value: 'default' - description: | - Name of the Cloud Source Repository. If omitted, the name "default" is assumed. - - !ruby/object:Api::Type::String - name: 'dir' - description: | - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - Only trigger a build if the revision regex does NOT match the revision regex. - - !ruby/object:Api::Type::String - name: 'branchName' - description: | - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - exactly_one_of: - - trigger_template.0.branch_name - - trigger_template.0.tag_name - - trigger_template.0.commit_sha - - !ruby/object:Api::Type::String - name: 'tagName' - description: | - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - exactly_one_of: - - trigger_template.0.branch_name - - trigger_template.0.tag_name - - trigger_template.0.commit_sha - - !ruby/object:Api::Type::String - name: 'commitSha' - description: | - Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided. - exactly_one_of: - - trigger_template.0.branch_name - - trigger_template.0.tag_name - - trigger_template.0.commit_sha - - !ruby/object:Api::Type::NestedObject - name: 'github' - description: | - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: 'owner' - description: | - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". - - !ruby/object:Api::Type::NestedObject - name: 'pullRequest' - description: | - filter to match changes in pull requests. Specify only one of `pull_request` or `push`. - exactly_one_of: - - github.0.pull_request - - github.0.push - properties: - - !ruby/object:Api::Type::String - name: 'branch' - required: true - description: | - Regex of branches to match. - - !ruby/object:Api::Type::Enum - name: 'commentControl' - description: | - Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator. - values: - - :COMMENTS_DISABLED - - :COMMENTS_ENABLED - - :COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - If true, branches that do NOT match the git_ref will trigger a build. - - !ruby/object:Api::Type::NestedObject - name: 'push' - description: | - filter to match changes in refs, like branches or tags. Specify only one of `pull_request` or `push`. - exactly_one_of: - - github.0.pull_request - - github.0.push - properties: - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - When true, only trigger a build if the revision regex does NOT match the git_ref regex. - - !ruby/object:Api::Type::String - name: 'branch' - description: | - Regex of branches to match. Specify only one of branch or tag. - exactly_one_of: - - github.0.push.0.branch - - github.0.push.0.tag - - !ruby/object:Api::Type::String - name: 'tag' - description: | - Regex of tags to match. Specify only one of branch or tag. - exactly_one_of: - - github.0.push.0.branch - - github.0.push.0.tag - - !ruby/object:Api::Type::String - name: 'enterpriseConfigResourceName' - description: | - The resource name of the github enterprise config that should be applied to this installation. - For example: "projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}" - - !ruby/object:Api::Type::NestedObject - name: "bitbucketServerTriggerConfig" - description: | - BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: "repoSlug" - required: true - description: | - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. - - !ruby/object:Api::Type::String - name: "projectKey" - required: true - description: | - Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is "TEST". - - !ruby/object:Api::Type::String - name: "bitbucketServerConfigResource" - required: true - description: | - The Bitbucket server config resource that this trigger config maps to. - - !ruby/object:Api::Type::NestedObject - name: 'pullRequest' - description: | - Filter to match changes in pull requests. - exactly_one_of: - - bitbucket_server_trigger_config.0.pull_request - - bitbucket_server_trigger_config.0.push - properties: - - !ruby/object:Api::Type::String - name: 'branch' - required: true - description: | - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax - - !ruby/object:Api::Type::Enum - name: 'commentControl' - description: | - Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. - values: - - :COMMENTS_DISABLED - - :COMMENTS_ENABLED - - :COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - If true, branches that do NOT match the git_ref will trigger a build. - - !ruby/object:Api::Type::NestedObject - name: 'push' - description: | - Filter to match changes in refs like branches, tags. - exactly_one_of: - - bitbucket_server_trigger_config.0.pull_request - - bitbucket_server_trigger_config.0.push - properties: - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - When true, only trigger a build if the revision regex does NOT match the gitRef regex. - - !ruby/object:Api::Type::String - name: 'branch' - description: | - Regex of branches to match. Specify only one of branch or tag. - exactly_one_of: - - bitbucket_server_trigger_config.0.push.0.branch - - bitbucket_server_trigger_config.0.push.0.tag - - !ruby/object:Api::Type::String - name: 'tag' - description: | - Regex of tags to match. Specify only one of branch or tag. - exactly_one_of: - - bitbucket_server_trigger_config.0.push.0.branch - - bitbucket_server_trigger_config.0.push.0.tag - - !ruby/object:Api::Type::NestedObject - name: 'pubsubConfig' - description: | - PubsubConfig describes the configuration of a trigger that creates - a build whenever a Pub/Sub message is published. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: 'subscription' - description: | - Output only. Name of the subscription. - output: true - - !ruby/object:Api::Type::String - name: 'topic' - required: true - description: | - The name of the topic from which this subscription is receiving messages. - - !ruby/object:Api::Type::String - name: 'service_account_email' - description: | - Service account that will make the push request. - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - - !ruby/object:Api::Type::NestedObject - name: 'webhookConfig' - description: | - WebhookConfig describes the configuration of a trigger that creates - a build whenever a webhook is sent to a trigger's webhook URL. - at_least_one_of: - - trigger_template - - github - - bitbucket_server_trigger_config - - pubsub_config - - webhook_config - - source_to_build - - repository_event_config - properties: - - !ruby/object:Api::Type::String - name: 'secret' - required: true - description: | - Resource name for the secret required as a URL parameter. - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - - !ruby/object:Api::Type::NestedObject - name: 'approvalConfig' - description: | - Configuration for manual approval to start a build invocation of this BuildTrigger. - Builds created by this trigger will require approval before they execute. - Any user with a Cloud Build Approver role for the project can approve a build. - properties: - - !ruby/object:Api::Type::Boolean - name: 'approvalRequired' - default_value: false - description: | - Whether or not approval is needed. If this is set on a build, it will become pending when run, - and will need to be explicitly approved to start. - - !ruby/object:Api::Type::NestedObject - name: 'build' - exactly_one_of: - - filename - - build - - git_file_source - description: | - Contents of the build template. Either a filename or build template must be provided. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'source' - description: | - The location of the source files to build. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'storageSource' - description: | - Location of the source in an archive file in Google Cloud Storage. - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - required: true - description: | - Google Cloud Storage bucket containing the source. - - !ruby/object:Api::Type::String - name: 'object' - required: true - description: | - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - - !ruby/object:Api::Type::String - name: 'generation' - description: | - Google Cloud Storage generation for the object. - If the generation is omitted, the latest generation will be used - - !ruby/object:Api::Type::NestedObject - name: 'repoSource' - description: | - Location of the source in a Google Cloud Source Repository. - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - description: | - ID of the project that owns the Cloud Source Repository. - If omitted, the project ID requesting the build is assumed. - - !ruby/object:Api::Type::String - name: 'repoName' - required: true - description: | - Name of the Cloud Source Repository. - - !ruby/object:Api::Type::String - name: 'dir' - description: | - Directory, relative to the source root, in which to run the build. - This must be a relative path. If a step's dir is specified and is an absolute path, - this value is ignored for that step's execution. - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - Only trigger a build if the revision regex does NOT match the revision regex. - - !ruby/object:Api::Type::KeyValuePairs - name: 'substitutions' - description: | - Substitutions to use in a triggered build. Should only be used with triggers.run - - !ruby/object:Api::Type::String - name: 'branchName' - description: | - Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and - described at https://github.com/google/re2/wiki/Syntax - exactly_one_of: - - build.0.source.0.repo_source.0.branch_name - - build.0.source.0.repo_source.0.commit_sha - - build.0.source.0.repo_source.0.tag_name - - !ruby/object:Api::Type::String - name: 'tagName' - description: | - Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and - described at https://github.com/google/re2/wiki/Syntax - exactly_one_of: - - build.0.source.0.repo_source.0.branch_name - - build.0.source.0.repo_source.0.commit_sha - - build.0.source.0.repo_source.0.tag_name - - !ruby/object:Api::Type::String - name: 'commitSha' - description: | - Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided. - exactly_one_of: - - build.0.source.0.repo_source.0.branch_name - - build.0.source.0.repo_source.0.commit_sha - - build.0.source.0.repo_source.0.tag_name - - !ruby/object:Api::Type::Array - name: 'tags' - item_type: Api::Type::String - description: | - Tags for annotation of a Build. These are not docker tags. - - !ruby/object:Api::Type::Array - name: 'images' - item_type: Api::Type::String - description: | - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. - - !ruby/object:Api::Type::KeyValuePairs - name: 'substitutions' - description: | - Substitutions data for Build resource. - - !ruby/object:Api::Type::String - name: 'queueTtl' - description: | - TTL in queue for this build. If provided and the build is enqueued longer than this value, - the build will expire and the build status will be EXPIRED. - The TTL starts ticking from createTime. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::String - name: 'logsBucket' - description: | - Google Cloud Storage bucket where logs should be written. - Logs file names will be of the format ${logsBucket}/log-${build_id}.txt. - - !ruby/object:Api::Type::String - name: 'timeout' - description: | - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - default_value: '600s' - - !ruby/object:Api::Type::Array - name: 'secrets' - description: | - Secrets to decrypt using Cloud Key Management Service. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - required: true - description: | - Cloud KMS key name to use to decrypt these envs. - - !ruby/object:Api::Type::KeyValuePairs - name: 'secretEnv' - description: | - Map of environment variable name to its encrypted value. - Secret environment variables must be unique across all of a build's secrets, - and must be used by at least one build step. Values can be at most 64 KB in size. - There can be at most 100 secret values across all of a build's secrets. - - !ruby/object:Api::Type::NestedObject - name: 'availableSecrets' - description: | - Secrets and secret environment variables. - properties: - - !ruby/object:Api::Type::Array - name: 'secretManager' - required: true - description: | - Pairs a secret environment variable with a SecretVersion in Secret Manager. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'versionName' - required: true - description: | - Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/* - - !ruby/object:Api::Type::String - name: 'env' - required: true - description: | - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - - !ruby/object:Api::Type::Array - name: 'steps' - required: true - description: | - The operations to be performed on the workspace. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name of the container image that will run this particular build step. - - If the image is available in the host's Docker daemon's cache, it will be - run directly. If not, the host will attempt to pull the image first, using - the builder service account's credentials if necessary. - - The Docker daemon's cache will already have the latest versions of all of - the officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - for images and examples). - The Docker daemon will also have cached many of the layers for some popular - images, like "ubuntu", "debian", but they will be refreshed at the time - you attempt to use them. - - If you built an image in a previous build step, it will be stored in the - host's Docker daemon's cache and is available to use as the name for a - later build step. - - !ruby/object:Api::Type::Array - name: 'args' - item_type: Api::Type::String - description: | - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - - !ruby/object:Api::Type::Array - name: 'env' - item_type: Api::Type::String - description: | - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - - !ruby/object:Api::Type::String - name: 'id' - description: | - Unique identifier for this build step, used in `wait_for` to - reference this build step as a dependency. - - !ruby/object:Api::Type::String - name: 'entrypoint' - description: | - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used - - !ruby/object:Api::Type::String - name: 'dir' - description: | - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a `volume` for that path is specified. - - If the build specifies a `RepoSource` with `dir` and a step with a - `dir`, - which specifies an absolute path, the `RepoSource` `dir` is ignored - for the step's execution. - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'secretEnv' - description: | - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's `Secret`. - - !ruby/object:Api::Type::String - name: 'timeout' - description: | - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - - !ruby/object:Api::Type::String - name: 'timing' - input: false - description: | - Output only. Stores timing information for executing this - build step. - - !ruby/object:Api::Type::Array - name: 'volumes' - description: | - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - - !ruby/object:Api::Type::Array - name: 'waitFor' - item_type: Api::Type::String - description: | - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in `wait_for` - have completed successfully. If `wait_for` is empty, this build step - will start when all previous build steps in the `Build.Steps` list - have completed successfully. - - !ruby/object:Api::Type::String - name: 'script' - description: | - A shell script to be executed in the step. - When script is provided, the user cannot specify the entrypoint or args. - - !ruby/object:Api::Type::NestedObject - name: 'artifacts' - description: | - Artifacts produced by the build that should be uploaded upon successful completion of all build steps. - properties: - - !ruby/object:Api::Type::Array - name: 'images' - item_type: Api::Type::String - description: | - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - - !ruby/object:Api::Type::NestedObject - name: 'objects' - description: | - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - - !ruby/object:Api::Type::String - name: 'location' - description: | - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. - - !ruby/object:Api::Type::Array - name: 'paths' - item_type: Api::Type::String - description: | - Path globs used to match files in the build's workspace. - - !ruby/object:Api::Type::NestedObject - name: 'timing' - description: | - Output only. Stores timing information for pushing all artifact objects. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'endTime' - description: | - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: 'options' - description: | - Special options for this build. - properties: - - !ruby/object:Api::Type::Array - name: 'sourceProvenanceHash' - description: | - Requested hash for SourceProvenance. - item_type: !ruby/object:Api::Type::Enum - name: 'hashType' - description: | - Specifies the hash algorithm, if any. - values: - - :NONE - - :SHA256 - - :MD5 - - !ruby/object:Api::Type::Enum - name: 'requestedVerifyOption' - description: | - Requested verifiability options. - values: - - :NOT_VERIFIED - - :VERIFIED - - !ruby/object:Api::Type::Enum - name: 'machineType' - description: | - Compute Engine machine type on which to run the build. - values: - - :UNSPECIFIED - - :N1_HIGHCPU_8 - - :N1_HIGHCPU_32 - - :E2_HIGHCPU_8 - - :E2_HIGHCPU_32 - - !ruby/object:Api::Type::Integer - name: 'diskSizeGb' - description: | - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - - !ruby/object:Api::Type::Enum - name: 'substitutionOption' - description: | - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. - values: - - :MUST_MATCH - - :ALLOW_LOOSE - - !ruby/object:Api::Type::Boolean - name: 'dynamicSubstitutions' - send_empty_value: true - description: | - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - - !ruby/object:Api::Type::Enum - name: 'logStreamingOption' - description: | - Option to define build log streaming behavior to Google Cloud Storage. - values: - - :STREAM_DEFAULT - - :STREAM_ON - - :STREAM_OFF - - !ruby/object:Api::Type::String - name: 'workerPool' - description: | - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} - - This field is experimental. - - !ruby/object:Api::Type::Enum - name: 'logging' - description: | - Option to specify the logging mode, which determines if and where build logs are stored. - values: - - :LOGGING_UNSPECIFIED - - :LEGACY - - :GCS_ONLY - - :STACKDRIVER_ONLY - - :CLOUD_LOGGING_ONLY - - :NONE - - !ruby/object:Api::Type::Array - name: 'env' - item_type: Api::Type::String - description: | - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - - !ruby/object:Api::Type::Array - name: 'secretEnv' - item_type: Api::Type::String - description: | - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - - !ruby/object:Api::Type::Array - name: 'volumes' - description: | - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - - !ruby/object:Api::Type::String - name: 'path' - description: | - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. diff --git a/mmv1/products/cloudbuild/product.yaml b/mmv1/products/cloudbuild/product.yaml new file mode 100644 index 000000000000..700ac0d9c407 --- /dev/null +++ b/mmv1/products/cloudbuild/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudBuild +display_name: Cloud Build +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudbuild.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://cloudbuild.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Build API + url: https://console.cloud.google.com/apis/library/cloudbuild.googleapis.com/ diff --git a/mmv1/products/cloudbuildv2/Connection.yaml b/mmv1/products/cloudbuildv2/Connection.yaml new file mode 100644 index 000000000000..157379c3fea6 --- /dev/null +++ b/mmv1/products/cloudbuildv2/Connection.yaml @@ -0,0 +1,28 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +--- !ruby/object:Api::Resource +name: 'Connection' +base_url: projects/{{project}}/locations/{{location}}/connections +self_link: projects/{{project}}/locations/{{location}}/connections/{{name}} +min_version: beta +exclude_resource: true +description: | + Only used to generate IAM resources. +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Dummy property. + required: true diff --git a/mmv1/products/cloudbuildv2/api.yaml b/mmv1/products/cloudbuildv2/product.yaml similarity index 60% rename from mmv1/products/cloudbuildv2/api.yaml rename to mmv1/products/cloudbuildv2/product.yaml index 28477b034ca6..918ca57de200 100644 --- a/mmv1/products/cloudbuildv2/api.yaml +++ b/mmv1/products/cloudbuildv2/product.yaml @@ -24,19 +24,3 @@ apis_required: - !ruby/object:Api::Product::ApiReference name: Cloud Build API url: https://console.cloud.google.com/apis/library/cloudbuild.googleapis.com/ -objects: - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'Connection' - base_url: projects/{{project}}/locations/{{location}}/connections - self_link: projects/{{project}}/locations/{{location}}/connections/{{name}} - min_version: beta - exclude_resource: true - description: | - Only used to generate IAM resources. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Dummy property. - required: true diff --git a/mmv1/products/cloudfunctions/CloudFunction.yaml b/mmv1/products/cloudfunctions/CloudFunction.yaml new file mode 100644 index 000000000000..b25f97732eed --- /dev/null +++ b/mmv1/products/cloudfunctions/CloudFunction.yaml @@ -0,0 +1,188 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CloudFunction' +base_url: projects/{{project}}/locations/{{location}}/functions +create_verb: :POST +description: | + A Cloud Function that contains user computation executed in response to an event. +collection_url_key: 'functions' +update_mask: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'location' + required: true + description: The location of this cloud function. + # This is not a real API field. + # This is a more user-centric way for users to specify + # that they want to use a HTTP Trigger rather than + # send httpsTrigger with an empty dictionary. + - !ruby/object:Api::Type::Boolean + name: 'trigger_http' + description: 'Use HTTP to trigger this function' +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + A user-defined name of the function. Function names must + be unique globally and match pattern `projects/*/locations/*/functions/*`. + pattern: projects/{{project}}/locations/{{location}}/functions/{{name}} + - !ruby/object:Api::Type::String + name: 'description' + description: 'User-provided description of a function.' + - !ruby/object:Api::Type::Enum + name: 'status' + output: true + description: | + Status of the function deployment. + values: + - :CLOUD_FUNCTION_STATUS_UNSPECIFIED + - :ACTOVE + - :OFFLINE + - :DEPLOY_IN_PROGRESS + - :DELETE_IN_PROGRESS + - :UNKNOWN + - !ruby/object:Api::Type::String + name: 'entryPoint' + description: | + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + - !ruby/object:Api::Type::String + name: 'runtime' + description: | + The runtime in which the function is going to run. If empty, + defaults to Node.js 6. + - !ruby/object:Api::Type::String + name: 'timeout' + description: | + The function execution timeout. Execution is considered failed and can + be terminated if the function is not completed at the end of the timeout + period. Defaults to 60 seconds. + - !ruby/object:Api::Type::Integer + name: 'availableMemoryMb' + description: 'The amount of memory in MB available for a function.' + - !ruby/object:Api::Type::String + name: 'serviceAccountEmail' + output: true + description: 'The email of the service account for this function.' + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: 'The last update timestamp of a Cloud Function' + - !ruby/object:Api::Type::String + name: 'versionId' + output: true + description: | + The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs associated with this Cloud Function. + - !ruby/object:Api::Type::KeyValuePairs + name: 'environmentVariables' + description: | + Environment variables that shall be available during function execution. + - !ruby/object:Api::Type::String + name: 'sourceArchiveUrl' + description: | + The Google Cloud Storage URL, starting with gs://, pointing to the zip + archive which contains the function. + exactly_one_of: + - source_repository + - source_archive_url + - source_upload_url + - !ruby/object:Api::Type::String + name: 'sourceUploadUrl' + description: | + The Google Cloud Storage signed URL used for source uploading. + exactly_one_of: + - source_repository + - source_archive_url + - source_upload_url + - !ruby/object:Api::Type::NestedObject + name: 'sourceRepository' + description: | + The source repository where a function is hosted. + exactly_one_of: + - source_repository + - source_archive_url + - source_upload_url + properties: + - !ruby/object:Api::Type::String + name: 'url' + required: true + description: | + The URL pointing to the hosted repository where the function is defined + - !ruby/object:Api::Type::String + name: 'deployedUrl' + output: true + description: | + The URL pointing to the hosted repository where the function were defined + at the time of deployment. + - !ruby/object:Api::Type::NestedObject + name: 'httpsTrigger' + description: | + An HTTPS endpoint type of source that can be triggered via URL. + properties: + - !ruby/object:Api::Type::String + name: 'url' + output: true + description: 'The deployed url for the function.' + - !ruby/object:Api::Type::NestedObject + name: 'eventTrigger' + description: | + An HTTPS endpoint type of source that can be triggered via URL. + properties: + - !ruby/object:Api::Type::String + name: 'eventType' + required: true + description: | + The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + - !ruby/object:Api::Type::String + name: 'resource' + required: true + description: | + The resource(s) from which to observe events, + for example, `projects/_/buckets/myBucket.` + - !ruby/object:Api::Type::String + name: 'service' + description: | + The hostname of the service that should be observed. + diff --git a/mmv1/products/cloudfunctions/api.yaml b/mmv1/products/cloudfunctions/api.yaml deleted file mode 100644 index 356d310ac9bb..000000000000 --- a/mmv1/products/cloudfunctions/api.yaml +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudFunctions -display_name: Cloud Functions -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudfunctions.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Functions API - url: https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'CloudFunction' - base_url: projects/{{project}}/locations/{{location}}/functions - create_verb: :POST - description: | - A Cloud Function that contains user computation executed in response to an event. - collection_url_key: 'functions' - update_mask: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'location' - required: true - description: The location of this cloud function. - # This is not a real API field. - # This is a more user-centric way for users to specify - # that they want to use a HTTP Trigger rather than - # send httpsTrigger with an empty dictionary. - - !ruby/object:Api::Type::Boolean - name: 'trigger_http' - description: 'Use HTTP to trigger this function' - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - A user-defined name of the function. Function names must - be unique globally and match pattern `projects/*/locations/*/functions/*`. - pattern: projects/{{project}}/locations/{{location}}/functions/{{name}} - - !ruby/object:Api::Type::String - name: 'description' - description: 'User-provided description of a function.' - - !ruby/object:Api::Type::Enum - name: 'status' - output: true - description: | - Status of the function deployment. - values: - - :CLOUD_FUNCTION_STATUS_UNSPECIFIED - - :ACTOVE - - :OFFLINE - - :DEPLOY_IN_PROGRESS - - :DELETE_IN_PROGRESS - - :UNKNOWN - - !ruby/object:Api::Type::String - name: 'entryPoint' - description: | - The name of the function (as defined in source code) that will be executed. - Defaults to the resource name suffix, if not specified. For backward - compatibility, if function with given name is not found, then the system - will try to use function named "function". For Node.js this is name of a - function exported by the module specified in source_location. - - !ruby/object:Api::Type::String - name: 'runtime' - description: | - The runtime in which the function is going to run. If empty, - defaults to Node.js 6. - - !ruby/object:Api::Type::String - name: 'timeout' - description: | - The function execution timeout. Execution is considered failed and can - be terminated if the function is not completed at the end of the timeout - period. Defaults to 60 seconds. - - !ruby/object:Api::Type::Integer - name: 'availableMemoryMb' - description: 'The amount of memory in MB available for a function.' - - !ruby/object:Api::Type::String - name: 'serviceAccountEmail' - output: true - description: 'The email of the service account for this function.' - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: 'The last update timestamp of a Cloud Function' - - !ruby/object:Api::Type::String - name: 'versionId' - output: true - description: | - The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs associated with this Cloud Function. - - !ruby/object:Api::Type::KeyValuePairs - name: 'environmentVariables' - description: | - Environment variables that shall be available during function execution. - - !ruby/object:Api::Type::String - name: 'sourceArchiveUrl' - description: | - The Google Cloud Storage URL, starting with gs://, pointing to the zip - archive which contains the function. - exactly_one_of: - - source_repository - - source_archive_url - - source_upload_url - - !ruby/object:Api::Type::String - name: 'sourceUploadUrl' - description: | - The Google Cloud Storage signed URL used for source uploading. - exactly_one_of: - - source_repository - - source_archive_url - - source_upload_url - - !ruby/object:Api::Type::NestedObject - name: 'sourceRepository' - description: | - The source repository where a function is hosted. - exactly_one_of: - - source_repository - - source_archive_url - - source_upload_url - properties: - - !ruby/object:Api::Type::String - name: 'url' - required: true - description: | - The URL pointing to the hosted repository where the function is defined - - !ruby/object:Api::Type::String - name: 'deployedUrl' - output: true - description: | - The URL pointing to the hosted repository where the function were defined - at the time of deployment. - - !ruby/object:Api::Type::NestedObject - name: 'httpsTrigger' - description: | - An HTTPS endpoint type of source that can be triggered via URL. - properties: - - !ruby/object:Api::Type::String - name: 'url' - output: true - description: 'The deployed url for the function.' - - !ruby/object:Api::Type::NestedObject - name: 'eventTrigger' - description: | - An HTTPS endpoint type of source that can be triggered via URL. - properties: - - !ruby/object:Api::Type::String - name: 'eventType' - required: true - description: | - The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - !ruby/object:Api::Type::String - name: 'resource' - required: true - description: | - The resource(s) from which to observe events, - for example, `projects/_/buckets/myBucket.` - - !ruby/object:Api::Type::String - name: 'service' - description: | - The hostname of the service that should be observed. diff --git a/mmv1/products/cloudfunctions/product.yaml b/mmv1/products/cloudfunctions/product.yaml new file mode 100644 index 000000000000..d4e78777e48c --- /dev/null +++ b/mmv1/products/cloudfunctions/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudFunctions +display_name: Cloud Functions +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudfunctions.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Functions API + url: https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com/ diff --git a/mmv1/products/cloudfunctions2/Function.yaml b/mmv1/products/cloudfunctions2/Function.yaml new file mode 100644 index 000000000000..03d455bb7fcf --- /dev/null +++ b/mmv1/products/cloudfunctions2/Function.yaml @@ -0,0 +1,393 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'function' +base_url: projects/{{project}}/locations/{{location}}/functions +create_url: projects/{{project}}/locations/{{location}}/functions?functionId={{name}} +self_link: projects/{{project}}/locations/{{location}}/functions/{{name}} +create_verb: :POST +update_verb: :PATCH +references: !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions' +description: | + A Cloud Function that contains user computation executed in response to an event. +collection_url_key: 'functions' +update_mask: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + # It takes about 35-40 mins to get the resource created + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'location' + immutable: true + url_param_only: true + description: The location of this cloud function. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + A user-defined name of the function. Function names must + be unique globally and match pattern `projects/*/locations/*/functions/*`. + pattern: projects/{{project}}/locations/{{location}}/functions/{{name}} + - !ruby/object:Api::Type::String + name: 'description' + description: 'User-provided description of a function.' + - !ruby/object:Api::Type::Enum + name: 'environment' + output: true + description: 'The environment the function is hosted on.' + values: + - :ENVIRONMENT_UNSPECIFIED + - :GEN_1 + - :GEN_2 + - !ruby/object:Api::Type::Enum + name: 'state' + output: true + description: 'Describes the current state of the function.' + values: + - :STATE_UNSPECIFIED + - :ACTIVE + - :FAILED + - :DEPLOYING + - :DELETING + - :UNKNOWN + - !ruby/object:Api::Type::NestedObject + name: 'buildConfig' + description: | + Describes the Build step of the function that builds a container + from the given source. + properties: + - !ruby/object:Api::Type::String + name: 'build' + description: | + The Cloud Build name of the latest successful + deployment of the function. + output: true + - !ruby/object:Api::Type::String + name: 'runtime' + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + - !ruby/object:Api::Type::String + name: 'entryPoint' + description: | + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + - !ruby/object:Api::Type::NestedObject + name: 'source' + description: 'The location of the function source code.' + properties: + - !ruby/object:Api::Type::NestedObject + name: 'storageSource' + description: 'If provided, get the source from this location in Google Cloud Storage.' + exactly_one_of: + - storage_source + - repo_source + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + description: 'Google Cloud Storage bucket containing the source' + - !ruby/object:Api::Type::String + name: 'object' + description: 'Google Cloud Storage object containing the source.' + - !ruby/object:Api::Type::Integer + name: 'generation' + description: | + Google Cloud Storage generation for the object. If the generation + is omitted, the latest generation will be used. + - !ruby/object:Api::Type::NestedObject + name: 'repoSource' + description: 'If provided, get the source from this location in a Cloud Source Repository.' + exactly_one_of: + - storage_source + - repo_source + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + immutable: true + description: | + ID of the project that owns the Cloud Source Repository. If omitted, the + project ID requesting the build is assumed. + - !ruby/object:Api::Type::String + name: 'repoName' + description: 'Name of the Cloud Source Repository.' + - !ruby/object:Api::Type::String + name: 'branchName' + description: 'Regex matching branches to build.' + exactly_one_of: + - branch_name + - tag_name + - commit_sha + - !ruby/object:Api::Type::String + name: 'tagName' + description: 'Regex matching tags to build.' + exactly_one_of: + - branch_name + - tag_name + - commit_sha + - !ruby/object:Api::Type::String + name: 'commitSha' + description: 'Regex matching tags to build.' + exactly_one_of: + - branch_name + - tag_name + - commit_sha + - !ruby/object:Api::Type::String + name: 'dir' + description: | + Directory, relative to the source root, in which to run the build. + - !ruby/object:Api::Type::Boolean + name: 'invertRegex' + description: | + Only trigger a build if the revision regex does + NOT match the revision regex. + - !ruby/object:Api::Type::String + name: 'workerPool' + description: 'Name of the Cloud Build Custom Worker Pool that should be used to build the function.' + - !ruby/object:Api::Type::KeyValuePairs + name: 'environmentVariables' + description: | + User-provided build-time environment variables for the function. + - !ruby/object:Api::Type::String + name: 'dockerRepository' + description: | + User managed repository created in Artifact Registry optionally with a customer managed encryption key. + - !ruby/object:Api::Type::NestedObject + name: 'serviceConfig' + description: 'Describes the Service being deployed.' + properties: + - !ruby/object:Api::Type::String + name: 'service' + description: | + Name of the service associated with a Function. + - !ruby/object:Api::Type::Integer + name: 'timeoutSeconds' + description: | + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + - !ruby/object:Api::Type::String + name: 'availableMemory' + description: | + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + - !ruby/object:Api::Type::Integer + name: 'maxInstanceRequestConcurrency' + description: 'Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.' + - !ruby/object:Api::Type::String + name: 'availableCpu' + description: 'The number of CPUs used in a single container instance. Default value is calculated from available memory.' + - !ruby/object:Api::Type::KeyValuePairs + name: 'environmentVariables' + description: 'Environment variables that shall be available during function execution.' + - !ruby/object:Api::Type::Integer + name: 'maxInstanceCount' + description: | + The limit on the maximum number of function instances that may coexist at a + given time. + - !ruby/object:Api::Type::Integer + name: 'minInstanceCount' + description: | + The limit on the minimum number of function instances that may coexist at a + given time. + - !ruby/object:Api::Type::String + name: 'vpcConnector' + description: 'The Serverless VPC Access connector that this cloud function can connect to.' + - !ruby/object:Api::Type::Enum + name: 'vpcConnectorEgressSettings' + description: 'Available egress settings.' + values: + - :VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED + - :PRIVATE_RANGES_ONLY + - :ALL_TRAFFIC + - !ruby/object:Api::Type::Enum + name: 'ingressSettings' + description: 'Available ingress settings. Defaults to "ALLOW_ALL" if unspecified.' + values: + - :ALLOW_ALL + - :ALLOW_INTERNAL_ONLY + - :ALLOW_INTERNAL_AND_GCLB + default_value: :ALLOW_ALL + - !ruby/object:Api::Type::String + name: 'uri' + description: 'URI of the Service deployed.' + output: true + - !ruby/object:Api::Type::String + name: 'gcfUri' + description: 'URIs of the Service deployed' + output: true + - !ruby/object:Api::Type::String + name: 'serviceAccountEmail' + description: 'The email of the service account for this function.' + - !ruby/object:Api::Type::Boolean + name: 'allTrafficOnLatestRevision' + description: 'Whether 100% of traffic is routed to the latest revision. Defaults to true.' + default_value: true + - !ruby/object:Api::Type::Array + name: 'secretEnvironmentVariables' + description: 'Secret environment variables configuration.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: key + description: | + Name of the environment variable. + required: true + - !ruby/object:Api::Type::String + name: projectId + description: | + Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + required: true + - !ruby/object:Api::Type::String + name: secret + description: | + Name of the secret in secret manager (not the full resource name). + required: true + - !ruby/object:Api::Type::String + name: version + description: | + Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start. + required: true + - !ruby/object:Api::Type::Array + name: 'secretVolumes' + description: 'Secret volumes configuration.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: mountPath + description: | + The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets + required: true + - !ruby/object:Api::Type::String + name: projectId + description: | + Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. + required: true + - !ruby/object:Api::Type::String + name: secret + description: | + Name of the secret in secret manager (not the full resource name). + required: true + - !ruby/object:Api::Type::Array + name: 'versions' + description: List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: version + description: | + Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately. + required: true + - !ruby/object:Api::Type::String + name: path + description: | + Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'eventTrigger' + description: | + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + - !ruby/object:Api::Type::String + name: 'trigger' + description: 'Output only. The resource name of the Eventarc trigger.' + output: true + - !ruby/object:Api::Type::String + name: 'triggerRegion' + description: | + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + - !ruby/object:Api::Type::String + name: 'eventType' + description: 'Required. The type of event to observe.' + - !ruby/object:Api::Type::Array + name: 'eventFilters' + description: 'Criteria used to filter events.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: attribute + description: | + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the `gcloud eventarc providers describe` command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's `event_type` attribute. + required: true + - !ruby/object:Api::Type::String + name: value + description: | + Required. The value for the attribute. + If the operator field is set as `match-path-pattern`, this value can be a path pattern instead of an exact value. + required: true + - !ruby/object:Api::Type::String + name: operator + description: | + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is `match-path-pattern`. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)' + - !ruby/object:Api::Type::String + name: 'pubsubTopic' + description: | + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + - !ruby/object:Api::Type::String + name: 'serviceAccountEmail' + description: 'The email of the service account for this function.' + - !ruby/object:Api::Type::Enum + name: 'retryPolicy' + description: | + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. + values: + - :RETRY_POLICY_UNSPECIFIED + - :RETRY_POLICY_DO_NOT_RETRY + - :RETRY_POLICY_RETRY + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: 'The last update timestamp of a Cloud Function.' + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs associated with this Cloud Function. + diff --git a/mmv1/products/cloudfunctions2/api.yaml b/mmv1/products/cloudfunctions2/api.yaml deleted file mode 100644 index 3bd4d614866c..000000000000 --- a/mmv1/products/cloudfunctions2/api.yaml +++ /dev/null @@ -1,409 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Cloudfunctions2 -display_name: Cloud Functions (2nd gen) -scopes: - - https://www.googleapis.com/auth/cloud-platform -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://cloudfunctions.googleapis.com/v2beta/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudfunctions.googleapis.com/v2/ -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Functions API - url: https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'function' - base_url: projects/{{project}}/locations/{{location}}/functions - create_url: projects/{{project}}/locations/{{location}}/functions?functionId={{name}} - self_link: projects/{{project}}/locations/{{location}}/functions/{{name}} - create_verb: :POST - update_verb: :PATCH - references: !ruby/object:Api::Resource::ReferenceLinks - api: 'https://cloud.google.com/functions/docs/reference/rest/v2beta/projects.locations.functions' - description: | - A Cloud Function that contains user computation executed in response to an event. - collection_url_key: 'functions' - update_mask: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - # It takes about 35-40 mins to get the resource created - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 60 - update_minutes: 60 - delete_minutes: 60 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'location' - input: true - url_param_only: true - description: The location of this cloud function. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - A user-defined name of the function. Function names must - be unique globally and match pattern `projects/*/locations/*/functions/*`. - pattern: projects/{{project}}/locations/{{location}}/functions/{{name}} - - !ruby/object:Api::Type::String - name: 'description' - description: 'User-provided description of a function.' - - !ruby/object:Api::Type::Enum - name: 'environment' - output: true - description: 'The environment the function is hosted on.' - values: - - :ENVIRONMENT_UNSPECIFIED - - :GEN_1 - - :GEN_2 - - !ruby/object:Api::Type::Enum - name: 'state' - output: true - description: 'Describes the current state of the function.' - values: - - :STATE_UNSPECIFIED - - :ACTIVE - - :FAILED - - :DEPLOYING - - :DELETING - - :UNKNOWN - - !ruby/object:Api::Type::NestedObject - name: 'buildConfig' - description: | - Describes the Build step of the function that builds a container - from the given source. - properties: - - !ruby/object:Api::Type::String - name: 'build' - description: | - The Cloud Build name of the latest successful - deployment of the function. - output: true - - !ruby/object:Api::Type::String - name: 'runtime' - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. - - !ruby/object:Api::Type::String - name: 'entryPoint' - description: | - The name of the function (as defined in source code) that will be executed. - Defaults to the resource name suffix, if not specified. For backward - compatibility, if function with given name is not found, then the system - will try to use function named "function". For Node.js this is name of a - function exported by the module specified in source_location. - - !ruby/object:Api::Type::NestedObject - name: 'source' - description: 'The location of the function source code.' - properties: - - !ruby/object:Api::Type::NestedObject - name: 'storageSource' - description: 'If provided, get the source from this location in Google Cloud Storage.' - exactly_one_of: - - storage_source - - repo_source - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - description: 'Google Cloud Storage bucket containing the source' - - !ruby/object:Api::Type::String - name: 'object' - description: 'Google Cloud Storage object containing the source.' - - !ruby/object:Api::Type::Integer - name: 'generation' - description: | - Google Cloud Storage generation for the object. If the generation - is omitted, the latest generation will be used. - - !ruby/object:Api::Type::NestedObject - name: 'repoSource' - description: 'If provided, get the source from this location in a Cloud Source Repository.' - exactly_one_of: - - storage_source - - repo_source - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - input: true - description: | - ID of the project that owns the Cloud Source Repository. If omitted, the - project ID requesting the build is assumed. - - !ruby/object:Api::Type::String - name: 'repoName' - description: 'Name of the Cloud Source Repository.' - - !ruby/object:Api::Type::String - name: 'branchName' - description: 'Regex matching branches to build.' - exactly_one_of: - - branch_name - - tag_name - - commit_sha - - !ruby/object:Api::Type::String - name: 'tagName' - description: 'Regex matching tags to build.' - exactly_one_of: - - branch_name - - tag_name - - commit_sha - - !ruby/object:Api::Type::String - name: 'commitSha' - description: 'Regex matching tags to build.' - exactly_one_of: - - branch_name - - tag_name - - commit_sha - - !ruby/object:Api::Type::String - name: 'dir' - description: | - Directory, relative to the source root, in which to run the build. - - !ruby/object:Api::Type::Boolean - name: 'invertRegex' - description: | - Only trigger a build if the revision regex does - NOT match the revision regex. - - !ruby/object:Api::Type::String - name: 'workerPool' - description: 'Name of the Cloud Build Custom Worker Pool that should be used to build the function.' - - !ruby/object:Api::Type::KeyValuePairs - name: 'environmentVariables' - description: | - User-provided build-time environment variables for the function. - - !ruby/object:Api::Type::String - name: 'dockerRepository' - description: | - User managed repository created in Artifact Registry optionally with a customer managed encryption key. - - !ruby/object:Api::Type::NestedObject - name: 'serviceConfig' - description: 'Describes the Service being deployed.' - properties: - - !ruby/object:Api::Type::String - name: 'service' - description: | - Name of the service associated with a Function. - - !ruby/object:Api::Type::Integer - name: 'timeoutSeconds' - description: | - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - - !ruby/object:Api::Type::String - name: 'availableMemory' - description: | - The amount of memory available for a function. - Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is - supplied the value is interpreted as bytes. - - !ruby/object:Api::Type::Integer - name: 'maxInstanceRequestConcurrency' - description: 'Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.' - - !ruby/object:Api::Type::String - name: 'availableCpu' - description: 'The number of CPUs used in a single container instance. Default value is calculated from available memory.' - - !ruby/object:Api::Type::KeyValuePairs - name: 'environmentVariables' - description: 'Environment variables that shall be available during function execution.' - - !ruby/object:Api::Type::Integer - name: 'maxInstanceCount' - description: | - The limit on the maximum number of function instances that may coexist at a - given time. - - !ruby/object:Api::Type::Integer - name: 'minInstanceCount' - description: | - The limit on the minimum number of function instances that may coexist at a - given time. - - !ruby/object:Api::Type::String - name: 'vpcConnector' - description: 'The Serverless VPC Access connector that this cloud function can connect to.' - - !ruby/object:Api::Type::Enum - name: 'vpcConnectorEgressSettings' - description: 'Available egress settings.' - values: - - :VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED - - :PRIVATE_RANGES_ONLY - - :ALL_TRAFFIC - - !ruby/object:Api::Type::Enum - name: 'ingressSettings' - description: 'Available ingress settings. Defaults to "ALLOW_ALL" if unspecified.' - values: - - :ALLOW_ALL - - :ALLOW_INTERNAL_ONLY - - :ALLOW_INTERNAL_AND_GCLB - default_value: :ALLOW_ALL - - !ruby/object:Api::Type::String - name: 'uri' - description: 'URI of the Service deployed.' - output: true - - !ruby/object:Api::Type::String - name: 'gcfUri' - description: 'URIs of the Service deployed' - output: true - - !ruby/object:Api::Type::String - name: 'serviceAccountEmail' - description: 'The email of the service account for this function.' - - !ruby/object:Api::Type::Boolean - name: 'allTrafficOnLatestRevision' - description: 'Whether 100% of traffic is routed to the latest revision. Defaults to true.' - default_value: true - - !ruby/object:Api::Type::Array - name: 'secretEnvironmentVariables' - description: 'Secret environment variables configuration.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: key - description: | - Name of the environment variable. - required: true - - !ruby/object:Api::Type::String - name: projectId - description: | - Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. - required: true - - !ruby/object:Api::Type::String - name: secret - description: | - Name of the secret in secret manager (not the full resource name). - required: true - - !ruby/object:Api::Type::String - name: version - description: | - Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start. - required: true - - !ruby/object:Api::Type::Array - name: 'secretVolumes' - description: 'Secret volumes configuration.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: mountPath - description: | - The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets - required: true - - !ruby/object:Api::Type::String - name: projectId - description: | - Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function. - required: true - - !ruby/object:Api::Type::String - name: secret - description: | - Name of the secret in secret manager (not the full resource name). - required: true - - !ruby/object:Api::Type::Array - name: 'versions' - description: List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: version - description: | - Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately. - required: true - - !ruby/object:Api::Type::String - name: path - description: | - Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'eventTrigger' - description: | - An Eventarc trigger managed by Google Cloud Functions that fires events in - response to a condition in another service. - properties: - - !ruby/object:Api::Type::String - name: 'trigger' - description: 'Output only. The resource name of the Eventarc trigger.' - output: true - - !ruby/object:Api::Type::String - name: 'triggerRegion' - description: | - The region that the trigger will be in. The trigger will only receive - events originating in this region. It can be the same - region as the function, a different region or multi-region, or the global - region. If not provided, defaults to the same region as the function. - - !ruby/object:Api::Type::String - name: 'eventType' - description: 'Required. The type of event to observe.' - - !ruby/object:Api::Type::Array - name: 'eventFilters' - description: 'Criteria used to filter events.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: attribute - description: | - 'Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. Use the `gcloud eventarc providers describe` command to learn more about events and their attributes. - Do not filter for the 'type' attribute here, as this is already achieved by the resource's `event_type` attribute. - required: true - - !ruby/object:Api::Type::String - name: value - description: | - Required. The value for the attribute. - If the operator field is set as `match-path-pattern`, this value can be a path pattern instead of an exact value. - required: true - - !ruby/object:Api::Type::String - name: operator - description: | - Optional. The operator used for matching the events with the value of - the filter. If not specified, only events that have an exact key-value - pair specified in the filter are matched. - The only allowed value is `match-path-pattern`. - [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)' - - !ruby/object:Api::Type::String - name: 'pubsubTopic' - description: | - The name of a Pub/Sub topic in the same project that will be used - as the transport topic for the event delivery. - - !ruby/object:Api::Type::String - name: 'serviceAccountEmail' - description: 'The email of the service account for this function.' - - !ruby/object:Api::Type::Enum - name: 'retryPolicy' - description: | - Describes the retry policy in case of function's execution failure. - Retried execution is charged as any other execution. - values: - - :RETRY_POLICY_UNSPECIFIED - - :RETRY_POLICY_DO_NOT_RETRY - - :RETRY_POLICY_RETRY - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: 'The last update timestamp of a Cloud Function.' - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs associated with this Cloud Function. diff --git a/mmv1/products/cloudfunctions2/product.yaml b/mmv1/products/cloudfunctions2/product.yaml new file mode 100644 index 000000000000..8b184bf7cadd --- /dev/null +++ b/mmv1/products/cloudfunctions2/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Cloudfunctions2 +display_name: Cloud Functions (2nd gen) +scopes: + - https://www.googleapis.com/auth/cloud-platform +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://cloudfunctions.googleapis.com/v2beta/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudfunctions.googleapis.com/v2/ +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Functions API + url: https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com/ diff --git a/mmv1/products/cloudfunctions2/terraform.yaml b/mmv1/products/cloudfunctions2/terraform.yaml index 9284f5fbc3bc..181148fb261c 100644 --- a/mmv1/products/cloudfunctions2/terraform.yaml +++ b/mmv1/products/cloudfunctions2/terraform.yaml @@ -10,7 +10,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - + --- !ruby/object:Provider::Terraform::Config overrides: !ruby/object:Overrides::ResourceOverrides function: !ruby/object:Overrides::Terraform::ResourceOverride @@ -69,6 +69,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides test_vars_overrides: zip_path: "\"./test-fixtures/cloudfunctions2/function-source-eventarc-gcs.zip\"" primary_resource_id: "\"terraform-test\"" + policyChanged: "BootstrapPSARole(t, \"service-\", \"gcp-sa-pubsub\", \"roles/cloudkms.cryptoKeyEncrypterDecrypter\")" # ignore these fields during import step ignore_read_extra: - "build_config.0.source.0.storage_source.0.object" @@ -87,6 +88,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides test_vars_overrides: zip_path: "\"./test-fixtures/cloudfunctions2/function-source-eventarc-gcs.zip\"" primary_resource_id: "\"terraform-test\"" + policyChanged: "BootstrapPSARole(t, \"service-\", \"gcp-sa-pubsub\", \"roles/cloudkms.cryptoKeyEncrypterDecrypter\")" # ignore these fields during import step ignore_read_extra: - "build_config.0.source.0.storage_source.0.object" @@ -104,6 +106,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides test_vars_overrides: zip_path: "\"./test-fixtures/cloudfunctions2/function-source.zip\"" location: "\"us-central1\"" + policyChanged: "BootstrapPSARole(t, \"service-\", \"gcp-sa-pubsub\", \"roles/cloudkms.cryptoKeyEncrypterDecrypter\")" # ignore these fields during import step ignore_read_extra: - "build_config.0.source.0.storage_source.0.object" @@ -121,6 +124,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides test_vars_overrides: zip_path: "\"./test-fixtures/cloudfunctions2/function-source.zip\"" location: "\"us-central1\"" + policyChanged: "BootstrapPSARole(t, \"service-\", \"gcp-sa-pubsub\", \"roles/cloudkms.cryptoKeyEncrypterDecrypter\")" # ignore these fields during import step ignore_read_extra: - "build_config.0.source.0.storage_source.0.object" @@ -141,7 +145,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides # ignore these fields during import step ignore_read_extra: - "build_config.0.source.0.storage_source.0.object" - - "build_config.0.source.0.storage_source.0.bucket" + - "build_config.0.source.0.storage_source.0.bucket" properties: name: !ruby/object:Overrides::Terraform::PropertyOverride custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' @@ -161,7 +165,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides serviceConfig.serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true serviceConfig.secretVolumes.versions: !ruby/object:Overrides::Terraform::PropertyOverride - default_from_api: true + default_from_api: true eventTrigger.pubsubTopic: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true eventTrigger.serviceAccountEmail: !ruby/object:Overrides::Terraform::PropertyOverride diff --git a/mmv1/products/cloudidentity/Group.yaml b/mmv1/products/cloudidentity/Group.yaml new file mode 100644 index 000000000000..7dfbe96bd026 --- /dev/null +++ b/mmv1/products/cloudidentity/Group.yaml @@ -0,0 +1,145 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Group' +base_url: 'groups?initialGroupConfig={{initial_group_config}}' +update_url: '{{name}}' +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Cloud Identity resource representing a Group. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/identity/docs/how-to/setup' + api: 'https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 5 + update_minutes: 5 + delete_minutes: 5 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::Enum + name: 'initialGroupConfig' + description: | + The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. + values: + - "INITIAL_GROUP_CONFIG_UNSPECIFIED" + - "WITH_INITIAL_OWNER" + - "EMPTY" + default_value: :EMPTY + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + - !ruby/object:Api::Type::NestedObject + name: 'groupKey' + required: true + immutable: true + description: | + EntityKey of the Group. + properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + immutable: true + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + - !ruby/object:Api::Type::String + name: 'namespace' + immutable: true + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + - !ruby/object:Api::Type::String + name: 'parent' + required: true + immutable: true + description: | + The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The display name of the Group. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The time when the Group was created. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The time when the Group was last updated. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + required: true + description: | + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. diff --git a/mmv1/products/cloudidentity/GroupMembership.yaml b/mmv1/products/cloudidentity/GroupMembership.yaml new file mode 100644 index 000000000000..e0cb083557bc --- /dev/null +++ b/mmv1/products/cloudidentity/GroupMembership.yaml @@ -0,0 +1,147 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'GroupMembership' +base_url: '{{group}}/memberships' +self_link: '{{name}}' +description: | + A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member". +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/identity/docs/how-to/memberships-google-groups' + api: 'https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships' +immutable: true +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'group' + resource: 'Group' + imports: 'name' + description: | + The name of the Group to create this membership in. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}. + - !ruby/object:Api::Type::NestedObject + name: 'memberKey' + immutable: true + description: | + EntityKey of the member. + min_version: beta + exactly_one_of: + - member_key + - preferred_member_key + properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + immutable: true + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + - !ruby/object:Api::Type::String + name: 'namespace' + immutable: true + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + - !ruby/object:Api::Type::NestedObject + name: 'preferredMemberKey' + immutable: true + description: | + EntityKey of the member. + exactly_one_of: + - member_key + - preferred_member_key + properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + immutable: true + description: | + The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + - !ruby/object:Api::Type::String + name: 'namespace' + immutable: true + description: | + The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The time when the Membership was created. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The time when the Membership was last updated. + - !ruby/object:Api::Type::Array + name: 'roles' + required: true + description: | + The MembershipRoles that apply to the Membership. + Must not contain duplicate MembershipRoles with the same name. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'name' + required: true + description: | + The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. + values: + - :OWNER + - :MANAGER + - :MEMBER + update_verb: :POST + update_url: '{{name}}:modifyMembershipRoles' + - !ruby/object:Api::Type::String + name: 'type' + output: true + description: | + The type of the membership. + diff --git a/mmv1/products/cloudidentity/api.yaml b/mmv1/products/cloudidentity/api.yaml deleted file mode 100644 index 200c22734012..000000000000 --- a/mmv1/products/cloudidentity/api.yaml +++ /dev/null @@ -1,295 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudIdentity -display_name: Cloud Identity -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudidentity.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://cloudidentity.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-identity -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Identity API - url: https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/overview -objects: - - !ruby/object:Api::Resource - name: 'Group' - base_url: 'groups?initialGroupConfig={{initial_group_config}}' - update_url: '{{name}}' - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Cloud Identity resource representing a Group. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/identity/docs/how-to/setup' - api: 'https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 5 - update_minutes: 5 - delete_minutes: 5 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::Enum - name: 'initialGroupConfig' - description: | - The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. - values: - - "INITIAL_GROUP_CONFIG_UNSPECIFIED" - - "WITH_INITIAL_OWNER" - - "EMPTY" - default_value: :EMPTY - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. - - !ruby/object:Api::Type::NestedObject - name: 'groupKey' - required: true - input: true - description: | - EntityKey of the Group. - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - input: true - description: | - The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. - - !ruby/object:Api::Type::String - name: 'namespace' - input: true - description: | - The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - - !ruby/object:Api::Type::String - name: 'parent' - required: true - input: true - description: | - The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The display name of the Group. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The time when the Group was created. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The time when the Group was last updated. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - required: true - description: | - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. - - !ruby/object:Api::Resource - name: 'GroupMembership' - base_url: '{{group}}/memberships' - self_link: '{{name}}' - description: | - A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member". - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/identity/docs/how-to/memberships-google-groups' - api: 'https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships' - input: true - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'group' - resource: 'Group' - imports: 'name' - description: | - The name of the Group to create this membership in. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}. - - !ruby/object:Api::Type::NestedObject - name: 'memberKey' - input: true - description: | - EntityKey of the member. - min_version: beta - exactly_one_of: - - member_key - - preferred_member_key - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - input: true - description: | - The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. - - !ruby/object:Api::Type::String - name: 'namespace' - input: true - description: | - The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - - !ruby/object:Api::Type::NestedObject - name: 'preferredMemberKey' - input: true - description: | - EntityKey of the member. - exactly_one_of: - - member_key - - preferred_member_key - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - input: true - description: | - The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. - - !ruby/object:Api::Type::String - name: 'namespace' - input: true - description: | - The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The time when the Membership was created. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The time when the Membership was last updated. - - !ruby/object:Api::Type::Array - name: 'roles' - required: true - description: | - The MembershipRoles that apply to the Membership. - Must not contain duplicate MembershipRoles with the same name. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'name' - required: true - description: | - The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. - values: - - :OWNER - - :MANAGER - - :MEMBER - update_verb: :POST - update_url: '{{name}}:modifyMembershipRoles' - - !ruby/object:Api::Type::String - name: 'type' - output: true - description: | - The type of the membership. diff --git a/mmv1/products/cloudidentity/product.yaml b/mmv1/products/cloudidentity/product.yaml new file mode 100644 index 000000000000..3821d8bd6555 --- /dev/null +++ b/mmv1/products/cloudidentity/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudIdentity +display_name: Cloud Identity +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudidentity.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://cloudidentity.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-identity +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Identity API + url: https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/overview diff --git a/mmv1/products/cloudids/Endpoint.yaml b/mmv1/products/cloudids/Endpoint.yaml new file mode 100644 index 000000000000..8b2fe31d2151 --- /dev/null +++ b/mmv1/products/cloudids/Endpoint.yaml @@ -0,0 +1,89 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Endpoint' +base_url: 'projects/{{project}}/locations/{{location}}/endpoints' +create_url: 'projects/{{project}}/locations/{{location}}/endpoints?endpointId={{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' +create_verb: :POST +update_verb: :PATCH +update_mask: true +description: | + Cloud IDS is an intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks on your network. +references: !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/intrusion-detection-system/docs/configuring-ids' +parameters: + - !ruby/object:Api::Type::String + name: 'location' + required: true + url_param_only: true + immutable: true + description: | + The location for the endpoint. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Creation timestamp in RFC 3339 text format. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Last update timestamp in RFC 3339 text format. + - !ruby/object:Api::Type::String + name: 'network' + required: true + immutable: true + description: | + Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + - !ruby/object:Api::Type::String + immutable: true + name: 'description' + description: | + An optional description of the endpoint. + - !ruby/object:Api::Type::String + name: 'endpointForwardingRule' + output: true + description: | + URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring. + - !ruby/object:Api::Type::String + name: 'endpointIp' + output: true + description: | + Internal IP address of the endpoint's network entry point. + - !ruby/object:Api::Type::Enum + name: 'severity' + required: true + immutable: true + description: | + The minimum alert severity level that is reported by the endpoint. + values: + - :INFORMATIONAL + - :LOW + - :MEDIUM + - :HIGH + - :CRITICAL + - !ruby/object:Api::Type::Array + name: 'threatExceptions' + description: | + Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs. + item_type: Api::Type::String + diff --git a/mmv1/products/cloudids/api.yaml b/mmv1/products/cloudids/api.yaml deleted file mode 100644 index ad216e50747a..000000000000 --- a/mmv1/products/cloudids/api.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudIds -display_name: Cloud Intrusion Detection Service -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://ids.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloudids -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Intrusion Detection Service (IDS) API - url: https://console.cloud.google.com/apis/library/ids.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 2000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Endpoint' - base_url: 'projects/{{project}}/locations/{{location}}/endpoints' - create_url: 'projects/{{project}}/locations/{{location}}/endpoints?endpointId={{name}}' - self_link: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' - create_verb: :POST - update_verb: :PATCH - update_mask: true - description: | - Cloud IDS is an intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks on your network. - references: !ruby/object:Api::Resource::ReferenceLinks - api: 'https://cloud.google.com/intrusion-detection-system/docs/configuring-ids' - parameters: - - !ruby/object:Api::Type::String - name: 'location' - required: true - url_param_only: true - input: true - description: | - The location for the endpoint. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Creation timestamp in RFC 3339 text format. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - Last update timestamp in RFC 3339 text format. - - !ruby/object:Api::Type::String - name: 'network' - required: true - input: true - description: | - Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). - - !ruby/object:Api::Type::String - input: true - name: 'description' - description: | - An optional description of the endpoint. - - !ruby/object:Api::Type::String - name: 'endpointForwardingRule' - output: true - description: | - URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring. - - !ruby/object:Api::Type::String - name: 'endpointIp' - output: true - description: | - Internal IP address of the endpoint's network entry point. - - !ruby/object:Api::Type::Enum - name: 'severity' - required: true - input: true - description: | - The minimum alert severity level that is reported by the endpoint. - values: - - :INFORMATIONAL - - :LOW - - :MEDIUM - - :HIGH - - :CRITICAL - - !ruby/object:Api::Type::Array - name: 'threatExceptions' - description: | - Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs. - item_type: Api::Type::String diff --git a/mmv1/products/cloudids/product.yaml b/mmv1/products/cloudids/product.yaml new file mode 100644 index 000000000000..e9ce6f1d1451 --- /dev/null +++ b/mmv1/products/cloudids/product.yaml @@ -0,0 +1,43 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudIds +display_name: Cloud Intrusion Detection Service +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://ids.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloudids +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Intrusion Detection Service (IDS) API + url: https://console.cloud.google.com/apis/library/ids.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 2000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/cloudiot/Device.yaml b/mmv1/products/cloudiot/Device.yaml new file mode 100644 index 000000000000..97231764b09c --- /dev/null +++ b/mmv1/products/cloudiot/Device.yaml @@ -0,0 +1,225 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Device' +base_url: '{{registry}}/devices' +self_link: '{{registry}}/devices/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud IoT Core device. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/iot/docs/' + api: 'https://cloud.google.com/iot/docs/reference/cloudiot/rest/' +parameters: + - !ruby/object:Api::Type::String + name: registry + immutable: true + url_param_only: true + required: true + description: | + The name of the device registry where this device should be created. +properties: + - !ruby/object:Api::Type::String + name: 'id' + immutable: true + required: true + description: | + The unique identifier for the device. For example, + `Device0`. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource path name. For example, + `projects/example-proj/locations/us-central1/registries/my-registry/devices/device0`. + - !ruby/object:Api::Type::String + name: 'numId' + output: true + description: | + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. + - !ruby/object:Api::Type::Array + name: 'credentials' + description: | + The credentials used to authenticate this device. + max_size: 3 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Time + name: 'expirationTime' + description: | + The time at which this credential becomes invalid. + - !ruby/object:Api::Type::NestedObject + name: 'publicKey' + required: true + description: | + A public key used to verify the signature of JSON Web Tokens (JWTs). + properties: + - !ruby/object:Api::Type::Enum + name: 'format' + required: true + description: | + The format of the key. + values: + - :RSA_PEM + - :RSA_X509_PEM + - :ES256_PEM + - :ES256_X509_PEM + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + The key data. + - !ruby/object:Api::Type::Time + name: 'lastHeartbeatTime' + output: true + description: | + The last time an MQTT PINGREQ was received. + - !ruby/object:Api::Type::Time + name: 'lastEventTime' + output: true + description: | + The last time a telemetry event was received. + - !ruby/object:Api::Type::Time + name: 'lastStateTime' + output: true + description: | + The last time a state event was received. + - !ruby/object:Api::Type::Time + name: 'lastConfigAckTime' + output: true + description: | + The last time a cloud-to-device config version acknowledgment was received from the device. + - !ruby/object:Api::Type::Time + name: 'lastConfigSendTime' + output: true + description: | + The last time a cloud-to-device config version was sent to the device. + - !ruby/object:Api::Type::Boolean + name: 'blocked' + description: | + If a device is blocked, connections or requests from this device will fail. + - !ruby/object:Api::Type::Time + name: 'lastErrorTime' + output: true + description: | + The time the most recent error occurred, such as a failure to publish to Cloud Pub/Sub. + - !ruby/object:Api::Type::NestedObject + name: 'lastErrorStatus' + output: true + description: | + The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub. + properties: + - !ruby/object:Api::Type::Integer + name: 'number' + description: | + The status code, which should be an enum value of google.rpc.Code. + - !ruby/object:Api::Type::String + name: 'message' + description: | + A developer-facing error message, which should be in English. + - !ruby/object:Api::Type::Array + name: 'details' + description: | + A list of messages that carry the error details. + item_type: Api::Type::KeyValuePairs + - !ruby/object:Api::Type::NestedObject + name: 'config' + output: true + description: | + The most recent device configuration, which is eventually sent from Cloud IoT Core to the device. + properties: + - !ruby/object:Api::Type::String + name: 'version' + output: true + description: | + The version of this update. + - !ruby/object:Api::Type::String + name: 'cloudUpdateTime' + output: true + description: | + The time at which this configuration version was updated in Cloud IoT Core. + - !ruby/object:Api::Type::String + name: 'deviceAckTime' + output: true + description: | + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. + - !ruby/object:Api::Type::String + name: 'binaryData' + description: | + The device configuration data. + - !ruby/object:Api::Type::NestedObject + name: 'state' + output: true + description: | + The state most recently received from the device. + properties: + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: | + The time at which this state version was updated in Cloud IoT Core. + - !ruby/object:Api::Type::String + name: 'binaryData' + description: | + The device state data. + - !ruby/object:Api::Type::Enum + name: 'logLevel' + allow_empty_object: true + description: | + The logging verbosity for device activity. + values: + - :NONE + - :ERROR + - :INFO + - :DEBUG + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + The metadata key-value pairs assigned to the device. + - !ruby/object:Api::Type::NestedObject + name: 'gatewayConfig' + description: | + Gateway-related configuration and state. + properties: + - !ruby/object:Api::Type::Enum + name: 'gatewayType' + default_value: :NON_GATEWAY + immutable: true + description: | + Indicates whether the device is a gateway. + values: + - :GATEWAY + - :NON_GATEWAY + - !ruby/object:Api::Type::Enum + name: 'gatewayAuthMethod' + description: | + Indicates whether the device is a gateway. + values: + - :ASSOCIATION_ONLY + - :DEVICE_AUTH_TOKEN_ONLY + - :ASSOCIATION_AND_DEVICE_AUTH_TOKEN + - !ruby/object:Api::Type::String + name: 'lastAccessedGatewayId' + output: true + description: | + The ID of the gateway the device accessed most recently. + - !ruby/object:Api::Type::Time + name: 'lastAccessedGatewayTime' + output: true + description: | + The most recent time at which the device accessed the gateway specified in last_accessed_gateway. + diff --git a/mmv1/products/cloudiot/DeviceRegistry.yaml b/mmv1/products/cloudiot/DeviceRegistry.yaml new file mode 100644 index 000000000000..08e75dfc7a55 --- /dev/null +++ b/mmv1/products/cloudiot/DeviceRegistry.yaml @@ -0,0 +1,189 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DeviceRegistry' +base_url: 'projects/{{project}}/locations/{{region}}/registries' +self_link: 'projects/{{project}}/locations/{{region}}/registries/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud IoT Core device registry. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/iot/docs/' + api: 'https://cloud.google.com/iot/docs/reference/cloudiot/rest/' +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: false + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'name' + import_format: ["projects/{{project}}/locations/{{location}}/registries/{{name}}", "{{name}}"] +parameters: + - !ruby/object:Api::Type::String + name: region + immutable: true + url_param_only: true + required: true + description: | + The region of this Device Registry. +properties: + - !ruby/object:Api::Type::String + name: 'id' + immutable: true + required: true + description: | + The unique identifier for the device registry. For example, + `myRegistry`. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource path name. For example, + `projects/example-proj/locations/us-central1/registries/my-registry`. + - !ruby/object:Api::Type::Array + name: 'eventNotificationConfigs' + description: | + List of configurations for event notifications, such as PubSub topics + to publish device events to. + max_size: 10 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'subfolderMatches' + description: | + If the subfolder name matches this string exactly, this + configuration will be used. The string must not include the + leading '/' character. If empty, all strings are matched. Empty + value can only be used for the last `event_notification_configs` + item. + - !ruby/object:Api::Type::String + name: 'pubsubTopicName' + required: true + description: | + PubSub topic name to publish device events. + - !ruby/object:Api::Type::NestedObject + name: 'stateNotificationConfig' + description: | + A PubSub topic to publish device state updates. + properties: + - !ruby/object:Api::Type::String + name: 'pubsubTopicName' + required: true + description: | + PubSub topic name to publish device state updates. + - !ruby/object:Api::Type::NestedObject + name: 'mqttConfig' + description: | + Activate or deactivate MQTT. + properties: + - !ruby/object:Api::Type::Enum + name: 'mqttEnabledState' + description: | + The field allows `MQTT_ENABLED` or `MQTT_DISABLED` + required: true + values: + - :MQTT_ENABLED + - :MQTT_DISABLED + - !ruby/object:Api::Type::NestedObject + name: 'httpConfig' + description: | + Activate or deactivate HTTP. + properties: + - !ruby/object:Api::Type::Enum + name: 'httpEnabledState' + required: true + description: | + The field allows `HTTP_ENABLED` or `HTTP_DISABLED`. + values: + - :HTTP_ENABLED + - :HTTP_DISABLED + - !ruby/object:Api::Type::Enum + name: 'logLevel' + default_value: :NONE + description: | + The default logging verbosity for activity from devices in this + registry. Specifies which events should be written to logs. For + example, if the LogLevel is ERROR, only events that terminate in + errors will be logged. LogLevel is inclusive; enabling INFO logging + will also enable ERROR logging. + values: + - :NONE + - :ERROR + - :INFO + - :DEBUG + - !ruby/object:Api::Type::Array + name: 'credentials' + description: | + List of public key certificates to authenticate devices. + max_size: 10 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'publicKeyCertificate' + required: true + description: | + A public key certificate format and data. + properties: + - !ruby/object:Api::Type::Enum + name: 'format' + required: true + description: | + The field allows only `X509_CERTIFICATE_PEM`. + values: + - :X509_CERTIFICATE_PEM + - !ruby/object:Api::Type::String + name: 'certificate' + required: true + description: | + The certificate data. + - !ruby/object:Api::Type::NestedObject + name: 'x509Details' + output: true + description: | + The certificate details. Used only for X.509 certificates. + properties: + - !ruby/object:Api::Type::String + name: 'issuer' + output: true + description: | + The entity that signed the certificate. + - !ruby/object:Api::Type::String + name: 'subject' + output: true + description: | + The entity the certificate and public key belong to. + - !ruby/object:Api::Type::String + name: 'startTime' + output: true + description: | + The time the certificate becomes valid. A timestamp in + RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'expiryTime' + output: true + description: | + The time the certificate becomes invalid. A timestamp in + RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'signatureAlgorithm' + output: true + description: | + The algorithm used to sign the certificate. + - !ruby/object:Api::Type::String + name: 'publicKeyType' + output: true + description: | + The type of public key in the certificate. diff --git a/mmv1/products/cloudiot/api.yaml b/mmv1/products/cloudiot/api.yaml deleted file mode 100644 index 9b213e4755bc..000000000000 --- a/mmv1/products/cloudiot/api.yaml +++ /dev/null @@ -1,411 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudIot -display_name: Cloud IoT Core -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudiot.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloudiot - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: 'DeviceRegistry' - base_url: 'projects/{{project}}/locations/{{region}}/registries' - self_link: 'projects/{{project}}/locations/{{region}}/registries/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud IoT Core device registry. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/iot/docs/' - api: 'https://cloud.google.com/iot/docs/reference/cloudiot/rest/' - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: false - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'name' - import_format: ["projects/{{project}}/locations/{{location}}/registries/{{name}}", "{{name}}"] - parameters: - - !ruby/object:Api::Type::String - name: region - input: true - url_param_only: true - required: true - description: | - The region of this Device Registry. - properties: - - !ruby/object:Api::Type::String - name: 'id' - input: true - required: true - description: | - The unique identifier for the device registry. For example, - `myRegistry`. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource path name. For example, - `projects/example-proj/locations/us-central1/registries/my-registry`. - - !ruby/object:Api::Type::Array - name: 'eventNotificationConfigs' - description: | - List of configurations for event notifications, such as PubSub topics - to publish device events to. - max_size: 10 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'subfolderMatches' - description: | - If the subfolder name matches this string exactly, this - configuration will be used. The string must not include the - leading '/' character. If empty, all strings are matched. Empty - value can only be used for the last `event_notification_configs` - item. - - !ruby/object:Api::Type::String - name: 'pubsubTopicName' - required: true - description: | - PubSub topic name to publish device events. - - !ruby/object:Api::Type::NestedObject - name: 'stateNotificationConfig' - description: | - A PubSub topic to publish device state updates. - properties: - - !ruby/object:Api::Type::String - name: 'pubsubTopicName' - required: true - description: | - PubSub topic name to publish device state updates. - - !ruby/object:Api::Type::NestedObject - name: 'mqttConfig' - description: | - Activate or deactivate MQTT. - properties: - - !ruby/object:Api::Type::Enum - name: 'mqttEnabledState' - description: | - The field allows `MQTT_ENABLED` or `MQTT_DISABLED` - required: true - values: - - :MQTT_ENABLED - - :MQTT_DISABLED - - !ruby/object:Api::Type::NestedObject - name: 'httpConfig' - description: | - Activate or deactivate HTTP. - properties: - - !ruby/object:Api::Type::Enum - name: 'httpEnabledState' - required: true - description: | - The field allows `HTTP_ENABLED` or `HTTP_DISABLED`. - values: - - :HTTP_ENABLED - - :HTTP_DISABLED - - !ruby/object:Api::Type::Enum - name: 'logLevel' - default_value: :NONE - description: | - The default logging verbosity for activity from devices in this - registry. Specifies which events should be written to logs. For - example, if the LogLevel is ERROR, only events that terminate in - errors will be logged. LogLevel is inclusive; enabling INFO logging - will also enable ERROR logging. - values: - - :NONE - - :ERROR - - :INFO - - :DEBUG - - !ruby/object:Api::Type::Array - name: 'credentials' - description: | - List of public key certificates to authenticate devices. - max_size: 10 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'publicKeyCertificate' - required: true - description: | - A public key certificate format and data. - properties: - - !ruby/object:Api::Type::Enum - name: 'format' - required: true - description: | - The field allows only `X509_CERTIFICATE_PEM`. - values: - - :X509_CERTIFICATE_PEM - - !ruby/object:Api::Type::String - name: 'certificate' - required: true - description: | - The certificate data. - - !ruby/object:Api::Type::NestedObject - name: 'x509Details' - output: true - description: | - The certificate details. Used only for X.509 certificates. - properties: - - !ruby/object:Api::Type::String - name: 'issuer' - output: true - description: | - The entity that signed the certificate. - - !ruby/object:Api::Type::String - name: 'subject' - output: true - description: | - The entity the certificate and public key belong to. - - !ruby/object:Api::Type::String - name: 'startTime' - output: true - description: | - The time the certificate becomes valid. A timestamp in - RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'expiryTime' - output: true - description: | - The time the certificate becomes invalid. A timestamp in - RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'signatureAlgorithm' - output: true - description: | - The algorithm used to sign the certificate. - - !ruby/object:Api::Type::String - name: 'publicKeyType' - output: true - description: | - The type of public key in the certificate. - - !ruby/object:Api::Resource - name: 'Device' - base_url: '{{registry}}/devices' - self_link: '{{registry}}/devices/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud IoT Core device. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/iot/docs/' - api: 'https://cloud.google.com/iot/docs/reference/cloudiot/rest/' - parameters: - - !ruby/object:Api::Type::String - name: registry - input: true - url_param_only: true - required: true - description: | - The name of the device registry where this device should be created. - properties: - - !ruby/object:Api::Type::String - name: 'id' - input: true - required: true - description: | - The unique identifier for the device. For example, - `Device0`. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource path name. For example, - `projects/example-proj/locations/us-central1/registries/my-registry/devices/device0`. - - !ruby/object:Api::Type::String - name: 'numId' - output: true - description: | - A server-defined unique numeric ID for the device. - This is a more compact way to identify devices, and it is globally unique. - - !ruby/object:Api::Type::Array - name: 'credentials' - description: | - The credentials used to authenticate this device. - max_size: 3 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Time - name: 'expirationTime' - description: | - The time at which this credential becomes invalid. - - !ruby/object:Api::Type::NestedObject - name: 'publicKey' - required: true - description: | - A public key used to verify the signature of JSON Web Tokens (JWTs). - properties: - - !ruby/object:Api::Type::Enum - name: 'format' - required: true - description: | - The format of the key. - values: - - :RSA_PEM - - :RSA_X509_PEM - - :ES256_PEM - - :ES256_X509_PEM - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - The key data. - - !ruby/object:Api::Type::Time - name: 'lastHeartbeatTime' - output: true - description: | - The last time an MQTT PINGREQ was received. - - !ruby/object:Api::Type::Time - name: 'lastEventTime' - output: true - description: | - The last time a telemetry event was received. - - !ruby/object:Api::Type::Time - name: 'lastStateTime' - output: true - description: | - The last time a state event was received. - - !ruby/object:Api::Type::Time - name: 'lastConfigAckTime' - output: true - description: | - The last time a cloud-to-device config version acknowledgment was received from the device. - - !ruby/object:Api::Type::Time - name: 'lastConfigSendTime' - output: true - description: | - The last time a cloud-to-device config version was sent to the device. - - !ruby/object:Api::Type::Boolean - name: 'blocked' - description: | - If a device is blocked, connections or requests from this device will fail. - - !ruby/object:Api::Type::Time - name: 'lastErrorTime' - output: true - description: | - The time the most recent error occurred, such as a failure to publish to Cloud Pub/Sub. - - !ruby/object:Api::Type::NestedObject - name: 'lastErrorStatus' - output: true - description: | - The error message of the most recent error, such as a failure to publish to Cloud Pub/Sub. - properties: - - !ruby/object:Api::Type::Integer - name: 'number' - description: | - The status code, which should be an enum value of google.rpc.Code. - - !ruby/object:Api::Type::String - name: 'message' - description: | - A developer-facing error message, which should be in English. - - !ruby/object:Api::Type::Array - name: 'details' - description: | - A list of messages that carry the error details. - item_type: Api::Type::KeyValuePairs - - !ruby/object:Api::Type::NestedObject - name: 'config' - output: true - description: | - The most recent device configuration, which is eventually sent from Cloud IoT Core to the device. - properties: - - !ruby/object:Api::Type::String - name: 'version' - output: true - description: | - The version of this update. - - !ruby/object:Api::Type::String - name: 'cloudUpdateTime' - output: true - description: | - The time at which this configuration version was updated in Cloud IoT Core. - - !ruby/object:Api::Type::String - name: 'deviceAckTime' - output: true - description: | - The time at which Cloud IoT Core received the acknowledgment from the device, - indicating that the device has received this configuration version. - - !ruby/object:Api::Type::String - name: 'binaryData' - description: | - The device configuration data. - - !ruby/object:Api::Type::NestedObject - name: 'state' - output: true - description: | - The state most recently received from the device. - properties: - - !ruby/object:Api::Type::Time - name: 'updateTime' - description: | - The time at which this state version was updated in Cloud IoT Core. - - !ruby/object:Api::Type::String - name: 'binaryData' - description: | - The device state data. - - !ruby/object:Api::Type::Enum - name: 'logLevel' - allow_empty_object: true - description: | - The logging verbosity for device activity. - values: - - :NONE - - :ERROR - - :INFO - - :DEBUG - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - The metadata key-value pairs assigned to the device. - - !ruby/object:Api::Type::NestedObject - name: 'gatewayConfig' - description: | - Gateway-related configuration and state. - properties: - - !ruby/object:Api::Type::Enum - name: 'gatewayType' - default_value: :NON_GATEWAY - input: true - description: | - Indicates whether the device is a gateway. - values: - - :GATEWAY - - :NON_GATEWAY - - !ruby/object:Api::Type::Enum - name: 'gatewayAuthMethod' - description: | - Indicates whether the device is a gateway. - values: - - :ASSOCIATION_ONLY - - :DEVICE_AUTH_TOKEN_ONLY - - :ASSOCIATION_AND_DEVICE_AUTH_TOKEN - - !ruby/object:Api::Type::String - name: 'lastAccessedGatewayId' - output: true - description: | - The ID of the gateway the device accessed most recently. - - !ruby/object:Api::Type::Time - name: 'lastAccessedGatewayTime' - output: true - description: | - The most recent time at which the device accessed the gateway specified in last_accessed_gateway. diff --git a/mmv1/products/cloudiot/product.yaml b/mmv1/products/cloudiot/product.yaml new file mode 100644 index 000000000000..effb4b9a9334 --- /dev/null +++ b/mmv1/products/cloudiot/product.yaml @@ -0,0 +1,23 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudIot +display_name: Cloud IoT Core +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudiot.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloudiot + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/cloudrun/DomainMapping.yaml b/mmv1/products/cloudrun/DomainMapping.yaml new file mode 100644 index 000000000000..61fe8a225de4 --- /dev/null +++ b/mmv1/products/cloudrun/DomainMapping.yaml @@ -0,0 +1,207 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: DomainMapping +kind: DomainMapping +base_url: apis/domains.cloudrun.com/v1/namespaces/{{project}}/domainmappings +cai_base_url: projects/{{project}}/locations/{{location}}/DomainMappings +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/run/docs/mapping-custom-domains' + api: 'https://cloud.google.com/run/docs/reference/rest/v1/projects.locations.domainmappings' +description: |- + Resource to hold the state and status of a user's domain mapping. +immutable: true +parameters: +- !ruby/object:Api::Type::String + name: location + description: The location of the cloud run instance. eg us-central1 + url_param_only: true + required: true +properties: +- !ruby/object:Api::Type::String + name: name + url_param_only: true + immutable: true + # This is a convenience field handled by terraform encoder/decoders + exclude: true + description: |- + Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain +- !ruby/object:Api::Type::String + name: kind + description: This is always set to DomainMapping +- !ruby/object:Api::Type::NestedObject + name: status + description: The current status of the DomainMapping. + output: true + properties: + - !ruby/object:Api::Type::Array + name: conditions + description: |- + Array of observed DomainMappingConditions, indicating the current state + of the DomainMapping. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: message + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::String + name: status + output: true + description: Status of the condition, one of True, False, Unknown. + - !ruby/object:Api::Type::String + name: reason + output: true + description: |- + One-word CamelCase reason for the condition's current status. + - !ruby/object:Api::Type::String + name: type + output: true + description: Type of domain mapping condition. + - !ruby/object:Api::Type::Integer + name: observedGeneration + description: |- + ObservedGeneration is the 'Generation' of the DomainMapping that + was last processed by the controller. + output: true + - !ruby/object:Api::Type::Array + name: resourceRecords + description: |- + The resource records required to configure this domain mapping. These + records must be added to the domain's DNS configuration in order to + serve the application via this domain mapping. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: type + description: 'Resource record type. Example: `AAAA`.' + values: + - :A + - :AAAA + - :CNAME + - !ruby/object:Api::Type::String + name: rrdata + output: true + description: |- + Data for this record. Values vary by record type, as defined in RFC 1035 + (section 5) and RFC 1034 (section 3.6.1). + - !ruby/object:Api::Type::String + name: name + output: true + description: |- + Relative name of the object affected by this record. Only applicable for + `CNAME` records. Example: 'www'. + - !ruby/object:Api::Type::String + name: mappedRouteName + output: true + description: The name of the route that the mapping currently points to. +- !ruby/object:Api::Type::String + name: apiVersion + description: The API version for this call such as "serving.knative.dev/v1alpha1". +- !ruby/object:Api::Type::NestedObject + name: spec + description: The spec for this DomainMapping. + required: true + properties: + - !ruby/object:Api::Type::Boolean + name: forceOverride + description: |- + If set, the mapping will override any mapping set before this spec was set. + It is recommended that the user leaves this empty to receive an error + warning about a potential conflict and only set it once the respective UI + has given such a warning. + - !ruby/object:Api::Type::String + name: routeName + required: true + description: |- + The name of the Cloud Run Service that this DomainMapping applies to. + The route must exist. + - !ruby/object:Api::Type::Enum + name: certificateMode + description: The mode of the certificate. + values: + - :NONE + - :AUTOMATIC + default_value: :AUTOMATIC +- !ruby/object:Api::Type::NestedObject + name: metadata + required: true + description: Metadata associated with this DomainMapping. + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and routes. + More info: http://kubernetes.io/docs/user-guide/labels + - !ruby/object:Api::Type::Integer + name: generation + description: |- + A sequence number representing a specific generation of the desired state. + output: true + - !ruby/object:Api::Type::String + name: resourceVersion + description: |- + An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be used + for optimistic concurrency, change detection, and the watch operation on a + resource or set of resources. They may only be valid for a + particular resource or set of resources. + + More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + output: true + - !ruby/object:Api::Type::String + name: selfLink + description: |- + SelfLink is a URL representing this object. + output: true + - !ruby/object:Api::Type::String + name: uid + description: |- + UID is a unique id generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. + + More info: http://kubernetes.io/docs/user-guide/identifiers#uids + output: true + - !ruby/object:Api::Type::String + name: namespace + required: true + description: |- + In Cloud Run the namespace must be equal to either the + project ID or project number. + - !ruby/object:Api::Type::KeyValuePairs + name: annotations + description: |- + Annotations is a key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. More + info: http://kubernetes.io/docs/user-guide/annotations + + **Note**: The Cloud Run API may add additional annotations that were not provided in your config. + If terraform plan shows a diff where a server-side annotation is added, you can add it to your config + or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. + - !ruby/object:Api::Type::String + name: name + required: true + immutable: true + description: |- + Name must be unique within a namespace, within a Cloud Run region. + Is required when creating resources. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names diff --git a/mmv1/products/cloudrun/Service.yaml b/mmv1/products/cloudrun/Service.yaml new file mode 100644 index 000000000000..91462c4001e1 --- /dev/null +++ b/mmv1/products/cloudrun/Service.yaml @@ -0,0 +1,836 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Service +kind: Service +base_url: apis/serving.knative.dev/v1/namespaces/{{project}}/services +cai_base_url: projects/{{project}}/locations/{{location}}/services +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/run/docs/' + api: 'https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services' +description: |- + Service acts as a top-level container that manages a set of Routes and + Configurations which implement a network service. Service exists to provide a + singular abstraction which can be access controlled, reasoned about, and + which encapsulates software lifecycle decisions such as rollout policy and + team resource ownership. Service acts only as an orchestrator of the + underlying Routes and Configurations (much as a kubernetes Deployment + orchestrates ReplicaSets). + + The Service's controller will track the statuses of its owned Configuration + and Route, reflecting their statuses and conditions as its own. + + See also: + https://github.com/knative/specs/blob/main/specs/serving/overview.md +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'service' + base_url: v1/projects/{{project}}/locations/{{location}}/services/{{service}} + import_format: ["projects/{{project}}/locations/{{location}}/services/{{service}}", "{{service}}"] +parameters: +- !ruby/object:Api::Type::String + name: location + description: The location of the cloud run instance. eg us-central1 + url_param_only: true + required: true + immutable: true +properties: +- !ruby/object:Api::Type::String + name: name + # This is a convenience field as terraform expects `name` to be a top level property + url_param_only: true + immutable: true + description: |- + Name must be unique within a namespace, within a Cloud Run region. + Is required when creating resources. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names +- !ruby/object:Api::Type::String + name: apiVersion + description: The API version for this call such as "serving.knative.dev/v1alpha1". +- !ruby/object:Api::Type::String + name: kind + description: This is always set to Service +- !ruby/object:Api::Type::NestedObject + name: spec + required: true + description: Spec holds the desired state of the Service (from the client). + properties: + - !ruby/object:Api::Type::Array + name: traffic + description: |- + Traffic specifies how to distribute traffic over a collection of Knative Revisions + and Configurations + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: revisionName + description: |- + RevisionName of a specific revision to which to send this portion of traffic. + - !ruby/object:Api::Type::Integer + name: percent + required: true + description: |- + Percent specifies percent of the traffic to this Revision or Configuration. + - !ruby/object:Api::Type::String + name: tag + description: |- + Tag is optionally used to expose a dedicated url for referencing this target exclusively. + - !ruby/object:Api::Type::Boolean + name: latestRevision + description: |- + LatestRevision may be optionally provided to indicate that the latest ready + Revision of the Configuration should be used for this traffic target. When + provided LatestRevision must be true if RevisionName is empty; it must be + false when RevisionName is non-empty. + - !ruby/object:Api::Type::String + name: url + output: true + description: |- + URL displays the URL for accessing tagged traffic targets. URL is displayed in status, + and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, + but may not contain anything else (e.g. basic auth, url path, etc.) + - !ruby/object:Api::Type::NestedObject + name: template + description: |- + template holds the latest specification for the Revision to + be stamped out. The template references the container image, and may also + include labels and annotations that should be attached to the Revision. + To correlate a Revision, and/or to force a Revision to be created when the + spec doesn't otherwise change, a nonce label may be provided in the + template metadata. For more details, see: + https://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions + + Cloud Run does not currently support referencing a build that is + responsible for materializing the container image from source. + properties: + - !ruby/object:Api::Type::NestedObject + name: metadata + description: |- + Optional metadata for this Revision, including labels and annotations. + Name will be generated by the Configuration. To set minimum instances + for this revision, use the "autoscaling.knative.dev/minScale" annotation + key. To set maximum instances for this revision, use the + "autoscaling.knative.dev/maxScale" annotation key. To set Cloud SQL + connections for the revision, use the "run.googleapis.com/cloudsql-instances" + annotation key. + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and routes. + More info: http://kubernetes.io/docs/user-guide/labels + - !ruby/object:Api::Type::Integer + name: generation + description: |- + A sequence number representing a specific generation of the desired state. + output: true + - !ruby/object:Api::Type::String + name: resourceVersion + description: |- + An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be used + for optimistic concurrency, change detection, and the watch operation on a + resource or set of resources. They may only be valid for a + particular resource or set of resources. + + More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + output: true + - !ruby/object:Api::Type::String + name: selfLink + description: |- + SelfLink is a URL representing this object. + output: true + - !ruby/object:Api::Type::String + name: uid + description: |- + UID is a unique id generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. + + More info: http://kubernetes.io/docs/user-guide/identifiers#uids + output: true + - !ruby/object:Api::Type::String + name: namespace + description: |- + In Cloud Run the namespace must be equal to either the + project ID or project number. It will default to the resource's project. + - !ruby/object:Api::Type::KeyValuePairs + name: annotations + description: |- + Annotations is a key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. More + info: http://kubernetes.io/docs/user-guide/annotations + + **Note**: The Cloud Run API may add additional annotations that were not provided in your config. + If terraform plan shows a diff where a server-side annotation is added, you can add it to your config + or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. + - !ruby/object:Api::Type::String + name: name + description: |- + Name must be unique within a namespace, within a Cloud Run region. + Is required when creating resources. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + - !ruby/object:Api::Type::NestedObject + name: spec + required: true + description: RevisionSpec holds the desired state of the Revision (from + the client). + properties: + - !ruby/object:Api::Type::Array + name: containers + update_verb: :PUT + required: true + description: |- + Container defines the unit of execution for this Revision. + In the context of a Revision, we disallow a number of the fields of + this Container, including: name, ports, and volumeMounts. + The runtime contract is documented here: + https://github.com/knative/serving/blob/main/docs/runtime-contract.md + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + deprecation_message: "Not supported by Cloud Run fully managed" + name: workingDir + immutable: true + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + - !ruby/object:Api::Type::Array + name: args + description: |- + Arguments to the entrypoint. + The docker image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's + environment. If a variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. + More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: envFrom + deprecation_message: "Not supported by Cloud Run fully managed" + immutable: true + description: |- + List of sources to populate environment variables in the container. + All invalid keys will be reported as an event when the container is starting. + When a key exists in multiple sources, the value associated with the last source will + take precedence. Values defined by an Env with a duplicate key will take + precedence. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: prefix + description: |- + An optional identifier to prepend to each key in the ConfigMap. + - !ruby/object:Api::Type::NestedObject + name: configMapRef + description: |- + The ConfigMap to select from. + properties: + - !ruby/object:Api::Type::Boolean + name: optional + description: |- + Specify whether the ConfigMap must be defined + - !ruby/object:Api::Type::NestedObject + name: localObjectReference + description: The ConfigMap to select from. + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + Name of the referent. + More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + - !ruby/object:Api::Type::NestedObject + name: secretRef + description: |- + The Secret to select from. + properties: + - !ruby/object:Api::Type::NestedObject + name: localObjectReference + description: The Secret to select from. + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + Name of the referent. + More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + - !ruby/object:Api::Type::Boolean + name: optional + description: |- + Specify whether the Secret must be defined + - !ruby/object:Api::Type::String + name: image + required: true + description: |- + Docker image name. This is most often a reference to a container located + in the container registry, such as gcr.io/cloudrun/hello + More info: https://kubernetes.io/docs/concepts/containers/images + - !ruby/object:Api::Type::Array + name: command + description: |- + Entrypoint array. Not executed within a shell. + The docker image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's + environment. If a variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. + More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: env + description: |- + List of environment variables to set in the container. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + description: Name of the environment variable. + - !ruby/object:Api::Type::String + name: value + description: |- + Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the container and + any route environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + - !ruby/object:Api::Type::NestedObject + name: valueFrom + description: |- + Source for the environment variable's value. Only supports secret_key_ref. + properties: + - !ruby/object:Api::Type::NestedObject + name: secretKeyRef + required: true + description: |- + Selects a key (version) of a secret in Secret Manager. + properties: + - !ruby/object:Api::Type::String + name: key + required: true + description: |- + A Cloud Secret Manager secret version. Must be 'latest' for the latest + version or an integer for a specific version. + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. + If the secret is in another project, you must define an alias. + An alias definition has the form: :projects/{project-id|project-number}/secrets/. + If multiple alias definitions are needed, they must be separated by commas. + The alias definitions must be set on the run.googleapis.com/secrets annotation. + - !ruby/object:Api::Type::Array + name: ports + description: |- + List of open ports in the container. + More Info: + https://cloud.google.com/run/docs/reference/rest/v1/RevisionSpec#ContainerPort + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + description: If specified, used to specify which protocol to use. Allowed values are "http1" (HTTP/1) and "h2c" (HTTP/2 end-to-end). Defaults to "http1". + - !ruby/object:Api::Type::String + name: protocol + description: Protocol for port. Must be "TCP". Defaults to "TCP". + - !ruby/object:Api::Type::Integer + name: containerPort + description: Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to "8080". + - !ruby/object:Api::Type::NestedObject + name: resources + description: |- + Compute Resources required by this container. Used to set values such as max memory + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: limits + description: |- + Limits describes the maximum amount of compute resources allowed. + The values of the map is string form of the 'quantity' k8s type: + https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + - !ruby/object:Api::Type::KeyValuePairs + name: requests + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined value. + The values of the map is string form of the 'quantity' k8s type: + https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + - !ruby/object:Api::Type::Array + name: volumeMounts + description: |- + Volume to mount into the container's filesystem. + Only supports SecretVolumeSources. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: mountPath + required: true + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + This must match the Name of a Volume. + - !ruby/object:Api::Type::NestedObject + name: startupProbe + min_version: beta + description: |- + Startup probe of application within the container. + All other probes are disabled if a startup probe is provided, until it + succeeds. Container will not be added to service endpoints if the probe fails. + More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + - !ruby/object:Api::Type::Integer + name: initialDelaySeconds + description: |- + Number of seconds after the container has started before the probe is + initiated. + Defaults to 0 seconds. Minimum value is 0. Maximum value is 240. + default_value: 0 + - !ruby/object:Api::Type::Integer + name: timeoutSeconds + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. Maximum value is 3600. + Must be smaller than periodSeconds. + default_value: 1 + - !ruby/object:Api::Type::Integer + name: periodSeconds + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum value is 240. + default_value: 10 + - !ruby/object:Api::Type::Integer + name: failureThreshold + description: |- + Minimum consecutive failures for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - !ruby/object:Api::Type::NestedObject + name: tcpSocket + description: |- + TcpSocket specifies an action involving a TCP port. + exactly_one_of: + - template.0.spec.0.containers.0.startup_probe.0.tcp_socket + - template.0.spec.0.containers.0.startup_probe.0.http_get + - template.0.spec.0.containers.0.startup_probe.0.grpc + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + - !ruby/object:Api::Type::NestedObject + name: httpGet + description: |- + HttpGet specifies the http request to perform. + exactly_one_of: + - template.0.spec.0.containers.0.startup_probe.0.tcp_socket + - template.0.spec.0.containers.0.startup_probe.0.http_get + - template.0.spec.0.containers.0.startup_probe.0.grpc + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::String + name: path + description: |- + Path to access on the HTTP server. If set, it should not be empty string. + default_value: "/" + - !ruby/object:Api::Type::Array + name: httpHeaders + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + description: |- + The header field name. + required: true + - !ruby/object:Api::Type::String + name: value + description: |- + The header field value. + default_value: "" + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: grpc + description: |- + GRPC specifies an action involving a GRPC port. + exactly_one_of: + - template.0.spec.0.containers.0.startup_probe.0.tcp_socket + - template.0.spec.0.containers.0.startup_probe.0.http_get + - template.0.spec.0.containers.0.startup_probe.0.grpc + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + - !ruby/object:Api::Type::String + name: service + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + - !ruby/object:Api::Type::NestedObject + name: livenessProbe + min_version: beta + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + - !ruby/object:Api::Type::Integer + name: initialDelaySeconds + description: |- + Number of seconds after the container has started before the probe is + initiated. + Defaults to 0 seconds. Minimum value is 0. Maximum value is 3600. + default_value: 0 + - !ruby/object:Api::Type::Integer + name: timeoutSeconds + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. Maximum value is 3600. + Must be smaller than period_seconds. + default_value: 1 + - !ruby/object:Api::Type::Integer + name: periodSeconds + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum value is 3600. + default_value: 10 + - !ruby/object:Api::Type::Integer + name: failureThreshold + description: |- + Minimum consecutive failures for the probe to be considered failed after + having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - !ruby/object:Api::Type::NestedObject + name: httpGet + description: |- + HttpGet specifies the http request to perform. + exactly_one_of: + - template.0.spec.0.containers.0.liveness_probe.0.http_get + - template.0.spec.0.containers.0.liveness_probe.0.grpc + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::String + name: path + description: |- + Path to access on the HTTP server. If set, it should not be empty string. + default_value: "/" + - !ruby/object:Api::Type::Array + name: httpHeaders + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + description: |- + The header field name. + required: true + - !ruby/object:Api::Type::String + name: value + description: |- + The header field value. + default_value: "" + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: grpc + description: |- + GRPC specifies an action involving a GRPC port. + exactly_one_of: + - template.0.spec.0.containers.0.liveness_probe.0.http_get + - template.0.spec.0.containers.0.liveness_probe.0.grpc + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + - !ruby/object:Api::Type::String + name: service + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + + - !ruby/object:Api::Type::Integer + name: containerConcurrency + description: |- + ContainerConcurrency specifies the maximum allowed in-flight (concurrent) + requests per container of the Revision. Values are: + - `0` thread-safe, the system should manage the max concurrency. This is + the default value. + - `1` not-thread-safe. Single concurrency + - `2-N` thread-safe, max concurrency of N + - !ruby/object:Api::Type::Integer + name: timeoutSeconds + description: |- + TimeoutSeconds holds the max duration the instance is allowed for responding to a request. + - !ruby/object:Api::Type::String + name: serviceAccountName + description: |- + Email address of the IAM service account associated with the revision of the + service. The service account represents the identity of the running revision, + and determines what permissions the revision has. If not provided, the revision + will use the project's default service account. + - !ruby/object:Api::Type::Array + name: volumes + description: |- + Volume represents a named volume in a container. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + Volume's name. + - !ruby/object:Api::Type::NestedObject + name: secret + required: true + description: |- + The secret's value will be presented as the content of a file whose + name is defined in the item path. If no items are defined, the name of + the file is the secret_name. + properties: + - !ruby/object:Api::Type::String + name: secretName + required: true + description: |- + The name of the secret in Cloud Secret Manager. By default, the secret + is assumed to be in the same project. + If the secret is in another project, you must define an alias. + An alias definition has the form: + {alias}:projects/{project-id|project-number}/secrets/{secret-name}. + If multiple alias definitions are needed, they must be separated by + commas. + The alias definitions must be set on the run.googleapis.com/secrets + annotation. + - !ruby/object:Api::Type::Integer + name: defaultMode + description: |- + Mode bits to use on created files by default. Must be a value between 0000 + and 0777. Defaults to 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other mode bits set. + - !ruby/object:Api::Type::Array + name: items + description: |- + If unspecified, the volume will expose a file whose name is the + secret_name. + If specified, the key will be used as the version to fetch from Cloud + Secret Manager and the path will be the name of the file exposed in the + volume. When items are defined, they must specify a key and a path. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: key + required: true + description: |- + The Cloud Secret Manager secret version. + Can be 'latest' for the latest value or an integer for a specific version. + - !ruby/object:Api::Type::String + name: path + required: true + description: |- + The relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + - !ruby/object:Api::Type::Integer + name: mode + description: |- + Mode bits to use on this file, must be a value between 0000 and 0777. If + not specified, the volume defaultMode will be used. This might be in + conflict with other options that affect the file mode, like fsGroup, and + the result can be other mode bits set. + - !ruby/object:Api::Type::Enum + name: servingState + deprecation_message: "Not supported by Cloud Run fully managed" + description: |- + ServingState holds a value describing the state the resources + are in for this Revision. + It is expected + that the system will manipulate this based on routability and load. + output: true + values: + - :ACTIVE + - :RESERVE + - :RETIRED + +- !ruby/object:Api::Type::NestedObject + name: status + description: The current status of the Service. + output: true + properties: + - !ruby/object:Api::Type::Array + name: conditions + description: |- + Array of observed Service Conditions, indicating the current ready state of the service. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: message + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::String + name: status + output: true + description: Status of the condition, one of True, False, Unknown. + - !ruby/object:Api::Type::String + name: reason + output: true + description: |- + One-word CamelCase reason for the condition's current status. + - !ruby/object:Api::Type::String + name: type + output: true + description: Type of domain mapping condition. + - !ruby/object:Api::Type::String + name: url + description: |- + From RouteStatus. URL holds the url that will distribute traffic over the provided traffic + targets. It generally has the form + https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app + output: true + - !ruby/object:Api::Type::Integer + name: observedGeneration + description: |- + ObservedGeneration is the 'Generation' of the Route that was last processed by the + controller. + + Clients polling for completed reconciliation should poll until observedGeneration = + metadata.generation and the Ready condition's status is True or False. + output: true + - !ruby/object:Api::Type::String + name: latestCreatedRevisionName + description: |- + From ConfigurationStatus. LatestCreatedRevisionName is the last revision that was created + from this Service's Configuration. It might not be ready yet, for that use + LatestReadyRevisionName. + output: true + - !ruby/object:Api::Type::String + name: latestReadyRevisionName + description: |- + From ConfigurationStatus. LatestReadyRevisionName holds the name of the latest Revision + stamped out from this Service's Configuration that has had its "Ready" condition become + "True". + output: true + +- !ruby/object:Api::Type::NestedObject + name: metadata + required: true + description: |- + Metadata associated with this Service, including name, namespace, labels, + and annotations. + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and routes. + More info: http://kubernetes.io/docs/user-guide/labels + - !ruby/object:Api::Type::Integer + name: generation + description: |- + A sequence number representing a specific generation of the desired state. + output: true + - !ruby/object:Api::Type::String + name: resourceVersion + description: |- + An opaque value that represents the internal version of this object that + can be used by clients to determine when objects have changed. May be used + for optimistic concurrency, change detection, and the watch operation on a + resource or set of resources. They may only be valid for a + particular resource or set of resources. + + More info: + https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + output: true + - !ruby/object:Api::Type::String + name: selfLink + description: |- + SelfLink is a URL representing this object. + output: true + - !ruby/object:Api::Type::String + name: uid + description: |- + UID is a unique id generated by the server on successful creation of a resource and is not + allowed to change on PUT operations. + + More info: http://kubernetes.io/docs/user-guide/identifiers#uids + output: true + - !ruby/object:Api::Type::String + name: namespace + required: true + description: |- + In Cloud Run the namespace must be equal to either the + project ID or project number. + - !ruby/object:Api::Type::KeyValuePairs + name: annotations + description: |- + Annotations is a key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. More + info: http://kubernetes.io/docs/user-guide/annotations + + **Note**: The Cloud Run API may add additional annotations that were not provided in your config. + If terraform plan shows a diff where a server-side annotation is added, you can add it to your config + or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. + + Cloud Run (fully managed) uses the following annotation keys to configure features on a Service: + + - `run.googleapis.com/ingress` sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress) + for the Service. For example, `"run.googleapis.com/ingress" = "all"`. + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + Name must be unique within a namespace, within a Cloud Run region. + Is required when creating resources. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + diff --git a/mmv1/products/cloudrun/api.yaml b/mmv1/products/cloudrun/api.yaml deleted file mode 100644 index 988233c8a6db..000000000000 --- a/mmv1/products/cloudrun/api.yaml +++ /dev/null @@ -1,1047 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudRun -display_name: Cloud Run -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://{{location}}-run.googleapis.com/ - cai_base_url: https://run.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://{{location}}-run.googleapis.com/ - cai_base_url: https://run.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: -# Cloud Run DomainMappings -- !ruby/object:Api::Resource - name: DomainMapping - kind: DomainMapping - base_url: apis/domains.cloudrun.com/v1/namespaces/{{project}}/domainmappings - cai_base_url: projects/{{project}}/locations/{{location}}/DomainMappings - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/run/docs/mapping-custom-domains' - api: 'https://cloud.google.com/run/docs/reference/rest/v1/projects.locations.domainmappings' - description: |- - Resource to hold the state and status of a user's domain mapping. - input: true - parameters: - - !ruby/object:Api::Type::String - name: location - description: The location of the cloud run instance. eg us-central1 - url_param_only: true - required: true - properties: - - !ruby/object:Api::Type::String - name: name - url_param_only: true - input: true - # This is a convenience field handled by terraform encoder/decoders - exclude: true - description: |- - Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain - - !ruby/object:Api::Type::String - name: kind - description: This is always set to DomainMapping - - !ruby/object:Api::Type::NestedObject - name: status - description: The current status of the DomainMapping. - output: true - properties: - - !ruby/object:Api::Type::Array - name: conditions - description: |- - Array of observed DomainMappingConditions, indicating the current state - of the DomainMapping. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: message - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::String - name: status - output: true - description: Status of the condition, one of True, False, Unknown. - - !ruby/object:Api::Type::String - name: reason - output: true - description: |- - One-word CamelCase reason for the condition's current status. - - !ruby/object:Api::Type::String - name: type - output: true - description: Type of domain mapping condition. - - !ruby/object:Api::Type::Integer - name: observedGeneration - description: |- - ObservedGeneration is the 'Generation' of the DomainMapping that - was last processed by the controller. - output: true - - !ruby/object:Api::Type::Array - name: resourceRecords - description: |- - The resource records required to configure this domain mapping. These - records must be added to the domain's DNS configuration in order to - serve the application via this domain mapping. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: type - description: 'Resource record type. Example: `AAAA`.' - values: - - :A - - :AAAA - - :CNAME - - !ruby/object:Api::Type::String - name: rrdata - output: true - description: |- - Data for this record. Values vary by record type, as defined in RFC 1035 - (section 5) and RFC 1034 (section 3.6.1). - - !ruby/object:Api::Type::String - name: name - output: true - description: |- - Relative name of the object affected by this record. Only applicable for - `CNAME` records. Example: 'www'. - - !ruby/object:Api::Type::String - name: mappedRouteName - output: true - description: The name of the route that the mapping currently points to. - - !ruby/object:Api::Type::String - name: apiVersion - description: The API version for this call such as "serving.knative.dev/v1alpha1". - - !ruby/object:Api::Type::NestedObject - name: spec - description: The spec for this DomainMapping. - required: true - properties: - - !ruby/object:Api::Type::Boolean - name: forceOverride - description: |- - If set, the mapping will override any mapping set before this spec was set. - It is recommended that the user leaves this empty to receive an error - warning about a potential conflict and only set it once the respective UI - has given such a warning. - - !ruby/object:Api::Type::String - name: routeName - required: true - description: |- - The name of the Cloud Run Service that this DomainMapping applies to. - The route must exist. - - !ruby/object:Api::Type::Enum - name: certificateMode - description: The mode of the certificate. - values: - - :NONE - - :AUTOMATIC - default_value: :AUTOMATIC - - !ruby/object:Api::Type::NestedObject - name: metadata - required: true - description: Metadata associated with this DomainMapping. - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and routes. - More info: http://kubernetes.io/docs/user-guide/labels - - !ruby/object:Api::Type::Integer - name: generation - description: |- - A sequence number representing a specific generation of the desired state. - output: true - - !ruby/object:Api::Type::String - name: resourceVersion - description: |- - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be used - for optimistic concurrency, change detection, and the watch operation on a - resource or set of resources. They may only be valid for a - particular resource or set of resources. - - More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - output: true - - !ruby/object:Api::Type::String - name: selfLink - description: |- - SelfLink is a URL representing this object. - output: true - - !ruby/object:Api::Type::String - name: uid - description: |- - UID is a unique id generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. - - More info: http://kubernetes.io/docs/user-guide/identifiers#uids - output: true - - !ruby/object:Api::Type::String - name: namespace - required: true - description: |- - In Cloud Run the namespace must be equal to either the - project ID or project number. - - !ruby/object:Api::Type::KeyValuePairs - name: annotations - description: |- - Annotations is a key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. More - info: http://kubernetes.io/docs/user-guide/annotations - - **Note**: The Cloud Run API may add additional annotations that were not provided in your config. - If terraform plan shows a diff where a server-side annotation is added, you can add it to your config - or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. - - !ruby/object:Api::Type::String - name: name - required: true - input: true - description: |- - Name must be unique within a namespace, within a Cloud Run region. - Is required when creating resources. Name is primarily intended - for creation idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - -# Cloud Run Service -- !ruby/object:Api::Resource - name: Service - kind: Service - base_url: apis/serving.knative.dev/v1/namespaces/{{project}}/services - cai_base_url: projects/{{project}}/locations/{{location}}/services - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/run/docs/' - api: 'https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services' - description: |- - Service acts as a top-level container that manages a set of Routes and - Configurations which implement a network service. Service exists to provide a - singular abstraction which can be access controlled, reasoned about, and - which encapsulates software lifecycle decisions such as rollout policy and - team resource ownership. Service acts only as an orchestrator of the - underlying Routes and Configurations (much as a kubernetes Deployment - orchestrates ReplicaSets). - - The Service's controller will track the statuses of its owned Configuration - and Route, reflecting their statuses and conditions as its own. - - See also: - https://github.com/knative/specs/blob/main/specs/serving/overview.md - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'service' - base_url: v1/projects/{{project}}/locations/{{location}}/services/{{service}} - import_format: ["projects/{{project}}/locations/{{location}}/services/{{service}}", "{{service}}"] - parameters: - - !ruby/object:Api::Type::String - name: location - description: The location of the cloud run instance. eg us-central1 - url_param_only: true - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: name - # This is a convenience field as terraform expects `name` to be a top level property - url_param_only: true - input: true - description: |- - Name must be unique within a namespace, within a Cloud Run region. - Is required when creating resources. Name is primarily intended - for creation idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - !ruby/object:Api::Type::String - name: apiVersion - description: The API version for this call such as "serving.knative.dev/v1alpha1". - - !ruby/object:Api::Type::String - name: kind - description: This is always set to Service - - !ruby/object:Api::Type::NestedObject - name: spec - required: true - description: Spec holds the desired state of the Service (from the client). - properties: - - !ruby/object:Api::Type::Array - name: traffic - description: |- - Traffic specifies how to distribute traffic over a collection of Knative Revisions - and Configurations - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: revisionName - description: |- - RevisionName of a specific revision to which to send this portion of traffic. - - !ruby/object:Api::Type::Integer - name: percent - required: true - description: |- - Percent specifies percent of the traffic to this Revision or Configuration. - - !ruby/object:Api::Type::String - name: tag - description: |- - Tag is optionally used to expose a dedicated url for referencing this target exclusively. - - !ruby/object:Api::Type::Boolean - name: latestRevision - description: |- - LatestRevision may be optionally provided to indicate that the latest ready - Revision of the Configuration should be used for this traffic target. When - provided LatestRevision must be true if RevisionName is empty; it must be - false when RevisionName is non-empty. - - !ruby/object:Api::Type::String - name: url - output: true - description: |- - URL displays the URL for accessing tagged traffic targets. URL is displayed in status, - and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, - but may not contain anything else (e.g. basic auth, url path, etc.) - - !ruby/object:Api::Type::NestedObject - name: template - description: |- - template holds the latest specification for the Revision to - be stamped out. The template references the container image, and may also - include labels and annotations that should be attached to the Revision. - To correlate a Revision, and/or to force a Revision to be created when the - spec doesn't otherwise change, a nonce label may be provided in the - template metadata. For more details, see: - https://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions - - Cloud Run does not currently support referencing a build that is - responsible for materializing the container image from source. - properties: - - !ruby/object:Api::Type::NestedObject - name: metadata - description: |- - Optional metadata for this Revision, including labels and annotations. - Name will be generated by the Configuration. To set minimum instances - for this revision, use the "autoscaling.knative.dev/minScale" annotation - key. To set maximum instances for this revision, use the - "autoscaling.knative.dev/maxScale" annotation key. To set Cloud SQL - connections for the revision, use the "run.googleapis.com/cloudsql-instances" - annotation key. - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and routes. - More info: http://kubernetes.io/docs/user-guide/labels - - !ruby/object:Api::Type::Integer - name: generation - description: |- - A sequence number representing a specific generation of the desired state. - output: true - - !ruby/object:Api::Type::String - name: resourceVersion - description: |- - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be used - for optimistic concurrency, change detection, and the watch operation on a - resource or set of resources. They may only be valid for a - particular resource or set of resources. - - More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - output: true - - !ruby/object:Api::Type::String - name: selfLink - description: |- - SelfLink is a URL representing this object. - output: true - - !ruby/object:Api::Type::String - name: uid - description: |- - UID is a unique id generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. - - More info: http://kubernetes.io/docs/user-guide/identifiers#uids - output: true - - !ruby/object:Api::Type::String - name: namespace - description: |- - In Cloud Run the namespace must be equal to either the - project ID or project number. It will default to the resource's project. - - !ruby/object:Api::Type::KeyValuePairs - name: annotations - description: |- - Annotations is a key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. More - info: http://kubernetes.io/docs/user-guide/annotations - - **Note**: The Cloud Run API may add additional annotations that were not provided in your config. - If terraform plan shows a diff where a server-side annotation is added, you can add it to your config - or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. - - !ruby/object:Api::Type::String - name: name - description: |- - Name must be unique within a namespace, within a Cloud Run region. - Is required when creating resources. Name is primarily intended - for creation idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names - - !ruby/object:Api::Type::NestedObject - name: spec - required: true - description: RevisionSpec holds the desired state of the Revision (from - the client). - properties: - - !ruby/object:Api::Type::Array - name: containers - update_verb: :PUT - required: true - description: |- - Container defines the unit of execution for this Revision. - In the context of a Revision, we disallow a number of the fields of - this Container, including: name, ports, and volumeMounts. - The runtime contract is documented here: - https://github.com/knative/serving/blob/main/docs/runtime-contract.md - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - deprecation_message: "Not supported by Cloud Run fully managed" - name: workingDir - input: true - description: |- - Container's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - - !ruby/object:Api::Type::Array - name: args - description: |- - Arguments to the entrypoint. - The docker image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's - environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. - More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: envFrom - deprecation_message: "Not supported by Cloud Run fully managed" - input: true - description: |- - List of sources to populate environment variables in the container. - All invalid keys will be reported as an event when the container is starting. - When a key exists in multiple sources, the value associated with the last source will - take precedence. Values defined by an Env with a duplicate key will take - precedence. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: prefix - description: |- - An optional identifier to prepend to each key in the ConfigMap. - - !ruby/object:Api::Type::NestedObject - name: configMapRef - description: |- - The ConfigMap to select from. - properties: - - !ruby/object:Api::Type::Boolean - name: optional - description: |- - Specify whether the ConfigMap must be defined - - !ruby/object:Api::Type::NestedObject - name: localObjectReference - description: The ConfigMap to select from. - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - Name of the referent. - More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - - !ruby/object:Api::Type::NestedObject - name: secretRef - description: |- - The Secret to select from. - properties: - - !ruby/object:Api::Type::NestedObject - name: localObjectReference - description: The Secret to select from. - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - Name of the referent. - More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - - !ruby/object:Api::Type::Boolean - name: optional - description: |- - Specify whether the Secret must be defined - - !ruby/object:Api::Type::String - name: image - required: true - description: |- - Docker image name. This is most often a reference to a container located - in the container registry, such as gcr.io/cloudrun/hello - More info: https://kubernetes.io/docs/concepts/containers/images - - !ruby/object:Api::Type::Array - name: command - description: |- - Entrypoint array. Not executed within a shell. - The docker image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's - environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. - More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: env - description: |- - List of environment variables to set in the container. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - description: Name of the environment variable. - - !ruby/object:Api::Type::String - name: value - description: |- - Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the container and - any route environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - - !ruby/object:Api::Type::NestedObject - name: valueFrom - description: |- - Source for the environment variable's value. Only supports secret_key_ref. - properties: - - !ruby/object:Api::Type::NestedObject - name: secretKeyRef - required: true - description: |- - Selects a key (version) of a secret in Secret Manager. - properties: - - !ruby/object:Api::Type::String - name: key - required: true - description: |- - A Cloud Secret Manager secret version. Must be 'latest' for the latest - version or an integer for a specific version. - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. - If the secret is in another project, you must define an alias. - An alias definition has the form: :projects/{project-id|project-number}/secrets/. - If multiple alias definitions are needed, they must be separated by commas. - The alias definitions must be set on the run.googleapis.com/secrets annotation. - - !ruby/object:Api::Type::Array - name: ports - description: |- - List of open ports in the container. - More Info: - https://cloud.google.com/run/docs/reference/rest/v1/RevisionSpec#ContainerPort - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - description: If specified, used to specify which protocol to use. Allowed values are "http1" (HTTP/1) and "h2c" (HTTP/2 end-to-end). Defaults to "http1". - - !ruby/object:Api::Type::String - name: protocol - description: Protocol for port. Must be "TCP". Defaults to "TCP". - - !ruby/object:Api::Type::Integer - name: containerPort - description: Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to "8080". - - !ruby/object:Api::Type::NestedObject - name: resources - description: |- - Compute Resources required by this container. Used to set values such as max memory - More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: limits - description: |- - Limits describes the maximum amount of compute resources allowed. - The values of the map is string form of the 'quantity' k8s type: - https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go - - !ruby/object:Api::Type::KeyValuePairs - name: requests - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined value. - The values of the map is string form of the 'quantity' k8s type: - https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go - - !ruby/object:Api::Type::Array - name: volumeMounts - description: |- - Volume to mount into the container's filesystem. - Only supports SecretVolumeSources. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: mountPath - required: true - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - This must match the Name of a Volume. - - !ruby/object:Api::Type::NestedObject - name: startupProbe - min_version: beta - description: |- - Startup probe of application within the container. - All other probes are disabled if a startup probe is provided, until it - succeeds. Container will not be added to service endpoints if the probe fails. - More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - - !ruby/object:Api::Type::Integer - name: initialDelaySeconds - description: |- - Number of seconds after the container has started before the probe is - initiated. - Defaults to 0 seconds. Minimum value is 0. Maximum value is 240. - default_value: 0 - - !ruby/object:Api::Type::Integer - name: timeoutSeconds - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. Maximum value is 3600. - Must be smaller than periodSeconds. - default_value: 1 - - !ruby/object:Api::Type::Integer - name: periodSeconds - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. Maximum value is 240. - default_value: 10 - - !ruby/object:Api::Type::Integer - name: failureThreshold - description: |- - Minimum consecutive failures for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum value is 1. - default_value: 3 - - !ruby/object:Api::Type::NestedObject - name: tcpSocket - description: |- - TcpSocket specifies an action involving a TCP port. - exactly_one_of: - - template.0.spec.0.containers.0.startup_probe.0.tcp_socket - - template.0.spec.0.containers.0.startup_probe.0.http_get - - template.0.spec.0.containers.0.startup_probe.0.grpc - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Number must be in the range 1 to 65535. - - !ruby/object:Api::Type::NestedObject - name: httpGet - description: |- - HttpGet specifies the http request to perform. - exactly_one_of: - - template.0.spec.0.containers.0.startup_probe.0.tcp_socket - - template.0.spec.0.containers.0.startup_probe.0.http_get - - template.0.spec.0.containers.0.startup_probe.0.grpc - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::String - name: path - description: |- - Path to access on the HTTP server. If set, it should not be empty string. - default_value: "/" - - !ruby/object:Api::Type::Array - name: httpHeaders - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - description: |- - The header field name. - required: true - - !ruby/object:Api::Type::String - name: value - description: |- - The header field value. - default_value: "" - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: grpc - description: |- - GRPC specifies an action involving a GRPC port. - exactly_one_of: - - template.0.spec.0.containers.0.startup_probe.0.tcp_socket - - template.0.spec.0.containers.0.startup_probe.0.http_get - - template.0.spec.0.containers.0.startup_probe.0.grpc - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Number must be in the range 1 to 65535. - - !ruby/object:Api::Type::String - name: service - description: |- - The name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. - - !ruby/object:Api::Type::NestedObject - name: livenessProbe - min_version: beta - description: |- - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - - !ruby/object:Api::Type::Integer - name: initialDelaySeconds - description: |- - Number of seconds after the container has started before the probe is - initiated. - Defaults to 0 seconds. Minimum value is 0. Maximum value is 3600. - default_value: 0 - - !ruby/object:Api::Type::Integer - name: timeoutSeconds - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. Maximum value is 3600. - Must be smaller than period_seconds. - default_value: 1 - - !ruby/object:Api::Type::Integer - name: periodSeconds - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. Maximum value is 3600. - default_value: 10 - - !ruby/object:Api::Type::Integer - name: failureThreshold - description: |- - Minimum consecutive failures for the probe to be considered failed after - having succeeded. Defaults to 3. Minimum value is 1. - default_value: 3 - - !ruby/object:Api::Type::NestedObject - name: httpGet - description: |- - HttpGet specifies the http request to perform. - exactly_one_of: - - template.0.spec.0.containers.0.liveness_probe.0.http_get - - template.0.spec.0.containers.0.liveness_probe.0.grpc - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::String - name: path - description: |- - Path to access on the HTTP server. If set, it should not be empty string. - default_value: "/" - - !ruby/object:Api::Type::Array - name: httpHeaders - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - description: |- - The header field name. - required: true - - !ruby/object:Api::Type::String - name: value - description: |- - The header field value. - default_value: "" - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: grpc - description: |- - GRPC specifies an action involving a GRPC port. - exactly_one_of: - - template.0.spec.0.containers.0.liveness_probe.0.http_get - - template.0.spec.0.containers.0.liveness_probe.0.grpc - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Number must be in the range 1 to 65535. - - !ruby/object:Api::Type::String - name: service - description: |- - The name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. - - - !ruby/object:Api::Type::Integer - name: containerConcurrency - description: |- - ContainerConcurrency specifies the maximum allowed in-flight (concurrent) - requests per container of the Revision. Values are: - - `0` thread-safe, the system should manage the max concurrency. This is - the default value. - - `1` not-thread-safe. Single concurrency - - `2-N` thread-safe, max concurrency of N - - !ruby/object:Api::Type::Integer - name: timeoutSeconds - description: |- - TimeoutSeconds holds the max duration the instance is allowed for responding to a request. - - !ruby/object:Api::Type::String - name: serviceAccountName - description: |- - Email address of the IAM service account associated with the revision of the - service. The service account represents the identity of the running revision, - and determines what permissions the revision has. If not provided, the revision - will use the project's default service account. - - !ruby/object:Api::Type::Array - name: volumes - description: |- - Volume represents a named volume in a container. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - Volume's name. - - !ruby/object:Api::Type::NestedObject - name: secret - required: true - description: |- - The secret's value will be presented as the content of a file whose - name is defined in the item path. If no items are defined, the name of - the file is the secret_name. - properties: - - !ruby/object:Api::Type::String - name: secretName - required: true - description: |- - The name of the secret in Cloud Secret Manager. By default, the secret - is assumed to be in the same project. - If the secret is in another project, you must define an alias. - An alias definition has the form: - {alias}:projects/{project-id|project-number}/secrets/{secret-name}. - If multiple alias definitions are needed, they must be separated by - commas. - The alias definitions must be set on the run.googleapis.com/secrets - annotation. - - !ruby/object:Api::Type::Integer - name: defaultMode - description: |- - Mode bits to use on created files by default. Must be a value between 0000 - and 0777. Defaults to 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other mode bits set. - - !ruby/object:Api::Type::Array - name: items - description: |- - If unspecified, the volume will expose a file whose name is the - secret_name. - If specified, the key will be used as the version to fetch from Cloud - Secret Manager and the path will be the name of the file exposed in the - volume. When items are defined, they must specify a key and a path. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: key - required: true - description: |- - The Cloud Secret Manager secret version. - Can be 'latest' for the latest value or an integer for a specific version. - - !ruby/object:Api::Type::String - name: path - required: true - description: |- - The relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - - !ruby/object:Api::Type::Integer - name: mode - description: |- - Mode bits to use on this file, must be a value between 0000 and 0777. If - not specified, the volume defaultMode will be used. This might be in - conflict with other options that affect the file mode, like fsGroup, and - the result can be other mode bits set. - - !ruby/object:Api::Type::Enum - name: servingState - deprecation_message: "Not supported by Cloud Run fully managed" - description: |- - ServingState holds a value describing the state the resources - are in for this Revision. - It is expected - that the system will manipulate this based on routability and load. - output: true - values: - - :ACTIVE - - :RESERVE - - :RETIRED - - - !ruby/object:Api::Type::NestedObject - name: status - description: The current status of the Service. - output: true - properties: - - !ruby/object:Api::Type::Array - name: conditions - description: |- - Array of observed Service Conditions, indicating the current ready state of the service. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: message - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::String - name: status - output: true - description: Status of the condition, one of True, False, Unknown. - - !ruby/object:Api::Type::String - name: reason - output: true - description: |- - One-word CamelCase reason for the condition's current status. - - !ruby/object:Api::Type::String - name: type - output: true - description: Type of domain mapping condition. - - !ruby/object:Api::Type::String - name: url - description: |- - From RouteStatus. URL holds the url that will distribute traffic over the provided traffic - targets. It generally has the form - https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app - output: true - - !ruby/object:Api::Type::Integer - name: observedGeneration - description: |- - ObservedGeneration is the 'Generation' of the Route that was last processed by the - controller. - - Clients polling for completed reconciliation should poll until observedGeneration = - metadata.generation and the Ready condition's status is True or False. - output: true - - !ruby/object:Api::Type::String - name: latestCreatedRevisionName - description: |- - From ConfigurationStatus. LatestCreatedRevisionName is the last revision that was created - from this Service's Configuration. It might not be ready yet, for that use - LatestReadyRevisionName. - output: true - - !ruby/object:Api::Type::String - name: latestReadyRevisionName - description: |- - From ConfigurationStatus. LatestReadyRevisionName holds the name of the latest Revision - stamped out from this Service's Configuration that has had its "Ready" condition become - "True". - output: true - - - !ruby/object:Api::Type::NestedObject - name: metadata - required: true - description: |- - Metadata associated with this Service, including name, namespace, labels, - and annotations. - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and routes. - More info: http://kubernetes.io/docs/user-guide/labels - - !ruby/object:Api::Type::Integer - name: generation - description: |- - A sequence number representing a specific generation of the desired state. - output: true - - !ruby/object:Api::Type::String - name: resourceVersion - description: |- - An opaque value that represents the internal version of this object that - can be used by clients to determine when objects have changed. May be used - for optimistic concurrency, change detection, and the watch operation on a - resource or set of resources. They may only be valid for a - particular resource or set of resources. - - More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - output: true - - !ruby/object:Api::Type::String - name: selfLink - description: |- - SelfLink is a URL representing this object. - output: true - - !ruby/object:Api::Type::String - name: uid - description: |- - UID is a unique id generated by the server on successful creation of a resource and is not - allowed to change on PUT operations. - - More info: http://kubernetes.io/docs/user-guide/identifiers#uids - output: true - - !ruby/object:Api::Type::String - name: namespace - required: true - description: |- - In Cloud Run the namespace must be equal to either the - project ID or project number. - - !ruby/object:Api::Type::KeyValuePairs - name: annotations - description: |- - Annotations is a key value map stored with a resource that - may be set by external tools to store and retrieve arbitrary metadata. More - info: http://kubernetes.io/docs/user-guide/annotations - - **Note**: The Cloud Run API may add additional annotations that were not provided in your config. - If terraform plan shows a diff where a server-side annotation is added, you can add it to your config - or apply the lifecycle.ignore_changes rule to the metadata.0.annotations field. - - Cloud Run (fully managed) uses the following annotation keys to configure features on a Service: - - - `run.googleapis.com/ingress` sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress) - for the Service. For example, `"run.googleapis.com/ingress" = "all"`. - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - Name must be unique within a namespace, within a Cloud Run region. - Is required when creating resources. Name is primarily intended - for creation idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names diff --git a/mmv1/products/cloudrun/product.yaml b/mmv1/products/cloudrun/product.yaml new file mode 100644 index 000000000000..dd5e2128d398 --- /dev/null +++ b/mmv1/products/cloudrun/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudRun +display_name: Cloud Run +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://{{location}}-run.googleapis.com/ + cai_base_url: https://run.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://{{location}}-run.googleapis.com/ + cai_base_url: https://run.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/cloudrunv2/Job.yaml b/mmv1/products/cloudrunv2/Job.yaml new file mode 100644 index 000000000000..82ba530655e7 --- /dev/null +++ b/mmv1/products/cloudrunv2/Job.yaml @@ -0,0 +1,652 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Job" +base_url: projects/{{project}}/locations/{{location}}/jobs +self_link: projects/{{project}}/locations/{{location}}/jobs/{{name}} +create_url: projects/{{project}}/locations/{{location}}/jobs?jobId={{name}} +update_verb: :PATCH +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/run/docs/' + api: "https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.jobs" +description: | + A Cloud Run Job resource that references a container image which is run to completion. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: "name" + base_url: "{{op_id}}" + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: "response" + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: "done" + complete: true + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: "error" + message: "message" +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: projects/{{project}}/locations/{{location}}/jobs/{{name}} + import_format: ["projects/{{project}}/locations/{{location}}/jobs/{{name}}", "{{name}}"] +parameters: + - !ruby/object:Api::Type::String + name: "location" + immutable: true + url_param_only: true + description: The location of the cloud run job +properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + immutable: true + url_param_only: true + description: | + Name of the Job. + pattern: projects/{{project}}/locations/{{location}}/jobs/{{name}} + - !ruby/object:Api::Type::String + name: "uid" + output: true + description: | + Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. + - !ruby/object:Api::Type::String + name: "generation" + output: true + description: | + A number that monotonically increases every time the user modifies the desired state. + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: |- + KRM-style labels for the resource. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved. + # blocked on b/244872932 + # - !ruby/object:Api::Type::KeyValuePairs + # name: "annotations" + # description: |- + # KRM-style annotations for the resource. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run will populate some annotations using 'run.googleapis.com' or 'serving.knative.dev' namespaces. This field follows Kubernetes annotations' namespacing, limits, and rules. More info: https://kubernetes.io/docs/user-guide/annotations + - !ruby/object:Api::Type::String + name: "client" + description: | + Arbitrary identifier for the API client. + - !ruby/object:Api::Type::String + name: "clientVersion" + description: | + Arbitrary version identifier for the API client. + - !ruby/object:Api::Type::Enum + name: "launchStage" + description: | + The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. + values: + - :UNIMPLEMENTED + - :PRELAUNCH + - :EARLY_ACCESS + - :ALPHA + - :BETA + - :GA + - :DEPRECATED + - !ruby/object:Api::Type::NestedObject + name: "binaryAuthorization" + description: | + Settings for the Binary Authorization feature. + properties: + - !ruby/object:Api::Type::String + name: "breakglassJustification" + description: | + If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + - !ruby/object:Api::Type::Boolean + name: "useDefault" + description: | + If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. + - !ruby/object:Api::Type::NestedObject + name: "template" + required: true + description: | + The template used to create executions for this Job. + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: |- + KRM-style labels for the resource. + # blocked on b/244872932 + # - !ruby/object:Api::Type::KeyValuePairs + # name: "annotations" + # description: |- + # KRM-style annotations for the resource. + - !ruby/object:Api::Type::Integer + name: "parallelism" + description: |- + Specifies the maximum desired number of tasks the execution should run at given time. Must be <= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism. + - !ruby/object:Api::Type::Integer + name: "taskCount" + description: |- + Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + - !ruby/object:Api::Type::NestedObject + name: "template" + required: true + description: | + Describes the task(s) that will be created when executing an execution + properties: + - !ruby/object:Api::Type::Array + name: "containers" + description: |- + Holds the single container that defines the unit of execution for this task. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + description: |- + Name of the container specified as a DNS_LABEL. + - !ruby/object:Api::Type::String + name: "image" + required: true + description: |- + URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images + - !ruby/object:Api::Type::Array + name: "command" + description: |- + Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: "args" + description: |- + Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: "env" + description: |- + List of environment variables to set in the container. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + description: |- + Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. + - !ruby/object:Api::Type::String + name: "value" + description: |- + Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes + # exactly_one_of: + # - template.0.template.0.containers.0.env.0.value + # - template.0.template.0.containers.0.env.0.valueSource + - !ruby/object:Api::Type::NestedObject + name: "valueSource" + description: |- + Source for the environment variable's value. + # exactly_one_of: + # - template.0.template.0.containers.0.env.0.value + # - template.0.template.0.containers.0.env.0.valueSource + properties: + - !ruby/object:Api::Type::NestedObject + name: "secretKeyRef" + description: |- + Selects a secret and a specific version from Cloud Secret Manager. + properties: + - !ruby/object:Api::Type::String + name: "secret" + required: true + description: |- + The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. + - !ruby/object:Api::Type::String + name: "version" + required: true + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + - !ruby/object:Api::Type::NestedObject + name: "resources" + description: |- + Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: "limits" + description: |- + Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + - !ruby/object:Api::Type::Array + name: "ports" + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + description: |- + If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". + - !ruby/object:Api::Type::Integer + name: "containerPort" + description: |- + Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. + - !ruby/object:Api::Type::Array + name: "volumeMounts" + description: |- + Volume to mount into the container's filesystem. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + description: |- + This must match the Name of a Volume. + - !ruby/object:Api::Type::String + name: "mountPath" + required: true + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run + - !ruby/object:Api::Type::String + name: "workingDir" + description: |- + Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. + - !ruby/object:Api::Type::NestedObject + name: "livenessProbe" + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + This field is not supported in Cloud Run Job currently. + deprecation_message: Cloud Run Job does not support liveness probe and `liveness_probe` field will be removed in a future major release. + properties: + - !ruby/object:Api::Type::Integer + name: "initialDelaySeconds" + description: |- + Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 0 + - !ruby/object:Api::Type::Integer + name: "timeoutSeconds" + description: |- + Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 1 + - !ruby/object:Api::Type::Integer + name: "periodSeconds" + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + default_value: 10 + - !ruby/object:Api::Type::Integer + name: "failureThreshold" + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - !ruby/object:Api::Type::NestedObject + name: "httpGet" + description: |- + HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.template.0.containers.0.livenessProbe.0.httpGet + # - template.0.template.0.containers.0.livenessProbe.0.tcpSocket + properties: + - !ruby/object:Api::Type::String + name: "path" + default_value: "/" + description: |- + Path to access on the HTTP server. Defaults to '/'. + - !ruby/object:Api::Type::Array + name: httpHeaders + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + The header field name + - !ruby/object:Api::Type::String + name: value + description: |- + The header field value + default_value: "" + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: "tcpSocket" + description: |- + TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.template.0.containers.0.livenessProbe.0.httpGet + # - template.0.template.0.containers.0.livenessProbe.0.tcpSocket + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + - !ruby/object:Api::Type::NestedObject + name: "startupProbe" + description: |- + Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + This field is not supported in Cloud Run Job currently. + deprecation_message: Cloud Run Job does not support startup probe and `startup_probe` field will be removed in a future major release. + properties: + - !ruby/object:Api::Type::Integer + name: "initialDelaySeconds" + description: |- + Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 0 + - !ruby/object:Api::Type::Integer + name: "timeoutSeconds" + description: |- + Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 1 + - !ruby/object:Api::Type::Integer + name: "periodSeconds" + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + default_value: 10 + - !ruby/object:Api::Type::Integer + name: "failureThreshold" + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - !ruby/object:Api::Type::NestedObject + name: "httpGet" + description: |- + HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.template.0.containers.startupProbe.0.httpGet + # - template.0.template.0.containers.startupProbe.0.tcpSocket + properties: + - !ruby/object:Api::Type::String + name: "path" + default_value: "/" + description: |- + Path to access on the HTTP server. Defaults to '/'. + - !ruby/object:Api::Type::Array + name: "httpHeaders" + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + The header field name + - !ruby/object:Api::Type::String + name: value + description: |- + The header field value + default_value: "" + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: "tcpSocket" + description: |- + TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.template.0.containers.startupProbe.0.httpGet + # - template.0.template.0.containers.startupProbe.0.tcpSocket + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + - !ruby/object:Api::Type::Array + name: "volumes" + description: |- + A list of Volumes to make available to containers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + description: |- + Volume's name. + - !ruby/object:Api::Type::NestedObject + name: "secret" + description: |- + Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + # exactly_one_of: + # - template.0.template.0.volumes.0.secret + # - template.0.template.0.volumes.0.cloudSqlInstance + properties: + - !ruby/object:Api::Type::String + name: "secret" + required: true + description: |- + The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + - !ruby/object:Api::Type::Integer + name: "defaultMode" + description: |- + Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. + - !ruby/object:Api::Type::Array + name: "items" + description: |- + If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "path" + required: true + description: |- + The relative path of the secret in the container. + - !ruby/object:Api::Type::String + name: "version" + required: true + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version + - !ruby/object:Api::Type::Integer + name: "mode" + required: true + description: |- + Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. + - !ruby/object:Api::Type::NestedObject + name: "cloudSqlInstance" + description: |- + For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. + # exactly_one_of: + # - template.0.template.0.volumes.0.secret + # - template.0.template.0.volumes.0.cloudSqlInstance + properties: + - !ruby/object:Api::Type::Array + name: "instances" + description: |- + The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: "timeout" + description: |- + Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: "serviceAccount" + description: |- + Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account. + - !ruby/object:Api::Type::Enum + name: "executionEnvironment" + description: |- + The execution environment being used to host this Task. + values: + - :EXECUTION_ENVIRONMENT_GEN1 + - :EXECUTION_ENVIRONMENT_GEN2 + - !ruby/object:Api::Type::String + name: "encryptionKey" + description: |- + A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek + - !ruby/object:Api::Type::NestedObject + name: "vpcAccess" + description: |- + VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + - !ruby/object:Api::Type::String + name: "connector" + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. + - !ruby/object:Api::Type::Enum + name: "egress" + description: |- + Traffic VPC egress settings. + values: + - :ALL_TRAFFIC + - :PRIVATE_RANGES_ONLY + - !ruby/object:Api::Type::Integer + name: "maxRetries" + description: |- + Number of retries allowed per Task, before marking this Task failed. + - !ruby/object:Api::Type::String + name: "observedGeneration" + output: true + description: | + The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run. + - !ruby/object:Api::Type::NestedObject + name: "terminalCondition" + output: true + description: | + The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state + properties: + - !ruby/object:Api::Type::String + name: "type" + output: true + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + - !ruby/object:Api::Type::String + name: "state" + output: true + description: |- + State of the condition. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::Time + name: "lastTransitionTime" + output: true + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: "severity" + output: true + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + - !ruby/object:Api::Type::String + name: "reason" + output: true + description: |- + A common (service-level) reason for this condition. + - !ruby/object:Api::Type::String + name: "revisionReason" + output: true + description: |- + A reason for the revision condition. + - !ruby/object:Api::Type::String + name: "executionReason" + output: true + description: |- + A reason for the execution condition. + - !ruby/object:Api::Type::Array + name: "conditions" + description: |- + The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on `reconciliation` process in Cloud Run. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "type" + output: true + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + - !ruby/object:Api::Type::String + name: "state" + output: true + description: |- + State of the condition. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::Time + name: "lastTransitionTime" + output: true + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: "severity" + output: true + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + - !ruby/object:Api::Type::String + name: "reason" + output: true + description: |- + A common (service-level) reason for this condition. + - !ruby/object:Api::Type::String + name: "revisionReason" + output: true + description: |- + A reason for the revision condition. + - !ruby/object:Api::Type::String + name: "executionReason" + output: true + description: |- + A reason for the execution condition. + - !ruby/object:Api::Type::Integer + name: "executionCount" + output: true + description: | + Number of executions created for this job. + - !ruby/object:Api::Type::NestedObject + name: "latestCreatedExecution" + output: true + description: | + Name of the last created execution. + properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + Name of the execution. + - !ruby/object:Api::Type::Time + name: "createTime" + output: true + description: | + Creation timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::Time + name: "completionTime" + output: true + description: | + Completion timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::Boolean + name: "reconciling" + output: true + description: | + Returns true if the Job is currently being acted upon by the system to bring it into the desired state. + + When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution. + + If reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions + - !ruby/object:Api::Type::String + name: "etag" + output: true + description: | + A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. diff --git a/mmv1/products/cloudrunv2/Service.yaml b/mmv1/products/cloudrunv2/Service.yaml new file mode 100644 index 000000000000..238c4fe5d441 --- /dev/null +++ b/mmv1/products/cloudrunv2/Service.yaml @@ -0,0 +1,739 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Service" +base_url: projects/{{project}}/locations/{{location}}/services +self_link: projects/{{project}}/locations/{{location}}/services/{{name}} +create_url: projects/{{project}}/locations/{{location}}/services?serviceId={{name}} +update_verb: :PATCH +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/run/docs/' + api: "https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services" +description: | + Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: projects/{{project}}/locations/{{location}}/services/{{name}} + import_format: ["projects/{{project}}/locations/{{location}}/services/{{name}}", "{{name}}"] +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: "name" + base_url: "{{op_id}}" + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: "response" + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: "done" + complete: true + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: "error" + message: "message" +parameters: + - !ruby/object:Api::Type::String + name: "location" + immutable: true + url_param_only: true + description: The location of the cloud run service +properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + immutable: true + url_param_only: true + description: | + Name of the Service. + pattern: projects/{{project}}/locations/{{location}}/services/{{name}} + - !ruby/object:Api::Type::String + name: "description" + description: | + User-provided description of the Service. This field currently has a 512-character limit. + - !ruby/object:Api::Type::String + name: "uid" + output: true + description: | + Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. + - !ruby/object:Api::Type::String + name: "generation" + output: true + description: | + A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: |- + Map of string keys and values that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved. + - !ruby/object:Api::Type::KeyValuePairs + name: "annotations" + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run will populate some annotations using 'run.googleapis.com' or 'serving.knative.dev' namespaces. This field follows Kubernetes annotations' namespacing, limits, and rules. More info: https://kubernetes.io/docs/user-guide/annotations + - !ruby/object:Api::Type::String + name: "client" + description: | + Arbitrary identifier for the API client. + - !ruby/object:Api::Type::String + name: "clientVersion" + description: | + Arbitrary version identifier for the API client. + - !ruby/object:Api::Type::Enum + name: "ingress" + description: | + Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. + values: + - :INGRESS_TRAFFIC_ALL + - :INGRESS_TRAFFIC_INTERNAL_ONLY + - :INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER + - !ruby/object:Api::Type::Enum + name: "launchStage" + description: | + The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. + values: + - :UNIMPLEMENTED + - :PRELAUNCH + - :EARLY_ACCESS + - :ALPHA + - :BETA + - :GA + - :DEPRECATED + - !ruby/object:Api::Type::NestedObject + name: "binaryAuthorization" + description: | + Settings for the Binary Authorization feature. + properties: + - !ruby/object:Api::Type::String + name: "breakglassJustification" + description: | + If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + - !ruby/object:Api::Type::Boolean + name: "useDefault" + description: | + If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. + - !ruby/object:Api::Type::NestedObject + name: "template" + required: true + description: | + The template used to create revisions for this Service. + properties: + - !ruby/object:Api::Type::String + name: "revision" + description: |- + The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: |- + KRM-style labels for the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: "annotations" + description: |- + KRM-style annotations for the resource. + - !ruby/object:Api::Type::NestedObject + name: "scaling" + description: | + Scaling settings for this Revision. + properties: + - !ruby/object:Api::Type::Integer + name: "minInstanceCount" + description: |- + Minimum number of serving instances that this resource should have. + - !ruby/object:Api::Type::Integer + name: "maxInstanceCount" + description: |- + Maximum number of serving instances that this resource should have. + - !ruby/object:Api::Type::NestedObject + name: "vpcAccess" + description: |- + VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + - !ruby/object:Api::Type::String + name: "connector" + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. + - !ruby/object:Api::Type::Enum + name: "egress" + description: |- + Traffic VPC egress settings. + values: + - :ALL_TRAFFIC + - :PRIVATE_RANGES_ONLY + - !ruby/object:Api::Type::String + name: "timeout" + description: |- + Max allowed time for an instance to respond to a request. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: "serviceAccount" + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + - !ruby/object:Api::Type::Array + name: "containers" + description: |- + Holds the single container that defines the unit of execution for this task. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + description: |- + Name of the container specified as a DNS_LABEL. + - !ruby/object:Api::Type::String + name: "image" + required: true + description: |- + URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images + - !ruby/object:Api::Type::Array + name: "command" + description: |- + Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: "args" + description: |- + Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: "env" + description: |- + List of environment variables to set in the container. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + description: |- + Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. + - !ruby/object:Api::Type::String + name: "value" + description: |- + Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes + # exactly_one_of: + # - template.0.containers.0.env.0.value + # - template.0.containers.0.env.0.valueSource + - !ruby/object:Api::Type::NestedObject + name: "valueSource" + description: |- + Source for the environment variable's value. + # exactly_one_of: + # - template.0.containers.0.env.0.value + # - template.0.containers.0.env.0.valueSource + properties: + - !ruby/object:Api::Type::NestedObject + name: "secretKeyRef" + description: |- + Selects a secret and a specific version from Cloud Secret Manager. + properties: + - !ruby/object:Api::Type::String + name: "secret" + required: true + description: |- + The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. + - !ruby/object:Api::Type::String + name: "version" + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + - !ruby/object:Api::Type::NestedObject + name: "resources" + description: |- + Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: "limits" + description: |- + Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + - !ruby/object:Api::Type::Boolean + name: "cpuIdle" + description: |- + Determines whether CPU should be throttled or not outside of requests. + - !ruby/object:Api::Type::Array + name: "ports" + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + description: |- + If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". + - !ruby/object:Api::Type::Integer + name: "containerPort" + description: |- + Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. + - !ruby/object:Api::Type::Array + name: "volumeMounts" + description: |- + Volume to mount into the container's filesystem. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + description: |- + This must match the Name of a Volume. + - !ruby/object:Api::Type::String + name: "mountPath" + required: true + description: |- + Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run + - !ruby/object:Api::Type::String + name: "workingDir" + description: |- + Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. + - !ruby/object:Api::Type::NestedObject + name: "livenessProbe" + description: |- + Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + - !ruby/object:Api::Type::Integer + name: "initialDelaySeconds" + description: |- + Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 0 + - !ruby/object:Api::Type::Integer + name: "timeoutSeconds" + description: |- + Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 1 + - !ruby/object:Api::Type::Integer + name: "periodSeconds" + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + default_value: 10 + - !ruby/object:Api::Type::Integer + name: "failureThreshold" + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - !ruby/object:Api::Type::NestedObject + name: "httpGet" + description: |- + HTTPGet specifies the http request to perform. + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::String + name: "path" + default_value: "/" + description: |- + Path to access on the HTTP server. Defaults to '/'. + - !ruby/object:Api::Type::Array + name: "httpHeaders" + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + The header field name + - !ruby/object:Api::Type::String + name: value + description: |- + The header field value + default_value: "" + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: "tcpSocket" + description: |- + TCPSocket specifies an action involving a TCP port. This field is not supported in liveness probe currently. + deprecation_message: Cloud Run does not support tcp socket in liveness probe and `liveness_probe.tcp_socket` field will be removed in a future major release. + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + - !ruby/object:Api::Type::NestedObject + name: grpc + description: |- + GRPC specifies an action involving a GRPC port. + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. + - !ruby/object:Api::Type::String + name: service + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + - !ruby/object:Api::Type::NestedObject + name: "startupProbe" + description: |- + Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + - !ruby/object:Api::Type::Integer + name: "initialDelaySeconds" + description: |- + Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 0 + - !ruby/object:Api::Type::Integer + name: "timeoutSeconds" + description: |- + Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + default_value: 1 + - !ruby/object:Api::Type::Integer + name: "periodSeconds" + description: |- + How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds + default_value: 10 + - !ruby/object:Api::Type::Integer + name: "failureThreshold" + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + default_value: 3 + - !ruby/object:Api::Type::NestedObject + name: "httpGet" + description: |- + HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.containers.0.startupProbe.0.httpGet + # - template.0.containers.0.startupProbe.0.tcpSocket + # - template.0.containers.0.startupProbe.0.grpc + properties: + - !ruby/object:Api::Type::String + name: "path" + default_value: "/" + description: |- + Path to access on the HTTP server. Defaults to '/'. + - !ruby/object:Api::Type::Array + name: "httpHeaders" + description: |- + Custom headers to set in the request. HTTP allows repeated headers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: |- + The header field name + - !ruby/object:Api::Type::String + name: value + description: |- + The header field value + default_value: "" + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: "tcpSocket" + description: |- + TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.containers.0.startupProbe.0.httpGet + # - template.0.containers.0.startupProbe.0.tcpSocket + # - template.0.containers.0.startupProbe.0.grpc + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. + - !ruby/object:Api::Type::NestedObject + name: grpc + description: |- + GRPC specifies an action involving a GRPC port. + send_empty_value: true + allow_empty_object: true + # exactly_one_of: + # - template.0.containers.0.startupProbe.0.httpGet + # - template.0.containers.0.startupProbe.0.tcpSocket + # - template.0.containers.0.startupProbe.0.grpc + properties: + - !ruby/object:Api::Type::Integer + name: port + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. + - !ruby/object:Api::Type::String + name: service + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + - !ruby/object:Api::Type::Array + name: "volumes" + description: |- + A list of Volumes to make available to containers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "name" + required: true + description: |- + Volume's name. + - !ruby/object:Api::Type::NestedObject + name: "secret" + description: |- + Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + properties: + - !ruby/object:Api::Type::String + name: "secret" + required: true + description: |- + The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + - !ruby/object:Api::Type::Integer + name: "defaultMode" + description: |- + Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. + - !ruby/object:Api::Type::Array + name: "items" + description: |- + If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "path" + required: true + description: |- + The relative path of the secret in the container. + - !ruby/object:Api::Type::String + name: "version" + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version + - !ruby/object:Api::Type::Integer + name: "mode" + required: true + description: |- + Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. + - !ruby/object:Api::Type::NestedObject + name: "cloudSqlInstance" + description: |- + For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. + # exactly_one_of: + # - template.0.volumes.0.secret + # - template.0.volumes.0.cloudSqlInstance + properties: + - !ruby/object:Api::Type::Array + name: "instances" + description: |- + The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: "executionEnvironment" + description: |- + The sandbox environment to host this Revision. + values: + - :EXECUTION_ENVIRONMENT_GEN1 + - :EXECUTION_ENVIRONMENT_GEN2 + - !ruby/object:Api::Type::String + name: "encryptionKey" + description: |- + A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek + - !ruby/object:Api::Type::Integer + name: "maxInstanceRequestConcurrency" + description: |- + Sets the maximum number of requests that each serving instance can receive. + - !ruby/object:Api::Type::Array + name: "traffic" + description: |- + Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: "type" + description: | + The allocation type for this traffic target. + values: + - :TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST + - :TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION + - !ruby/object:Api::Type::String + name: "revision" + description: | + Revision to which to send this portion of traffic, if traffic allocation is by revision. + - !ruby/object:Api::Type::Integer + name: "percent" + description: | + Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. + - !ruby/object:Api::Type::String + name: "tag" + description: | + Indicates a string to be part of the URI to exclusively reference this target. + - !ruby/object:Api::Type::String + name: "observedGeneration" + output: true + description: | + The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. + - !ruby/object:Api::Type::NestedObject + name: "terminalCondition" + output: true + description: | + The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. + properties: + - !ruby/object:Api::Type::String + name: "type" + output: true + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + - !ruby/object:Api::Type::String + name: "state" + output: true + description: |- + State of the condition. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::Time + name: "lastTransitionTime" + output: true + description: |- + Last time the condition transitioned from one status to another. + - !ruby/object:Api::Type::String + name: "severity" + output: true + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + - !ruby/object:Api::Type::String + name: "reason" + output: true + description: |- + A common (service-level) reason for this condition. + - !ruby/object:Api::Type::String + name: "revisionReason" + output: true + description: |- + A reason for the revision condition. + - !ruby/object:Api::Type::String + name: "executionReason" + output: true + description: |- + A reason for the execution condition. + - !ruby/object:Api::Type::Array + name: "conditions" + description: |- + The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "type" + output: true + description: |- + type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. + - !ruby/object:Api::Type::String + name: "state" + output: true + description: |- + State of the condition. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::Time + name: "lastTransitionTime" + output: true + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: "severity" + output: true + description: |- + How to interpret failures of this condition, one of Error, Warning, Info + - !ruby/object:Api::Type::String + name: "reason" + output: true + description: |- + A common (service-level) reason for this condition. + - !ruby/object:Api::Type::String + name: "revisionReason" + output: true + description: |- + A reason for the revision condition. + - !ruby/object:Api::Type::String + name: "executionReason" + output: true + description: |- + A reason for the execution condition. + - !ruby/object:Api::Type::String + name: "latestReadyRevision" + output: true + description: | + Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. + - !ruby/object:Api::Type::String + name: "latestCreatedRevision" + output: true + description: | + Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. + - !ruby/object:Api::Type::Array + name: "trafficStatuses" + description: |- + Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "type" + output: true + description: |- + The allocation type for this traffic target. + - !ruby/object:Api::Type::String + name: "revision" + output: true + description: |- + Revision to which this traffic is sent. + - !ruby/object:Api::Type::Integer + name: "percent" + output: true + description: |- + Specifies percent of the traffic to this Revision. + - !ruby/object:Api::Type::String + name: "tag" + output: true + description: |- + Indicates the string used in the URI to exclusively reference this target. + - !ruby/object:Api::Type::String + name: "uri" + output: true + description: |- + Displays the target URI. + - !ruby/object:Api::Type::String + name: "uri" + output: true + description: | + The main URI in which this Service is serving traffic. + - !ruby/object:Api::Type::Boolean + name: "reconciling" + output: true + description: | + Returns true if the Service is currently being acted upon by the system to bring it into the desired state. + + When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. + + If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. + - !ruby/object:Api::Type::String + name: "etag" + output: true + description: | + A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. + diff --git a/mmv1/products/cloudrunv2/api.yaml b/mmv1/products/cloudrunv2/api.yaml deleted file mode 100644 index 21588b0aaca8..000000000000 --- a/mmv1/products/cloudrunv2/api.yaml +++ /dev/null @@ -1,1392 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -!ruby/object:Api::Product -name: CloudRunV2 -display_name: Cloud Run (v2 API) -scopes: - - https://www.googleapis.com/auth/cloud-platform -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://run.googleapis.com/v2/ -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Run API - url: https://console.cloud.google.com/apis/library/run.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: "Job" - base_url: projects/{{project}}/locations/{{location}}/jobs - self_link: projects/{{project}}/locations/{{location}}/jobs/{{name}} - create_url: projects/{{project}}/locations/{{location}}/jobs?jobId={{name}} - update_verb: :PATCH - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/run/docs/' - api: "https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.jobs" - description: | - A Cloud Run Job resource that references a container image which is run to completion. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: "name" - base_url: "{{op_id}}" - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: "response" - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: "done" - complete: true - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: "error" - message: "message" - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'name' - base_url: projects/{{project}}/locations/{{location}}/jobs/{{name}} - import_format: ["projects/{{project}}/locations/{{location}}/jobs/{{name}}", "{{name}}"] - parameters: - - !ruby/object:Api::Type::String - name: "location" - input: true - url_param_only: true - description: The location of the cloud run job - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - input: true - url_param_only: true - description: | - Name of the Job. - pattern: projects/{{project}}/locations/{{location}}/jobs/{{name}} - - !ruby/object:Api::Type::String - name: "uid" - output: true - description: | - Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. - - !ruby/object:Api::Type::String - name: "generation" - output: true - description: | - A number that monotonically increases every time the user modifies the desired state. - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: |- - KRM-style labels for the resource. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved. - # blocked on b/244872932 - # - !ruby/object:Api::Type::KeyValuePairs - # name: "annotations" - # description: |- - # KRM-style annotations for the resource. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run will populate some annotations using 'run.googleapis.com' or 'serving.knative.dev' namespaces. This field follows Kubernetes annotations' namespacing, limits, and rules. More info: https://kubernetes.io/docs/user-guide/annotations - - !ruby/object:Api::Type::String - name: "client" - description: | - Arbitrary identifier for the API client. - - !ruby/object:Api::Type::String - name: "clientVersion" - description: | - Arbitrary version identifier for the API client. - - !ruby/object:Api::Type::Enum - name: "launchStage" - description: | - The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. - values: - - :UNIMPLEMENTED - - :PRELAUNCH - - :EARLY_ACCESS - - :ALPHA - - :BETA - - :GA - - :DEPRECATED - - !ruby/object:Api::Type::NestedObject - name: "binaryAuthorization" - description: | - Settings for the Binary Authorization feature. - properties: - - !ruby/object:Api::Type::String - name: "breakglassJustification" - description: | - If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - - !ruby/object:Api::Type::Boolean - name: "useDefault" - description: | - If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. - - !ruby/object:Api::Type::NestedObject - name: "template" - required: true - description: | - The template used to create executions for this Job. - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: |- - KRM-style labels for the resource. - # blocked on b/244872932 - # - !ruby/object:Api::Type::KeyValuePairs - # name: "annotations" - # description: |- - # KRM-style annotations for the resource. - - !ruby/object:Api::Type::Integer - name: "parallelism" - description: |- - Specifies the maximum desired number of tasks the execution should run at given time. Must be <= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism. - - !ruby/object:Api::Type::Integer - name: "taskCount" - description: |- - Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - - !ruby/object:Api::Type::NestedObject - name: "template" - required: true - description: | - Describes the task(s) that will be created when executing an execution - properties: - - !ruby/object:Api::Type::Array - name: "containers" - description: |- - Holds the single container that defines the unit of execution for this task. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - description: |- - Name of the container specified as a DNS_LABEL. - - !ruby/object:Api::Type::String - name: "image" - required: true - description: |- - URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images - - !ruby/object:Api::Type::Array - name: "command" - description: |- - Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: "args" - description: |- - Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: "env" - description: |- - List of environment variables to set in the container. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - description: |- - Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. - - !ruby/object:Api::Type::String - name: "value" - description: |- - Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes - # exactly_one_of: - # - template.0.template.0.containers.0.env.0.value - # - template.0.template.0.containers.0.env.0.valueSource - - !ruby/object:Api::Type::NestedObject - name: "valueSource" - description: |- - Source for the environment variable's value. - # exactly_one_of: - # - template.0.template.0.containers.0.env.0.value - # - template.0.template.0.containers.0.env.0.valueSource - properties: - - !ruby/object:Api::Type::NestedObject - name: "secretKeyRef" - description: |- - Selects a secret and a specific version from Cloud Secret Manager. - properties: - - !ruby/object:Api::Type::String - name: "secret" - required: true - description: |- - The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. - - !ruby/object:Api::Type::String - name: "version" - required: true - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - !ruby/object:Api::Type::NestedObject - name: "resources" - description: |- - Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: "limits" - description: |- - Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go - - !ruby/object:Api::Type::Array - name: "ports" - description: |- - List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. - - If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - description: |- - If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". - - !ruby/object:Api::Type::Integer - name: "containerPort" - description: |- - Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. - - !ruby/object:Api::Type::Array - name: "volumeMounts" - description: |- - Volume to mount into the container's filesystem. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - description: |- - This must match the Name of a Volume. - - !ruby/object:Api::Type::String - name: "mountPath" - required: true - description: |- - Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run - - !ruby/object:Api::Type::String - name: "workingDir" - description: |- - Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. - - !ruby/object:Api::Type::NestedObject - name: "livenessProbe" - description: |- - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - deprecation_message: Cloud Run Job does not support liveness probe and `liveness_probe` field will be removed in a future major release. - properties: - - !ruby/object:Api::Type::Integer - name: "initialDelaySeconds" - description: |- - Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 0 - - !ruby/object:Api::Type::Integer - name: "timeoutSeconds" - description: |- - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 1 - - !ruby/object:Api::Type::Integer - name: "periodSeconds" - description: |- - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - default_value: 10 - - !ruby/object:Api::Type::Integer - name: "failureThreshold" - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - default_value: 3 - - !ruby/object:Api::Type::NestedObject - name: "httpGet" - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.template.0.containers.0.livenessProbe.0.httpGet - # - template.0.template.0.containers.0.livenessProbe.0.tcpSocket - properties: - - !ruby/object:Api::Type::String - name: "path" - default_value: "/" - description: |- - Path to access on the HTTP server. Defaults to '/'. - - !ruby/object:Api::Type::Array - name: httpHeaders - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - The header field name - - !ruby/object:Api::Type::String - name: value - description: |- - The header field value - default_value: "" - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: "tcpSocket" - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.template.0.containers.0.livenessProbe.0.httpGet - # - template.0.template.0.containers.0.livenessProbe.0.tcpSocket - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - - !ruby/object:Api::Type::NestedObject - name: "startupProbe" - description: |- - Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - This field is not supported in Cloud Run Job currently. - deprecation_message: Cloud Run Job does not support startup probe and `startup_probe` field will be removed in a future major release. - properties: - - !ruby/object:Api::Type::Integer - name: "initialDelaySeconds" - description: |- - Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 0 - - !ruby/object:Api::Type::Integer - name: "timeoutSeconds" - description: |- - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 1 - - !ruby/object:Api::Type::Integer - name: "periodSeconds" - description: |- - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - default_value: 10 - - !ruby/object:Api::Type::Integer - name: "failureThreshold" - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - default_value: 3 - - !ruby/object:Api::Type::NestedObject - name: "httpGet" - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.template.0.containers.startupProbe.0.httpGet - # - template.0.template.0.containers.startupProbe.0.tcpSocket - properties: - - !ruby/object:Api::Type::String - name: "path" - default_value: "/" - description: |- - Path to access on the HTTP server. Defaults to '/'. - - !ruby/object:Api::Type::Array - name: "httpHeaders" - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - The header field name - - !ruby/object:Api::Type::String - name: value - description: |- - The header field value - default_value: "" - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: "tcpSocket" - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.template.0.containers.startupProbe.0.httpGet - # - template.0.template.0.containers.startupProbe.0.tcpSocket - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - - !ruby/object:Api::Type::Array - name: "volumes" - description: |- - A list of Volumes to make available to containers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - description: |- - Volume's name. - - !ruby/object:Api::Type::NestedObject - name: "secret" - description: |- - Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - # exactly_one_of: - # - template.0.template.0.volumes.0.secret - # - template.0.template.0.volumes.0.cloudSqlInstance - properties: - - !ruby/object:Api::Type::String - name: "secret" - required: true - description: |- - The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - !ruby/object:Api::Type::Integer - name: "defaultMode" - description: |- - Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. - - !ruby/object:Api::Type::Array - name: "items" - description: |- - If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "path" - required: true - description: |- - The relative path of the secret in the container. - - !ruby/object:Api::Type::String - name: "version" - required: true - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version - - !ruby/object:Api::Type::Integer - name: "mode" - required: true - description: |- - Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. - - !ruby/object:Api::Type::NestedObject - name: "cloudSqlInstance" - description: |- - For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. - # exactly_one_of: - # - template.0.template.0.volumes.0.secret - # - template.0.template.0.volumes.0.cloudSqlInstance - properties: - - !ruby/object:Api::Type::Array - name: "instances" - description: |- - The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: "timeout" - description: |- - Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. - - A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". - - !ruby/object:Api::Type::String - name: "serviceAccount" - description: |- - Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account. - - !ruby/object:Api::Type::Enum - name: "executionEnvironment" - description: |- - The execution environment being used to host this Task. - values: - - :EXECUTION_ENVIRONMENT_GEN1 - - :EXECUTION_ENVIRONMENT_GEN2 - - !ruby/object:Api::Type::String - name: "encryptionKey" - description: |- - A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek - - !ruby/object:Api::Type::NestedObject - name: "vpcAccess" - description: |- - VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. - properties: - - !ruby/object:Api::Type::String - name: "connector" - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. - - !ruby/object:Api::Type::Enum - name: "egress" - description: |- - Traffic VPC egress settings. - values: - - :ALL_TRAFFIC - - :PRIVATE_RANGES_ONLY - - !ruby/object:Api::Type::Integer - name: "maxRetries" - description: |- - Number of retries allowed per Task, before marking this Task failed. - - !ruby/object:Api::Type::String - name: "observedGeneration" - output: true - description: | - The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run. - - !ruby/object:Api::Type::NestedObject - name: "terminalCondition" - output: true - description: | - The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state - properties: - - !ruby/object:Api::Type::String - name: "type" - output: true - description: |- - type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. - - !ruby/object:Api::Type::String - name: "state" - output: true - description: |- - State of the condition. - - !ruby/object:Api::Type::String - name: "message" - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::Time - name: "lastTransitionTime" - output: true - description: |- - Last time the condition transitioned from one status to another. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: "severity" - output: true - description: |- - How to interpret failures of this condition, one of Error, Warning, Info - - !ruby/object:Api::Type::String - name: "reason" - output: true - description: |- - A common (service-level) reason for this condition. - - !ruby/object:Api::Type::String - name: "revisionReason" - output: true - description: |- - A reason for the revision condition. - - !ruby/object:Api::Type::String - name: "executionReason" - output: true - description: |- - A reason for the execution condition. - - !ruby/object:Api::Type::Array - name: "conditions" - description: |- - The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on `reconciliation` process in Cloud Run. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "type" - output: true - description: |- - type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. - - !ruby/object:Api::Type::String - name: "state" - output: true - description: |- - State of the condition. - - !ruby/object:Api::Type::String - name: "message" - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::Time - name: "lastTransitionTime" - output: true - description: |- - Last time the condition transitioned from one status to another. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: "severity" - output: true - description: |- - How to interpret failures of this condition, one of Error, Warning, Info - - !ruby/object:Api::Type::String - name: "reason" - output: true - description: |- - A common (service-level) reason for this condition. - - !ruby/object:Api::Type::String - name: "revisionReason" - output: true - description: |- - A reason for the revision condition. - - !ruby/object:Api::Type::String - name: "executionReason" - output: true - description: |- - A reason for the execution condition. - - !ruby/object:Api::Type::Integer - name: "executionCount" - output: true - description: | - Number of executions created for this job. - - !ruby/object:Api::Type::NestedObject - name: "latestCreatedExecution" - output: true - description: | - Name of the last created execution. - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - Name of the execution. - - !ruby/object:Api::Type::Time - name: "createTime" - output: true - description: | - Creation timestamp of the execution. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::Time - name: "completionTime" - output: true - description: | - Completion timestamp of the execution. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::Boolean - name: "reconciling" - output: true - description: | - Returns true if the Job is currently being acted upon by the system to bring it into the desired state. - - When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. - - If reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution. - - If reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions - - !ruby/object:Api::Type::String - name: "etag" - output: true - description: | - A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. - - !ruby/object:Api::Resource - name: "Service" - base_url: projects/{{project}}/locations/{{location}}/services - self_link: projects/{{project}}/locations/{{location}}/services/{{name}} - create_url: projects/{{project}}/locations/{{location}}/services?serviceId={{name}} - update_verb: :PATCH - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/run/docs/' - api: "https://cloud.google.com/run/docs/reference/rest/v2/projects.locations.services" - description: | - Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'name' - base_url: projects/{{project}}/locations/{{location}}/services/{{name}} - import_format: ["projects/{{project}}/locations/{{location}}/services/{{name}}", "{{name}}"] - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: "name" - base_url: "{{op_id}}" - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: "response" - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: "done" - complete: true - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: "error" - message: "message" - parameters: - - !ruby/object:Api::Type::String - name: "location" - input: true - url_param_only: true - description: The location of the cloud run service - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - input: true - url_param_only: true - description: | - Name of the Service. - pattern: projects/{{project}}/locations/{{location}}/services/{{name}} - - !ruby/object:Api::Type::String - name: "description" - description: | - User-provided description of the Service. This field currently has a 512-character limit. - - !ruby/object:Api::Type::String - name: "uid" - output: true - description: | - Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. - - !ruby/object:Api::Type::String - name: "generation" - output: true - description: | - A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: |- - Map of string keys and values that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels Cloud Run will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' namespaces. Those labels are read-only, and user changes will not be preserved. - - !ruby/object:Api::Type::KeyValuePairs - name: "annotations" - description: |- - Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run will populate some annotations using 'run.googleapis.com' or 'serving.knative.dev' namespaces. This field follows Kubernetes annotations' namespacing, limits, and rules. More info: https://kubernetes.io/docs/user-guide/annotations - - !ruby/object:Api::Type::String - name: "client" - description: | - Arbitrary identifier for the API client. - - !ruby/object:Api::Type::String - name: "clientVersion" - description: | - Arbitrary version identifier for the API client. - - !ruby/object:Api::Type::Enum - name: "ingress" - description: | - Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. - values: - - :INGRESS_TRAFFIC_ALL - - :INGRESS_TRAFFIC_INTERNAL_ONLY - - :INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER - - !ruby/object:Api::Type::Enum - name: "launchStage" - description: | - The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports ALPHA, BETA, and GA. If no value is specified, GA is assumed. - values: - - :UNIMPLEMENTED - - :PRELAUNCH - - :EARLY_ACCESS - - :ALPHA - - :BETA - - :GA - - :DEPRECATED - - !ruby/object:Api::Type::NestedObject - name: "binaryAuthorization" - description: | - Settings for the Binary Authorization feature. - properties: - - !ruby/object:Api::Type::String - name: "breakglassJustification" - description: | - If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - - !ruby/object:Api::Type::Boolean - name: "useDefault" - description: | - If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. - - !ruby/object:Api::Type::NestedObject - name: "template" - required: true - description: | - The template used to create revisions for this Service. - properties: - - !ruby/object:Api::Type::String - name: "revision" - description: |- - The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: |- - KRM-style labels for the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: "annotations" - description: |- - KRM-style annotations for the resource. - - !ruby/object:Api::Type::NestedObject - name: "scaling" - description: | - Scaling settings for this Revision. - properties: - - !ruby/object:Api::Type::Integer - name: "minInstanceCount" - description: |- - Minimum number of serving instances that this resource should have. - - !ruby/object:Api::Type::Integer - name: "maxInstanceCount" - description: |- - Maximum number of serving instances that this resource should have. - - !ruby/object:Api::Type::NestedObject - name: "vpcAccess" - description: |- - VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. - properties: - - !ruby/object:Api::Type::String - name: "connector" - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. - - !ruby/object:Api::Type::Enum - name: "egress" - description: |- - Traffic VPC egress settings. - values: - - :ALL_TRAFFIC - - :PRIVATE_RANGES_ONLY - - !ruby/object:Api::Type::String - name: "timeout" - description: |- - Max allowed time for an instance to respond to a request. - - A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". - - !ruby/object:Api::Type::String - name: "serviceAccount" - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - !ruby/object:Api::Type::Array - name: "containers" - description: |- - Holds the single container that defines the unit of execution for this task. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - description: |- - Name of the container specified as a DNS_LABEL. - - !ruby/object:Api::Type::String - name: "image" - required: true - description: |- - URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images - - !ruby/object:Api::Type::Array - name: "command" - description: |- - Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: "args" - description: |- - Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: "env" - description: |- - List of environment variables to set in the container. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - description: |- - Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters. - - !ruby/object:Api::Type::String - name: "value" - description: |- - Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes - # exactly_one_of: - # - template.0.containers.0.env.0.value - # - template.0.containers.0.env.0.valueSource - - !ruby/object:Api::Type::NestedObject - name: "valueSource" - description: |- - Source for the environment variable's value. - # exactly_one_of: - # - template.0.containers.0.env.0.value - # - template.0.containers.0.env.0.valueSource - properties: - - !ruby/object:Api::Type::NestedObject - name: "secretKeyRef" - description: |- - Selects a secret and a specific version from Cloud Secret Manager. - properties: - - !ruby/object:Api::Type::String - name: "secret" - required: true - description: |- - The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project. - - !ruby/object:Api::Type::String - name: "version" - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - !ruby/object:Api::Type::NestedObject - name: "resources" - description: |- - Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: "limits" - description: |- - Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go - - !ruby/object:Api::Type::Boolean - name: "cpuIdle" - description: |- - Determines whether CPU should be throttled or not outside of requests. - - !ruby/object:Api::Type::Array - name: "ports" - description: |- - List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. - - If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - description: |- - If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". - - !ruby/object:Api::Type::Integer - name: "containerPort" - description: |- - Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536. - - !ruby/object:Api::Type::Array - name: "volumeMounts" - description: |- - Volume to mount into the container's filesystem. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - description: |- - This must match the Name of a Volume. - - !ruby/object:Api::Type::String - name: "mountPath" - required: true - description: |- - Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run - - !ruby/object:Api::Type::String - name: "workingDir" - description: |- - Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. - - !ruby/object:Api::Type::NestedObject - name: "livenessProbe" - description: |- - Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - - !ruby/object:Api::Type::Integer - name: "initialDelaySeconds" - description: |- - Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 0 - - !ruby/object:Api::Type::Integer - name: "timeoutSeconds" - description: |- - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 1 - - !ruby/object:Api::Type::Integer - name: "periodSeconds" - description: |- - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - default_value: 10 - - !ruby/object:Api::Type::Integer - name: "failureThreshold" - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - default_value: 3 - - !ruby/object:Api::Type::NestedObject - name: "httpGet" - description: |- - HTTPGet specifies the http request to perform. - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::String - name: "path" - default_value: "/" - description: |- - Path to access on the HTTP server. Defaults to '/'. - - !ruby/object:Api::Type::Array - name: "httpHeaders" - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - The header field name - - !ruby/object:Api::Type::String - name: value - description: |- - The header field value - default_value: "" - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: "tcpSocket" - description: |- - TCPSocket specifies an action involving a TCP port. This field is not supported in liveness probe currently. - deprecation_message: Cloud Run does not support tcp socket in liveness probe and `liveness_probe.tcp_socket` field will be removed in a future major release. - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - - !ruby/object:Api::Type::NestedObject - name: grpc - description: |- - GRPC specifies an action involving a GRPC port. - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. - - !ruby/object:Api::Type::String - name: service - description: |- - The name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. - - !ruby/object:Api::Type::NestedObject - name: "startupProbe" - description: |- - Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - - !ruby/object:Api::Type::Integer - name: "initialDelaySeconds" - description: |- - Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 0 - - !ruby/object:Api::Type::Integer - name: "timeoutSeconds" - description: |- - Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - default_value: 1 - - !ruby/object:Api::Type::Integer - name: "periodSeconds" - description: |- - How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds - default_value: 10 - - !ruby/object:Api::Type::Integer - name: "failureThreshold" - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - default_value: 3 - - !ruby/object:Api::Type::NestedObject - name: "httpGet" - description: |- - HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.containers.0.startupProbe.0.httpGet - # - template.0.containers.0.startupProbe.0.tcpSocket - # - template.0.containers.0.startupProbe.0.grpc - properties: - - !ruby/object:Api::Type::String - name: "path" - default_value: "/" - description: |- - Path to access on the HTTP server. Defaults to '/'. - - !ruby/object:Api::Type::Array - name: "httpHeaders" - description: |- - Custom headers to set in the request. HTTP allows repeated headers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: |- - The header field name - - !ruby/object:Api::Type::String - name: value - description: |- - The header field value - default_value: "" - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: "tcpSocket" - description: |- - TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.containers.0.startupProbe.0.httpGet - # - template.0.containers.0.startupProbe.0.tcpSocket - # - template.0.containers.0.startupProbe.0.grpc - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080. - - !ruby/object:Api::Type::NestedObject - name: grpc - description: |- - GRPC specifies an action involving a GRPC port. - send_empty_value: true - allow_empty_object: true - # exactly_one_of: - # - template.0.containers.0.startupProbe.0.httpGet - # - template.0.containers.0.startupProbe.0.tcpSocket - # - template.0.containers.0.startupProbe.0.grpc - properties: - - !ruby/object:Api::Type::Integer - name: port - description: |- - Port number to access on the container. Number must be in the range 1 to 65535. If not specified, defaults to the same value as container.ports[0].containerPort. - - !ruby/object:Api::Type::String - name: service - description: |- - The name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - If this is not specified, the default behavior is defined by gRPC. - - !ruby/object:Api::Type::Array - name: "volumes" - description: |- - A list of Volumes to make available to containers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "name" - required: true - description: |- - Volume's name. - - !ruby/object:Api::Type::NestedObject - name: "secret" - description: |- - Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - # exactly_one_of: - # - template.0.volumes.0.secret - # - template.0.volumes.0.cloudSqlInstance - properties: - - !ruby/object:Api::Type::String - name: "secret" - required: true - description: |- - The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - !ruby/object:Api::Type::Integer - name: "defaultMode" - description: |- - Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. - - !ruby/object:Api::Type::Array - name: "items" - description: |- - If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "path" - required: true - description: |- - The relative path of the secret in the container. - - !ruby/object:Api::Type::String - name: "version" - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version - - !ruby/object:Api::Type::Integer - name: "mode" - required: true - description: |- - Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. - - !ruby/object:Api::Type::NestedObject - name: "cloudSqlInstance" - description: |- - For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. - # exactly_one_of: - # - template.0.volumes.0.secret - # - template.0.volumes.0.cloudSqlInstance - properties: - - !ruby/object:Api::Type::Array - name: "instances" - description: |- - The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: "executionEnvironment" - description: |- - The sandbox environment to host this Revision. - values: - - :EXECUTION_ENVIRONMENT_GEN1 - - :EXECUTION_ENVIRONMENT_GEN2 - - !ruby/object:Api::Type::String - name: "encryptionKey" - description: |- - A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek - - !ruby/object:Api::Type::Integer - name: "maxInstanceRequestConcurrency" - description: |- - Sets the maximum number of requests that each serving instance can receive. - - !ruby/object:Api::Type::Array - name: "traffic" - description: |- - Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: "type" - description: | - The allocation type for this traffic target. - values: - - :TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST - - :TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION - - !ruby/object:Api::Type::String - name: "revision" - description: | - Revision to which to send this portion of traffic, if traffic allocation is by revision. - - !ruby/object:Api::Type::Integer - name: "percent" - description: | - Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. - - !ruby/object:Api::Type::String - name: "tag" - description: | - Indicates a string to be part of the URI to exclusively reference this target. - - !ruby/object:Api::Type::String - name: "observedGeneration" - output: true - description: | - The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer. - - !ruby/object:Api::Type::NestedObject - name: "terminalCondition" - output: true - description: | - The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. - properties: - - !ruby/object:Api::Type::String - name: "type" - output: true - description: |- - type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. - - !ruby/object:Api::Type::String - name: "state" - output: true - description: |- - State of the condition. - - !ruby/object:Api::Type::String - name: "message" - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::Time - name: "lastTransitionTime" - output: true - description: |- - Last time the condition transitioned from one status to another. - - !ruby/object:Api::Type::String - name: "severity" - output: true - description: |- - How to interpret failures of this condition, one of Error, Warning, Info - - !ruby/object:Api::Type::String - name: "reason" - output: true - description: |- - A common (service-level) reason for this condition. - - !ruby/object:Api::Type::String - name: "revisionReason" - output: true - description: |- - A reason for the revision condition. - - !ruby/object:Api::Type::String - name: "executionReason" - output: true - description: |- - A reason for the execution condition. - - !ruby/object:Api::Type::Array - name: "conditions" - description: |- - The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "type" - output: true - description: |- - type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. - - !ruby/object:Api::Type::String - name: "state" - output: true - description: |- - State of the condition. - - !ruby/object:Api::Type::String - name: "message" - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::Time - name: "lastTransitionTime" - output: true - description: |- - Last time the condition transitioned from one status to another. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: "severity" - output: true - description: |- - How to interpret failures of this condition, one of Error, Warning, Info - - !ruby/object:Api::Type::String - name: "reason" - output: true - description: |- - A common (service-level) reason for this condition. - - !ruby/object:Api::Type::String - name: "revisionReason" - output: true - description: |- - A reason for the revision condition. - - !ruby/object:Api::Type::String - name: "executionReason" - output: true - description: |- - A reason for the execution condition. - - !ruby/object:Api::Type::String - name: "latestReadyRevision" - output: true - description: | - Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. - - !ruby/object:Api::Type::String - name: "latestCreatedRevision" - output: true - description: | - Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run. - - !ruby/object:Api::Type::Array - name: "trafficStatuses" - description: |- - Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "type" - output: true - description: |- - The allocation type for this traffic target. - - !ruby/object:Api::Type::String - name: "revision" - output: true - description: |- - Revision to which this traffic is sent. - - !ruby/object:Api::Type::Integer - name: "percent" - output: true - description: |- - Specifies percent of the traffic to this Revision. - - !ruby/object:Api::Type::String - name: "tag" - output: true - description: |- - Indicates the string used in the URI to exclusively reference this target. - - !ruby/object:Api::Type::String - name: "uri" - output: true - description: |- - Displays the target URI. - - !ruby/object:Api::Type::String - name: "uri" - output: true - description: | - The main URI in which this Service is serving traffic. - - !ruby/object:Api::Type::Boolean - name: "reconciling" - output: true - description: | - Returns true if the Service is currently being acted upon by the system to bring it into the desired state. - - When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. - - If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. - - If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. - - !ruby/object:Api::Type::String - name: "etag" - output: true - description: | - A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. diff --git a/mmv1/products/cloudrunv2/product.yaml b/mmv1/products/cloudrunv2/product.yaml new file mode 100644 index 000000000000..c34912d1d133 --- /dev/null +++ b/mmv1/products/cloudrunv2/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +!ruby/object:Api::Product +name: CloudRunV2 +display_name: Cloud Run (v2 API) +scopes: + - https://www.googleapis.com/auth/cloud-platform +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://run.googleapis.com/v2/ +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Run API + url: https://console.cloud.google.com/apis/library/run.googleapis.com/ diff --git a/mmv1/products/cloudscheduler/Job.yaml b/mmv1/products/cloudscheduler/Job.yaml new file mode 100644 index 000000000000..b827c42a1b7b --- /dev/null +++ b/mmv1/products/cloudscheduler/Job.yaml @@ -0,0 +1,334 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Job' +base_url: projects/{{project}}/locations/{{region}}/jobs +self_link: projects/{{project}}/locations/{{region}}/jobs/{{name}} +update_verb: :PATCH +description: | + A scheduled job that can publish a PubSub message or an HTTP request + every X interval of time, using a crontab format string. + +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/scheduler/' + api: 'https://cloud.google.com/scheduler/docs/reference/rest/' +parameters: + - !ruby/object:Api::Type::String + name: 'region' + description: | + Region where the scheduler job resides + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The name of the job. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: description + description: | + A human-readable description for the job. + This string must not contain more than 500 characters. + required: false + - !ruby/object:Api::Type::String + name: schedule + description: | + Describes the schedule on which the job will be executed. + required: false + - !ruby/object:Api::Type::String + name: timeZone + description: | + Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the tz database. + required: false + default_value: 'Etc/UTC' + - !ruby/object:Api::Type::String + name: state + description: | + State of the job. + output: true + - !ruby/object:Api::Type::Boolean + name: paused + description: | + Sets the job to a paused state. Jobs default to being enabled when this property is not set. + - !ruby/object:Api::Type::String + name: attemptDeadline + description: | + The deadline for job attempts. If the request handler does not respond by this deadline then the request is + cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in + execution logs. Cloud Scheduler will retry the job according to the RetryConfig. + The allowed duration for this deadline is: + * For HTTP targets, between 15 seconds and 30 minutes. + * For App Engine HTTP targets, between 15 seconds and 24 hours. + * **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s" + required: false + default_value: '180s' + - !ruby/object:Api::Type::NestedObject + name: retryConfig + description: | + By default, if a job does not complete successfully, + meaning that an acknowledgement is not received from the handler, + then it will be retried with exponential backoff according to the settings + required: false + properties: + - !ruby/object:Api::Type::Integer + name: retryCount + description: | + The number of attempts that the system will make to run a + job using the exponential backoff procedure described by maxDoublings. + Values greater than 5 and negative values are not allowed. + required: false + at_least_one_of: + - retry_config.0.retry_count + - retry_config.0.max_retry_duration + - retry_config.0.min_backoff_duration + - retry_config.0.max_backoff_duration + - retry_config.0.max_doublings + - !ruby/object:Api::Type::String + name: maxRetryDuration + description: | + The time limit for retrying a failed job, measured from time when an execution was first attempted. + If specified with retryCount, the job will be retried until both limits are reached. + A duration in seconds with up to nine fractional digits, terminated by 's'. + required: false + at_least_one_of: + - retry_config.0.retry_count + - retry_config.0.max_retry_duration + - retry_config.0.min_backoff_duration + - retry_config.0.max_backoff_duration + - retry_config.0.max_doublings + - !ruby/object:Api::Type::String + name: minBackoffDuration + description: | + The minimum amount of time to wait before retrying a job after it fails. + A duration in seconds with up to nine fractional digits, terminated by 's'. + required: false + at_least_one_of: + - retry_config.0.retry_count + - retry_config.0.max_retry_duration + - retry_config.0.min_backoff_duration + - retry_config.0.max_backoff_duration + - retry_config.0.max_doublings + - !ruby/object:Api::Type::String + name: maxBackoffDuration + description: | + The maximum amount of time to wait before retrying a job after it fails. + A duration in seconds with up to nine fractional digits, terminated by 's'. + required: false + at_least_one_of: + - retry_config.0.retry_count + - retry_config.0.max_retry_duration + - retry_config.0.min_backoff_duration + - retry_config.0.max_backoff_duration + - retry_config.0.max_doublings + - !ruby/object:Api::Type::Integer + name: maxDoublings + description: | + The time between retries will double maxDoublings times. + A job's retry interval starts at minBackoffDuration, + then doubles maxDoublings times, then increases linearly, + and finally retries retries at intervals of maxBackoffDuration up to retryCount times. + required: false + at_least_one_of: + - retry_config.0.retry_count + - retry_config.0.max_retry_duration + - retry_config.0.min_backoff_duration + - retry_config.0.max_backoff_duration + - retry_config.0.max_doublings + - !ruby/object:Api::Type::NestedObject + name: pubsubTarget + description: | + Pub/Sub target + If the job providers a Pub/Sub target the cron will publish + a message to the provided topic + exactly_one_of: + - pubsub_target + - http_target + - app_engine_http_target + properties: + - !ruby/object:Api::Type::String + name: topicName + description: | + The full resource name for the Cloud Pub/Sub topic to which + messages will be published when a job is delivered. ~>**NOTE:** + The topic name must be in the same format as required by PubSub's + PublishRequest.name, e.g. `projects/my-project/topics/my-topic`. + required: true + - !ruby/object:Api::Type::String + name: data + description: | + The message payload for PubsubMessage. + Pubsub message must contain either non-empty data, or at least one attribute. + + A base64-encoded string. + required: false + - !ruby/object:Api::Type::KeyValuePairs + name: attributes + description: | + Attributes for PubsubMessage. + Pubsub message must contain either non-empty data, or at least one attribute. + required: false + - !ruby/object:Api::Type::NestedObject + name: appEngineHttpTarget + description: | + App Engine HTTP target. + If the job providers a App Engine HTTP target the cron will + send a request to the service instance + exactly_one_of: + - pubsub_target + - http_target + - app_engine_http_target + properties: + - !ruby/object:Api::Type::String + name: httpMethod + description: | + Which HTTP method to use for the request. + required: false + - !ruby/object:Api::Type::NestedObject + name: appEngineRouting + description: | + App Engine Routing setting for the job. + required: false + properties: + - !ruby/object:Api::Type::String + name: service + description: | + App service. + By default, the job is sent to the service which is the default service when the job is attempted. + at_least_one_of: + - app_engine_http_target.0.app_engine_routing.0.service + - app_engine_http_target.0.app_engine_routing.0.version + - app_engine_http_target.0.app_engine_routing.0.instance + required: false + - !ruby/object:Api::Type::String + name: version + description: | + App version. + By default, the job is sent to the version which is the default version when the job is attempted. + at_least_one_of: + - app_engine_http_target.0.app_engine_routing.0.service + - app_engine_http_target.0.app_engine_routing.0.version + - app_engine_http_target.0.app_engine_routing.0.instance + required: false + - !ruby/object:Api::Type::String + name: instance + description: | + App instance. + By default, the job is sent to an instance which is available when the job is attempted. + at_least_one_of: + - app_engine_http_target.0.app_engine_routing.0.service + - app_engine_http_target.0.app_engine_routing.0.version + - app_engine_http_target.0.app_engine_routing.0.instance + required: false + - !ruby/object:Api::Type::String + name: relativeUri + description: | + The relative URI. + The relative URL must begin with "/" and must be a valid HTTP relative URL. + It can contain a path, query string arguments, and \# fragments. + If the relative URL is empty, then the root path "/" will be used. + No spaces are allowed, and the maximum length allowed is 2083 characters + required: true + - !ruby/object:Api::Type::String + name: body + description: | + HTTP request body. + A request body is allowed only if the HTTP method is POST or PUT. + It will result in invalid argument error to set a body on a job with an incompatible HttpMethod. + + A base64-encoded string. + required: false + - !ruby/object:Api::Type::KeyValuePairs + name: headers + description: | + HTTP request headers. + This map contains the header field names and values. + Headers can be set when the job is created. + required: false + - !ruby/object:Api::Type::NestedObject + name: httpTarget + description: | + HTTP target. + If the job providers a http_target the cron will + send a request to the targeted url + exactly_one_of: + - pubsub_target + - http_target + - app_engine_http_target + properties: + - !ruby/object:Api::Type::String + name: uri + description: | + The full URI path that the request will be sent to. + required: true + - !ruby/object:Api::Type::String + name: httpMethod + description: | + Which HTTP method to use for the request. + required: false + - !ruby/object:Api::Type::String + name: body + description: | + HTTP request body. + A request body is allowed only if the HTTP method is POST, PUT, or PATCH. + It is an error to set body on a job with an incompatible HttpMethod. + + A base64-encoded string. + required: false + - !ruby/object:Api::Type::KeyValuePairs + name: headers + description: | + This map contains the header field names and values. + Repeated headers are not supported, but a header value can contain commas. + required: false + - !ruby/object:Api::Type::NestedObject + name: 'oauthToken' + description: | + Contains information needed for generating an OAuth token. + This type of authorization should be used when sending requests to a GCP endpoint. + properties: + - !ruby/object:Api::Type::String + name: serviceAccountEmail + required: true + description: | + Service account email to be used for generating OAuth token. + The service account must be within the same project as the job. + - !ruby/object:Api::Type::String + name: scope + description: | + OAuth scope to be used for generating OAuth access token. If not specified, + "https://www.googleapis.com/auth/cloud-platform" will be used. + - !ruby/object:Api::Type::NestedObject + name: 'oidcToken' + description: | + Contains information needed for generating an OpenID Connect token. + This type of authorization should be used when sending requests to third party endpoints or Cloud Run. + properties: + - !ruby/object:Api::Type::String + name: serviceAccountEmail + required: true + description: | + Service account email to be used for generating OAuth token. + The service account must be within the same project as the job. + - !ruby/object:Api::Type::String + name: audience + description: | + Audience to be used when generating OIDC token. If not specified, + the URI specified in target will be used. + diff --git a/mmv1/products/cloudscheduler/api.yaml b/mmv1/products/cloudscheduler/api.yaml deleted file mode 100644 index 1bebf6b4d116..000000000000 --- a/mmv1/products/cloudscheduler/api.yaml +++ /dev/null @@ -1,347 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudScheduler -display_name: Cloud Scheduler -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudscheduler.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Scheduler - url: https://console.cloud.google.com/apis/library/cloudscheduler.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Job' - base_url: projects/{{project}}/locations/{{region}}/jobs - self_link: projects/{{project}}/locations/{{region}}/jobs/{{name}} - update_verb: :PATCH - description: | - A scheduled job that can publish a PubSub message or an HTTP request - every X interval of time, using a crontab format string. - - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/scheduler/' - api: 'https://cloud.google.com/scheduler/docs/reference/rest/' - parameters: - - !ruby/object:Api::Type::String - name: 'region' - description: | - Region where the scheduler job resides - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The name of the job. - required: true - input: true - - !ruby/object:Api::Type::String - name: description - description: | - A human-readable description for the job. - This string must not contain more than 500 characters. - required: false - - !ruby/object:Api::Type::String - name: schedule - description: | - Describes the schedule on which the job will be executed. - required: false - - !ruby/object:Api::Type::String - name: timeZone - description: | - Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the tz database. - required: false - default_value: 'Etc/UTC' - - !ruby/object:Api::Type::String - name: state - description: | - State of the job. - output: true - - !ruby/object:Api::Type::Boolean - name: paused - description: | - Sets the job to a paused state. Jobs default to being enabled when this property is not set. - - !ruby/object:Api::Type::String - name: attemptDeadline - description: | - The deadline for job attempts. If the request handler does not respond by this deadline then the request is - cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in - execution logs. Cloud Scheduler will retry the job according to the RetryConfig. - The allowed duration for this deadline is: - * For HTTP targets, between 15 seconds and 30 minutes. - * For App Engine HTTP targets, between 15 seconds and 24 hours. - * **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s" - required: false - default_value: '180s' - - !ruby/object:Api::Type::NestedObject - name: retryConfig - description: | - By default, if a job does not complete successfully, - meaning that an acknowledgement is not received from the handler, - then it will be retried with exponential backoff according to the settings - required: false - properties: - - !ruby/object:Api::Type::Integer - name: retryCount - description: | - The number of attempts that the system will make to run a - job using the exponential backoff procedure described by maxDoublings. - Values greater than 5 and negative values are not allowed. - required: false - at_least_one_of: - - retry_config.0.retry_count - - retry_config.0.max_retry_duration - - retry_config.0.min_backoff_duration - - retry_config.0.max_backoff_duration - - retry_config.0.max_doublings - - !ruby/object:Api::Type::String - name: maxRetryDuration - description: | - The time limit for retrying a failed job, measured from time when an execution was first attempted. - If specified with retryCount, the job will be retried until both limits are reached. - A duration in seconds with up to nine fractional digits, terminated by 's'. - required: false - at_least_one_of: - - retry_config.0.retry_count - - retry_config.0.max_retry_duration - - retry_config.0.min_backoff_duration - - retry_config.0.max_backoff_duration - - retry_config.0.max_doublings - - !ruby/object:Api::Type::String - name: minBackoffDuration - description: | - The minimum amount of time to wait before retrying a job after it fails. - A duration in seconds with up to nine fractional digits, terminated by 's'. - required: false - at_least_one_of: - - retry_config.0.retry_count - - retry_config.0.max_retry_duration - - retry_config.0.min_backoff_duration - - retry_config.0.max_backoff_duration - - retry_config.0.max_doublings - - !ruby/object:Api::Type::String - name: maxBackoffDuration - description: | - The maximum amount of time to wait before retrying a job after it fails. - A duration in seconds with up to nine fractional digits, terminated by 's'. - required: false - at_least_one_of: - - retry_config.0.retry_count - - retry_config.0.max_retry_duration - - retry_config.0.min_backoff_duration - - retry_config.0.max_backoff_duration - - retry_config.0.max_doublings - - !ruby/object:Api::Type::Integer - name: maxDoublings - description: | - The time between retries will double maxDoublings times. - A job's retry interval starts at minBackoffDuration, - then doubles maxDoublings times, then increases linearly, - and finally retries retries at intervals of maxBackoffDuration up to retryCount times. - required: false - at_least_one_of: - - retry_config.0.retry_count - - retry_config.0.max_retry_duration - - retry_config.0.min_backoff_duration - - retry_config.0.max_backoff_duration - - retry_config.0.max_doublings - - !ruby/object:Api::Type::NestedObject - name: pubsubTarget - description: | - Pub/Sub target - If the job providers a Pub/Sub target the cron will publish - a message to the provided topic - exactly_one_of: - - pubsub_target - - http_target - - app_engine_http_target - properties: - - !ruby/object:Api::Type::String - name: topicName - description: | - The full resource name for the Cloud Pub/Sub topic to which - messages will be published when a job is delivered. ~>**NOTE:** - The topic name must be in the same format as required by PubSub's - PublishRequest.name, e.g. `projects/my-project/topics/my-topic`. - required: true - - !ruby/object:Api::Type::String - name: data - description: | - The message payload for PubsubMessage. - Pubsub message must contain either non-empty data, or at least one attribute. - - A base64-encoded string. - required: false - - !ruby/object:Api::Type::KeyValuePairs - name: attributes - description: | - Attributes for PubsubMessage. - Pubsub message must contain either non-empty data, or at least one attribute. - required: false - - !ruby/object:Api::Type::NestedObject - name: appEngineHttpTarget - description: | - App Engine HTTP target. - If the job providers a App Engine HTTP target the cron will - send a request to the service instance - exactly_one_of: - - pubsub_target - - http_target - - app_engine_http_target - properties: - - !ruby/object:Api::Type::String - name: httpMethod - description: | - Which HTTP method to use for the request. - required: false - - !ruby/object:Api::Type::NestedObject - name: appEngineRouting - description: | - App Engine Routing setting for the job. - required: false - properties: - - !ruby/object:Api::Type::String - name: service - description: | - App service. - By default, the job is sent to the service which is the default service when the job is attempted. - at_least_one_of: - - app_engine_http_target.0.app_engine_routing.0.service - - app_engine_http_target.0.app_engine_routing.0.version - - app_engine_http_target.0.app_engine_routing.0.instance - required: false - - !ruby/object:Api::Type::String - name: version - description: | - App version. - By default, the job is sent to the version which is the default version when the job is attempted. - at_least_one_of: - - app_engine_http_target.0.app_engine_routing.0.service - - app_engine_http_target.0.app_engine_routing.0.version - - app_engine_http_target.0.app_engine_routing.0.instance - required: false - - !ruby/object:Api::Type::String - name: instance - description: | - App instance. - By default, the job is sent to an instance which is available when the job is attempted. - at_least_one_of: - - app_engine_http_target.0.app_engine_routing.0.service - - app_engine_http_target.0.app_engine_routing.0.version - - app_engine_http_target.0.app_engine_routing.0.instance - required: false - - !ruby/object:Api::Type::String - name: relativeUri - description: | - The relative URI. - The relative URL must begin with "/" and must be a valid HTTP relative URL. - It can contain a path, query string arguments, and \# fragments. - If the relative URL is empty, then the root path "/" will be used. - No spaces are allowed, and the maximum length allowed is 2083 characters - required: true - - !ruby/object:Api::Type::String - name: body - description: | - HTTP request body. - A request body is allowed only if the HTTP method is POST or PUT. - It will result in invalid argument error to set a body on a job with an incompatible HttpMethod. - - A base64-encoded string. - required: false - - !ruby/object:Api::Type::KeyValuePairs - name: headers - description: | - HTTP request headers. - This map contains the header field names and values. - Headers can be set when the job is created. - required: false - - !ruby/object:Api::Type::NestedObject - name: httpTarget - description: | - HTTP target. - If the job providers a http_target the cron will - send a request to the targeted url - exactly_one_of: - - pubsub_target - - http_target - - app_engine_http_target - properties: - - !ruby/object:Api::Type::String - name: uri - description: | - The full URI path that the request will be sent to. - required: true - - !ruby/object:Api::Type::String - name: httpMethod - description: | - Which HTTP method to use for the request. - required: false - - !ruby/object:Api::Type::String - name: body - description: | - HTTP request body. - A request body is allowed only if the HTTP method is POST, PUT, or PATCH. - It is an error to set body on a job with an incompatible HttpMethod. - - A base64-encoded string. - required: false - - !ruby/object:Api::Type::KeyValuePairs - name: headers - description: | - This map contains the header field names and values. - Repeated headers are not supported, but a header value can contain commas. - required: false - - !ruby/object:Api::Type::NestedObject - name: 'oauthToken' - description: | - Contains information needed for generating an OAuth token. - This type of authorization should be used when sending requests to a GCP endpoint. - properties: - - !ruby/object:Api::Type::String - name: serviceAccountEmail - required: true - description: | - Service account email to be used for generating OAuth token. - The service account must be within the same project as the job. - - !ruby/object:Api::Type::String - name: scope - description: | - OAuth scope to be used for generating OAuth access token. If not specified, - "https://www.googleapis.com/auth/cloud-platform" will be used. - - !ruby/object:Api::Type::NestedObject - name: 'oidcToken' - description: | - Contains information needed for generating an OpenID Connect token. - This type of authorization should be used when sending requests to third party endpoints or Cloud Run. - properties: - - !ruby/object:Api::Type::String - name: serviceAccountEmail - required: true - description: | - Service account email to be used for generating OAuth token. - The service account must be within the same project as the job. - - !ruby/object:Api::Type::String - name: audience - description: | - Audience to be used when generating OIDC token. If not specified, - the URI specified in target will be used. diff --git a/mmv1/products/cloudscheduler/product.yaml b/mmv1/products/cloudscheduler/product.yaml new file mode 100644 index 000000000000..9c0b2bde6fa0 --- /dev/null +++ b/mmv1/products/cloudscheduler/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudScheduler +display_name: Cloud Scheduler +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudscheduler.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Scheduler + url: https://console.cloud.google.com/apis/library/cloudscheduler.googleapis.com/ diff --git a/mmv1/products/cloudtasks/Queue.yaml b/mmv1/products/cloudtasks/Queue.yaml new file mode 100644 index 000000000000..bea1f76fa7cd --- /dev/null +++ b/mmv1/products/cloudtasks/Queue.yaml @@ -0,0 +1,180 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Queue' +base_url: projects/{{project}}/locations/{{location}}/queues +update_verb: :PATCH +update_mask: true +description: | + A named resource to which messages are sent by publishers. +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'name' + fetch_iam_policy_verb: :POST + import_format: ["projects/{{project}}/locations/{{location}}/queues/{{name}}", "{{name}}"] +parameters: + - !ruby/object:Api::Type::Enum + name: 'status' + api_name: 'state' + # This is output-only in the API but we need to alter it in order to pause/resume the + # task queue. + output: false + description: The current state of the queue. + values: + - RUNNING + - PAUSED + - DISABLED + - !ruby/object:Api::Type::String + name: 'location' + required: true + immutable: true + description: The location of the queue +properties: + - !ruby/object:Api::Type::String + name: 'name' + immutable: true + description: The queue name. + pattern: projects/{{project}}/locations/{{location}}/queues/{{name}} + - !ruby/object:Api::Type::NestedObject + name: 'appEngineRoutingOverride' + description: | + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue + properties: + - !ruby/object:Api::Type::String + name: 'service' + description: | + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + - !ruby/object:Api::Type::String + name: 'version' + description: | + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + - !ruby/object:Api::Type::String + name: 'instance' + description: | + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + - !ruby/object:Api::Type::String + name: 'host' + output: true + description: The host that the task is sent to. + - !ruby/object:Api::Type::NestedObject + name: 'rateLimits' + description: | + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. + properties: + - !ruby/object:Api::Type::Double + name: 'maxDispatchesPerSecond' + description: | + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + - !ruby/object:Api::Type::Integer + name: 'maxConcurrentDispatches' + description: | + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + - !ruby/object:Api::Type::Integer + name: 'maxBurstSize' + output: true + description: | + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + - !ruby/object:Api::Type::NestedObject + name: 'retryConfig' + description: Settings that determine the retry behavior. + properties: + - !ruby/object:Api::Type::Integer + name: 'maxAttempts' + description: | + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + - !ruby/object:Api::Type::String + name: 'maxRetryDuration' + description: | + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. + - !ruby/object:Api::Type::String + name: 'minBackoff' + description: | + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + - !ruby/object:Api::Type::String + name: 'maxBackoff' + description: | + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + - !ruby/object:Api::Type::Integer + name: 'maxDoublings' + description: | + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + - !ruby/object:Api::Type::Time + name: 'purgeTime' + output: true + description: The last time this queue was purged. + - !ruby/object:Api::Type::NestedObject + name: 'stackdriverLoggingConfig' + description: | + Configuration options for writing logs to Stackdriver Logging. + properties: + - !ruby/object:Api::Type::Double + name: 'samplingRatio' + required: true + description: | + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + + + + + diff --git a/mmv1/products/cloudtasks/api.yaml b/mmv1/products/cloudtasks/api.yaml deleted file mode 100644 index 4d344af5661c..000000000000 --- a/mmv1/products/cloudtasks/api.yaml +++ /dev/null @@ -1,193 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: CloudTasks -display_name: Cloud Tasks -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudtasks.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Tasks - url: https://console.cloud.google.com/apis/library/cloudtasks.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Queue' - base_url: projects/{{project}}/locations/{{location}}/queues - update_verb: :PATCH - update_mask: true - description: | - A named resource to which messages are sent by publishers. - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'name' - fetch_iam_policy_verb: :POST - import_format: ["projects/{{project}}/locations/{{location}}/queues/{{name}}", "{{name}}"] - parameters: - - !ruby/object:Api::Type::Enum - name: 'status' - api_name: 'state' - # This is output-only in the API but we need to alter it in order to pause/resume the - # task queue. - output: false - description: The current state of the queue. - values: - - RUNNING - - PAUSED - - DISABLED - - !ruby/object:Api::Type::String - name: 'location' - required: true - input: true - description: The location of the queue - properties: - - !ruby/object:Api::Type::String - name: 'name' - input: true - description: The queue name. - pattern: projects/{{project}}/locations/{{location}}/queues/{{name}} - - !ruby/object:Api::Type::NestedObject - name: 'appEngineRoutingOverride' - description: | - Overrides for task-level appEngineRouting. These settings apply only - to App Engine tasks in this queue - properties: - - !ruby/object:Api::Type::String - name: 'service' - description: | - App service. - - By default, the task is sent to the service which is the default service when the task is attempted. - - !ruby/object:Api::Type::String - name: 'version' - description: | - App version. - - By default, the task is sent to the version which is the default version when the task is attempted. - - !ruby/object:Api::Type::String - name: 'instance' - description: | - App instance. - - By default, the task is sent to an instance which is available when the task is attempted. - - !ruby/object:Api::Type::String - name: 'host' - output: true - description: The host that the task is sent to. - - !ruby/object:Api::Type::NestedObject - name: 'rateLimits' - description: | - Rate limits for task dispatches. - - The queue's actual dispatch rate is the result of: - - * Number of tasks in the queue - * User-specified throttling: rateLimits, retryConfig, and the queue's state. - * System throttling due to 429 (Too Many Requests) or 503 (Service - Unavailable) responses from the worker, high error rates, or to - smooth sudden large traffic spikes. - properties: - - !ruby/object:Api::Type::Double - name: 'maxDispatchesPerSecond' - description: | - The maximum rate at which tasks are dispatched from this queue. - - If unspecified when the queue is created, Cloud Tasks will pick the default. - - !ruby/object:Api::Type::Integer - name: 'maxConcurrentDispatches' - description: | - The maximum number of concurrent tasks that Cloud Tasks allows to - be dispatched for this queue. After this threshold has been - reached, Cloud Tasks stops dispatching tasks until the number of - concurrent requests decreases. - - !ruby/object:Api::Type::Integer - name: 'maxBurstSize' - output: true - description: | - The max burst size. - - Max burst size limits how fast tasks in queue are processed when many tasks are - in the queue and the rate is high. This field allows the queue to have a high - rate so processing starts shortly after a task is enqueued, but still limits - resource usage when many tasks are enqueued in a short period of time. - - !ruby/object:Api::Type::NestedObject - name: 'retryConfig' - description: Settings that determine the retry behavior. - properties: - - !ruby/object:Api::Type::Integer - name: 'maxAttempts' - description: | - Number of attempts per task. - - Cloud Tasks will attempt the task maxAttempts times (that is, if - the first attempt fails, then there will be maxAttempts - 1 - retries). Must be >= -1. - - If unspecified when the queue is created, Cloud Tasks will pick - the default. - - -1 indicates unlimited attempts. - - !ruby/object:Api::Type::String - name: 'maxRetryDuration' - description: | - If positive, maxRetryDuration specifies the time limit for - retrying a failed task, measured from when the task was first - attempted. Once maxRetryDuration time has passed and the task has - been attempted maxAttempts times, no further attempts will be - made and the task will be deleted. - - If zero, then the task age is unlimited. - - !ruby/object:Api::Type::String - name: 'minBackoff' - description: | - A task will be scheduled for retry between minBackoff and - maxBackoff duration after it fails, if the queue's RetryConfig - specifies that the task should be retried. - - !ruby/object:Api::Type::String - name: 'maxBackoff' - description: | - A task will be scheduled for retry between minBackoff and - maxBackoff duration after it fails, if the queue's RetryConfig - specifies that the task should be retried. - - !ruby/object:Api::Type::Integer - name: 'maxDoublings' - description: | - The time between retries will double maxDoublings times. - - A task's retry interval starts at minBackoff, then doubles maxDoublings times, - then increases linearly, and finally retries retries at intervals of maxBackoff - up to maxAttempts times. - - !ruby/object:Api::Type::Time - name: 'purgeTime' - output: true - description: The last time this queue was purged. - - !ruby/object:Api::Type::NestedObject - name: 'stackdriverLoggingConfig' - description: | - Configuration options for writing logs to Stackdriver Logging. - properties: - - !ruby/object:Api::Type::Double - name: 'samplingRatio' - required: true - description: | - Specifies the fraction of operations to write to Stackdriver Logging. - This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the - default and means that no operations are logged. - - - - diff --git a/mmv1/products/cloudtasks/product.yaml b/mmv1/products/cloudtasks/product.yaml new file mode 100644 index 000000000000..3530c72845d3 --- /dev/null +++ b/mmv1/products/cloudtasks/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudTasks +display_name: Cloud Tasks +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudtasks.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Tasks + url: https://console.cloud.google.com/apis/library/cloudtasks.googleapis.com/ diff --git a/mmv1/products/compute/Address.yaml b/mmv1/products/compute/Address.yaml new file mode 100644 index 000000000000..dc4569e4e5aa --- /dev/null +++ b/mmv1/products/compute/Address.yaml @@ -0,0 +1,189 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Address' +kind: 'compute#address' +base_url: projects/{{project}}/regions/{{region}}/addresses +collection_url_key: 'items' +has_self_link: true +immutable: true +description: | + Represents an Address resource. + + Each virtual machine instance has an ephemeral internal IP address and, + optionally, an external IP address. To communicate between instances on + the same network, you can use an instance's internal IP address. To + communicate with the Internet and instances outside of the same network, + you must specify the instance's external IP address. + + Internal IP addresses are ephemeral and only belong to an instance for + the lifetime of the instance; if the instance is deleted and recreated, + the instance is assigned a new internal IP address, either by Compute + Engine or by you. External IP addresses can be either ephemeral or + static. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Reserving a Static External IP Address': 'https://cloud.google.com/compute/docs/instances-and-network' + 'Reserving a Static Internal IP Address': 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address' + api: 'https://cloud.google.com/compute/docs/reference/beta/addresses' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + URL of the region where the regional address resides. + This field is not applicable to global addresses. + required: true +properties: + - !ruby/object:Api::Type::String + name: 'address' + description: | + The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + - !ruby/object:Api::Type::Enum + name: 'addressType' + description: | + The type of address to reserve. + values: + - :INTERNAL + - :EXTERNAL + default_value: :EXTERNAL + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::String + name: 'purpose' + description: | + The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. + - !ruby/object:Api::Type::Enum + name: 'networkTier' + description: | + The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + values: + - :PREMIUM + - :STANDARD + # TODO(alexstephen): Add in status with exclude attribute. What does this + # mean? + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + The URL of the subnetwork in which to reserve the address. If an IP + address is specified, it must be within the subnetwork's IP range. + This field can only be used with INTERNAL type with + GCE_ENDPOINT/DNS_RESOLVER purposes. + - !ruby/object:Api::Type::Array + name: 'users' + description: 'The URLs of the resources that are using this address.' + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this address. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/addresses/{{name}}/setLabels' + min_version: beta + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/regions/{{region}}/addresses/{{name}}/setLabels' + update_verb: :POST + min_version: beta + - !ruby/object:Api::Type::Enum + name: 'status' + output: true + description: | + The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. + An address that is RESERVING is currently in the process of being reserved. + A RESERVED address is currently reserved and available to use. An IN_USE address + is currently being used by another resource and is not available. + values: + - :RESERVING + - :RESERVED + - :IN_USE + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The URL of the network in which to reserve the address. This field + can only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + - !ruby/object:Api::Type::Integer + name: prefixLength + description: | + The prefix length if the resource represents an IP range. diff --git a/mmv1/products/compute/Autoscaler.yaml b/mmv1/products/compute/Autoscaler.yaml new file mode 100644 index 000000000000..c7111a5d3bdc --- /dev/null +++ b/mmv1/products/compute/Autoscaler.yaml @@ -0,0 +1,384 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Autoscaler' +kind: 'compute#autoscaler' +base_url: projects/{{project}}/zones/{{zone}}/autoscalers +update_url: projects/{{project}}/zones/{{zone}}/autoscalers?autoscaler={{name}} +collection_url_key: 'items' +has_self_link: true +description: | + Represents an Autoscaler resource. + + Autoscalers allow you to automatically scale virtual machine instances in + managed instance groups according to an autoscaling policy that you + define. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Autoscaling Groups of Instances': 'https://cloud.google.com/compute/docs/autoscaler/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/autoscalers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: | + URL of the zone where the instance group resides. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'Unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. The name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::NestedObject + name: 'autoscalingPolicy' + description: | + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + required: true + properties: + - !ruby/object:Api::Type::Integer + name: 'minNumReplicas' + description: | + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + send_empty_value: true + - !ruby/object:Api::Type::Integer + name: 'maxNumReplicas' + description: | + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + required: true + - !ruby/object:Api::Type::Integer + name: 'coolDownPeriodSec' + description: | + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + default_value: 60 + - !ruby/object:Api::Type::Enum + name: 'mode' + default_value: :ON + description: | + Defines operating mode for this policy. + values: + - :OFF + - :ONLY_UP + - :ON + - !ruby/object:Api::Type::NestedObject + name: 'scaleDownControl' + min_version: beta + description: | + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - !ruby/object:Api::Type::NestedObject + name: 'maxScaledDownReplicas' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas + - autoscaling_policy.0.scale_down_control.0.time_window_sec + properties: + - !ruby/object:Api::Type::Integer + name: 'fixed' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + - !ruby/object:Api::Type::Integer + name: 'percent' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + - !ruby/object:Api::Type::Integer + name: 'timeWindowSec' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas + - autoscaling_policy.0.scale_down_control.0.time_window_sec + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + - !ruby/object:Api::Type::NestedObject + name: 'scaleInControl' + description: | + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - !ruby/object:Api::Type::NestedObject + name: 'maxScaledInReplicas' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas + - autoscaling_policy.0.scale_in_control.0.time_window_sec + properties: + - !ruby/object:Api::Type::Integer + name: 'fixed' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + - !ruby/object:Api::Type::Integer + name: 'percent' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + - !ruby/object:Api::Type::Integer + name: 'timeWindowSec' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas + - autoscaling_policy.0.scale_in_control.0.time_window_sec + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + - !ruby/object:Api::Type::NestedObject + name: 'cpuUtilization' + description: | + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + - !ruby/object:Api::Type::Double + name: 'utilizationTarget' + description: | + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + - !ruby/object:Api::Type::String + name: 'predictiveMethod' + default_value: NONE + description: | + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + - !ruby/object:Api::Type::Array + name: 'customMetricUtilizations' + description: | + Configuration parameters of autoscaling based on a custom metric. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'metric' + description: | + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + required: true + - !ruby/object:Api::Type::Double + name: 'singleInstanceAssignment' + min_version: beta + description: | + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + `pubsub.googleapis.com/subscription/num_undelivered_messages` + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + - !ruby/object:Api::Type::Double + name: 'utilizationTarget' + description: | + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + - !ruby/object:Api::Type::Enum + name: 'utilizationTargetType' + description: | + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. + values: + - :GAUGE + - :DELTA_PER_SECOND + - :DELTA_PER_MINUTE + - !ruby/object:Api::Type::String + name: 'filter' + description: | + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + min_version: beta + - !ruby/object:Api::Type::NestedObject + name: 'loadBalancingUtilization' + description: | + Configuration parameters of autoscaling based on a load balancer. + properties: + - !ruby/object:Api::Type::Double + name: 'utilizationTarget' + description: | + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + - !ruby/object:Api::Type::Map + name: 'scalingSchedules' + description: | + Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. + key_name: name + key_description: | + A name for the schedule. + value_type: !ruby/object:Api::Type::NestedObject + name: scalingSchedule + properties: + - !ruby/object:Api::Type::Integer + name: 'minRequiredReplicas' + description: | + Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. + required: true + send_empty_value: true + - !ruby/object:Api::Type::String + name: 'schedule' + description: | + The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). + required: true + - !ruby/object:Api::Type::String + name: 'timeZone' + default_value: UTC + description: | + The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. + - !ruby/object:Api::Type::Integer + name: 'durationSec' + description: | + The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. + required: true + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. + default_value: false + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of a scaling schedule. + - !ruby/object:Api::Type::ResourceRef + name: 'target' + resource: 'InstanceGroupManager' + imports: 'selfLink' + description: | + URL of the managed instance group that this autoscaler will scale. + required: true diff --git a/mmv1/products/compute/BackendBucket.yaml b/mmv1/products/compute/BackendBucket.yaml new file mode 100644 index 000000000000..fc859f972a0f --- /dev/null +++ b/mmv1/products/compute/BackendBucket.yaml @@ -0,0 +1,208 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BackendBucket' +kind: 'compute#backendBucket' +base_url: projects/{{project}}/global/backendBuckets +collection_url_key: 'items' +has_self_link: true +description: | + Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) + load balancing. + + An HTTP(S) load balancer can direct traffic to specified URLs to a + backend bucket rather than a backend service. It can send requests for + static content to a Cloud Storage bucket and requests for dynamic content + to a virtual machine instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using a Cloud Storage bucket as a load balancer backend': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-bucket' + api: 'https://cloud.google.com/compute/docs/reference/v1/backendBuckets' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +iam_policy: !ruby/object:Api::Resource::IamPolicy + min_version: beta + exclude: false + parent_resource_attribute: 'name' + import_format: ["projects/{{project}}/global/backendBuckets/{{name}}", "{{name}}"] +properties: + - !ruby/object:Api::Type::String + name: 'bucketName' + description: 'Cloud Storage bucket name.' + required: true + - !ruby/object:Api::Type::NestedObject + name: 'cdnPolicy' + description: 'Cloud CDN configuration for this Backend Bucket.' + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cacheKeyPolicy' + description: 'The CacheKeyPolicy for this CdnPolicy.' + properties: + - !ruby/object:Api::Type::Array + send_empty_value: true + name: 'queryStringWhitelist' + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + description: | + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + send_empty_value: true + name: 'includeHttpHeaders' + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + description: | + Allows HTTP request headers (by name) to be used in the + cache key. + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'signedUrlCacheMaxAgeSec' + description: | + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + - !ruby/object:Api::Type::Integer + name: 'defaultTtl' + description: | + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + - !ruby/object:Api::Type::Integer + name: 'maxTtl' + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + - !ruby/object:Api::Type::Integer + name: 'clientTtl' + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + - !ruby/object:Api::Type::Boolean + name: 'negativeCaching' + send_empty_value: true + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. + - !ruby/object:Api::Type::Array + name: 'negativeCachingPolicy' + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'code' + description: | + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + - !ruby/object:Api::Type::Integer + name: 'ttl' + description: | + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + - !ruby/object:Api::Type::Enum + name: 'cacheMode' + description: | + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC + values: + - :USE_ORIGIN_HEADERS + - :FORCE_CACHE_ALL + - :CACHE_ALL_STATIC + - !ruby/object:Api::Type::Integer + name: 'serveWhileStale' + send_empty_value: true + description: | + Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. + - !ruby/object:Api::Type::Boolean + name: 'requestCoalescing' + send_empty_value: true + description: | + If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin. + - !ruby/object:Api::Type::Array + name: 'bypassCacheOnRequestHeaders' + description: | + Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. + max_size: 5 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: | + The header field name to match on when bypassing cache. Values are case-insensitive. + - !ruby/object:Api::Type::Enum + name: 'compressionMode' + description: | + Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. + values: + - :AUTOMATIC + - :DISABLED + - !ruby/object:Api::Type::String + name: 'edgeSecurityPolicy' + description: | + The security policy associated with this backend bucket. + - !ruby/object:Api::Type::Array + name: 'customResponseHeaders' + description: | + Headers that the HTTP/S load balancer should add to proxied responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional textual description of the resource; provided by the + client when the resource is created. + - !ruby/object:Api::Type::Boolean + name: 'enableCdn' + description: 'If true, enable Cloud CDN for this BackendBucket.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'Unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + immutable: true + required: true diff --git a/mmv1/products/compute/BackendBucketSignedUrlKey.yaml b/mmv1/products/compute/BackendBucketSignedUrlKey.yaml new file mode 100644 index 000000000000..2c8abf6a2ab0 --- /dev/null +++ b/mmv1/products/compute/BackendBucketSignedUrlKey.yaml @@ -0,0 +1,78 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BackendBucketSignedUrlKey' +kind: 'compute#BackendBucketSignedUrlKey' +immutable: true +base_url: projects/{{project}}/global/backendBuckets/{{backend_bucket}} +create_url: projects/{{project}}/global/backendBuckets/{{backend_bucket}}/addSignedUrlKey +create_verb: :POST +delete_url: projects/{{project}}/global/backendBuckets/{{backend_bucket}}/deleteSignedUrlKey?keyName={{name}} +delete_verb: :POST +self_link: projects/{{project}}/global/backendBuckets/{{backend_bucket}} +identity: + - name +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - cdnPolicy + - signedUrlKeyNames + is_list_of_ids: true +description: | + A key for signing Cloud CDN signed URLs for BackendBuckets. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Signed URLs': 'https://cloud.google.com/cdn/docs/using-signed-urls/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/backendBuckets' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'backendBucket' + resource: 'BackendBucket' + imports: 'name' + description: | + The backend bucket this signed URL key belongs. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + api_name: 'keyName' + description: | + Name of the signed URL key. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'keyValue' + description: | + 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + required: true + immutable: true diff --git a/mmv1/products/compute/BackendService.yaml b/mmv1/products/compute/BackendService.yaml new file mode 100644 index 000000000000..a8eb6cd46085 --- /dev/null +++ b/mmv1/products/compute/BackendService.yaml @@ -0,0 +1,1151 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BackendService' +kind: 'compute#backendService' +base_url: projects/{{project}}/global/backendServices +collection_url_key: 'items' +has_self_link: true +description: | + A Backend Service defines a group of virtual machines that will serve + traffic for load balancing. This resource is a global backend service, + appropriate for external load balancing or self-managed internal load balancing. + For managed internal load balancing, use a regional backend service instead. + + Currently self-managed internal load balancing is only available in beta. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-service' + api: 'https://cloud.google.com/compute/docs/reference/v1/backendServices' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Integer + name: 'affinityCookieTtlSec' + description: | + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + - !ruby/object:Api::Type::Array + name: 'backends' + description: | + The set of backends that serve this BackendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'balancingMode' + default_value: :UTILIZATION + values: + - :UTILIZATION + - :RATE + - :CONNECTION + description: | + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. + - !ruby/object:Api::Type::Double + name: 'capacityScaler' + send_empty_value: true + default_value: 1.0 + description: | + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + Provide this property when you create the resource. + - !ruby/object:Api::Type::String + name: 'group' + description: | + The fully-qualified URL of an Instance Group or Network Endpoint + Group resource. In case of instance group this defines the list + of instances that serve traffic. Member virtual machine + instances from each instance group must live in the same zone as + the instance group itself. No two backends in a backend service + are allowed to use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and + Network Endpoint Group backends. + + Note that you must specify an Instance Group or Network Endpoint + Group resource using the fully-qualified URL, rather than a + partial URL. + required: true + - !ruby/object:Api::Type::Integer + name: 'maxConnections' + description: | + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + - !ruby/object:Api::Type::Integer + name: 'maxConnectionsPerInstance' + description: | + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + - !ruby/object:Api::Type::Integer + name: 'maxConnectionsPerEndpoint' + description: | + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + - !ruby/object:Api::Type::Integer + name: 'maxRate' + description: | + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + - !ruby/object:Api::Type::Double + name: 'maxRatePerInstance' + description: | + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + - !ruby/object:Api::Type::Double + name: 'maxRatePerEndpoint' + description: | + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + - !ruby/object:Api::Type::Double + name: 'maxUtilization' + description: | + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + - !ruby/object:Api::Type::NestedObject + name: 'circuitBreakers' + description: | + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'connectTimeout' + min_version: beta + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The timeout for new network connections to hosts. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Integer + name: 'maxRequestsPerConnection' + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + - !ruby/object:Api::Type::Integer + name: 'maxConnections' + default_value: 1024 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of connections to the backend cluster. + Defaults to 1024. + - !ruby/object:Api::Type::Integer + name: 'maxPendingRequests' + default_value: 1024 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + - !ruby/object:Api::Type::Integer + name: 'maxRequests' + default_value: 1024 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + - !ruby/object:Api::Type::Integer + name: 'maxRetries' + default_value: 3 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + - !ruby/object:Api::Type::Enum + name: 'compressionMode' + description: | + Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. + values: + - :AUTOMATIC + - :DISABLED + - !ruby/object:Api::Type::NestedObject + name: 'consistentHash' + description: | + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'httpCookie' + at_least_one_of: + - consistent_hash.0.http_cookie + - consistent_hash.0.http_header_name + - consistent_hash.0.minimum_ring_size + description: | + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'ttl' + at_least_one_of: + - consistent_hash.0.http_cookie.0.ttl + - consistent_hash.0.http_cookie.0.name + - consistent_hash.0.http_cookie.0.path + description: | + Lifetime of the cookie. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'name' + at_least_one_of: + - consistent_hash.0.http_cookie.0.ttl + - consistent_hash.0.http_cookie.0.name + - consistent_hash.0.http_cookie.0.path + description: | + Name of the cookie. + - !ruby/object:Api::Type::String + name: 'path' + at_least_one_of: + - consistent_hash.0.http_cookie.0.ttl + - consistent_hash.0.http_cookie.0.name + - consistent_hash.0.http_cookie.0.path + description: | + Path to set for the cookie. + - !ruby/object:Api::Type::String + name: 'httpHeaderName' + at_least_one_of: + - consistent_hash.0.http_cookie + - consistent_hash.0.http_header_name + - consistent_hash.0.minimum_ring_size + description: | + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + - !ruby/object:Api::Type::Integer + name: 'minimumRingSize' + default_value: 1024 + at_least_one_of: + - consistent_hash.0.http_cookie + - consistent_hash.0.http_header_name + - consistent_hash.0.minimum_ring_size + description: | + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + - !ruby/object:Api::Type::NestedObject + name: 'cdnPolicy' + description: 'Cloud CDN configuration for this BackendService.' + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cacheKeyPolicy' + description: 'The CacheKeyPolicy for this CdnPolicy.' + at_least_one_of: + - cdn_policy.0.cache_key_policy + - cdn_policy.0.signed_url_cache_max_age_sec + properties: + - !ruby/object:Api::Type::Boolean + name: 'includeHost' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + If true requests to different hosts will be cached separately. + - !ruby/object:Api::Type::Boolean + name: 'includeProtocol' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + If true, http and https requests will be cached separately. + - !ruby/object:Api::Type::Boolean + name: 'includeQueryString' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + - !ruby/object:Api::Type::Array + name: 'queryStringBlacklist' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + send_empty_value: true + name: 'queryStringWhitelist' + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'includeHttpHeaders' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Allows HTTP request headers (by name) to be used in the + cache key. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'includeNamedCookies' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_http_headers + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Names of cookies to include in cache keys. + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'signedUrlCacheMaxAgeSec' + default_value: 3600 + at_least_one_of: + - cdn_policy.0.cache_key_policy + - cdn_policy.0.signed_url_cache_max_age_sec + description: | + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + - !ruby/object:Api::Type::Integer + name: 'defaultTtl' + description: | + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + - !ruby/object:Api::Type::Integer + name: 'maxTtl' + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + - !ruby/object:Api::Type::Integer + name: 'clientTtl' + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + - !ruby/object:Api::Type::Boolean + name: 'negativeCaching' + send_empty_value: true + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. + - !ruby/object:Api::Type::Array + name: 'negativeCachingPolicy' + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'code' + description: | + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + - !ruby/object:Api::Type::Integer + name: 'ttl' + description: | + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + - !ruby/object:Api::Type::Enum + name: 'cacheMode' + description: | + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC + values: + - :USE_ORIGIN_HEADERS + - :FORCE_CACHE_ALL + - :CACHE_ALL_STATIC + - !ruby/object:Api::Type::Integer + name: 'serveWhileStale' + send_empty_value: true + description: | + Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. + - !ruby/object:Api::Type::NestedObject + name: 'connectionDraining' + description: | + Settings for connection draining + properties: + - !ruby/object:Api::Type::Integer + name: 'drainingTimeoutSec' + default_value: 300 + description: | + Time for which instance will be drained (not accept new + connections, but still work to finish started). + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Array + name: 'customRequestHeaders' + item_type: Api::Type::String + description: | + Headers that the HTTP/S load balancer should add to proxied + requests. + - !ruby/object:Api::Type::Array + name: 'customResponseHeaders' + item_type: Api::Type::String + description: | + Headers that the HTTP/S load balancer should add to proxied + responses. + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + output: true + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::Boolean + name: 'enableCDN' + description: | + If true, enable Cloud CDN for this BackendService. + - !ruby/object:Api::Type::Array + name: 'healthChecks' + item_type: Api::Type::String + min_size: 1 + max_size: 1 + description: | + The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource + for health checking this BackendService. Currently at most one health + check can be specified. + + A health check must be specified unless the backend service uses an internet + or serverless NEG as a backend. + + For internal load balancing, a URL to a HealthCheck resource must be specified instead. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource. This identifier is defined by the server.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'iap' + description: Settings for enabling Cloud Identity Aware Proxy + properties: + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: Enables IAP. + - !ruby/object:Api::Type::String + name: 'oauth2ClientId' + required: true + description: | + OAuth2 Client ID for IAP + - !ruby/object:Api::Type::String + name: 'oauth2ClientSecret' + required: true + description: | + OAuth2 Client Secret for IAP + - !ruby/object:Api::Type::String + name: 'oauth2ClientSecretSha256' + output: true + description: | + OAuth2 Client Secret SHA-256 for IAP + - !ruby/object:Api::Type::Enum + name: 'loadBalancingScheme' + immutable: true + description: | + Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). + default_value: :EXTERNAL + # If you're modifying this value, it probably means Global ILB is now + # an option. If that's the case, all of the documentation is based on + # this resource supporting external load balancing only. + values: + - :EXTERNAL + - :INTERNAL_SELF_MANAGED + - :EXTERNAL_MANAGED + - !ruby/object:Api::Type::Enum + name: 'localityLbPolicy' + values: + - :ROUND_ROBIN + - :LEAST_REQUEST + - :RING_HASH + - :RANDOM + - :ORIGINAL_DESTINATION + - :MAGLEV + description: | + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * `ROUND_ROBIN`: This is a simple policy in which each healthy backend + is selected in round robin order. + + * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * `RING_HASH`: The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * `RANDOM`: The load balancer selects a random healthy host. + + * `ORIGINAL_DESTINATION`: Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + + + If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, + session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. + - !ruby/object:Api::Type::Array + name: 'localityLbPolicies' + description: | + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + item_type: !ruby/object:Api::Type::NestedObject + name: 'localityLbPolicyConfig' + description: | + Container for either a built-in LB policy supported by gRPC or Envoy or + a custom one implemented by the end user. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'policy' + exactly_one_of: + - policy + - customPolicy + description: | + The configuration for a built-in load balancing policy. + properties: + - !ruby/object:Api::Type::Enum + name: 'name' + required: true + values: + - :ROUND_ROBIN + - :LEAST_REQUEST + - :RING_HASH + - :RANDOM + - :ORIGINAL_DESTINATION + - :MAGLEV + description: | + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * `ROUND_ROBIN`: This is a simple policy in which each healthy backend + is selected in round robin order. + + * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * `RING_HASH`: The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * `RANDOM`: The load balancer selects a random healthy host. + + * `ORIGINAL_DESTINATION`: Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + - !ruby/object:Api::Type::NestedObject + name: 'customPolicy' + exactly_one_of: + - policy + - customPolicy + description: | + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + - !ruby/object:Api::Type::String + name: 'data' + description: | + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::NestedObject + name: 'outlierDetection' + description: | + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseEjectionTime' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Integer + name: 'consecutiveErrors' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 5 + description: | + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + - !ruby/object:Api::Type::Integer + name: 'consecutiveGatewayFailure' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 5 + description: | + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + - !ruby/object:Api::Type::Integer + name: 'enforcingConsecutiveErrors' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 100 + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + - !ruby/object:Api::Type::Integer + name: 'enforcingConsecutiveGatewayFailure' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 0 + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + - !ruby/object:Api::Type::Integer + name: 'enforcingSuccessRate' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 100 + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + - !ruby/object:Api::Type::NestedObject + name: 'interval' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Integer + name: 'maxEjectionPercent' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 10 + description: | + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + - !ruby/object:Api::Type::Integer + name: 'successRateMinimumHosts' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 5 + description: | + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + - !ruby/object:Api::Type::Integer + name: 'successRateRequestVolume' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 100 + description: | + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + - !ruby/object:Api::Type::Integer + name: 'successRateStdevFactor' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + default_value: 1900 + description: | + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + # 'port' is deprecated + - !ruby/object:Api::Type::String + name: 'portName' + description: | + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + - !ruby/object:Api::Type::Enum + name: 'protocol' + description: | + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. + values: + - :HTTP + - :HTTPS + - :HTTP2 + - :TCP + - :SSL + - :GRPC + # TODO: make a ResourceRef to Security Policy + - !ruby/object:Api::Type::String + name: 'securityPolicy' + description: | + The security policy associated with this backend service. + - !ruby/object:Api::Type::String + name: 'edgeSecurityPolicy' + description: | + The resource URL for the edge security policy associated with this backend service. + - !ruby/object:Api::Type::NestedObject + name: 'securitySettings' + description: | + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'clientTlsPolicy' + resource: 'Region' # TODO: 'Region' is incorrect and should be 'ClientTlsPolicy' + imports: 'name' + description: | + ClientTlsPolicy is a resource that specifies how a client should authenticate + connections to backends of a service. This resource itself does not affect + configuration unless it is attached to a backend service resource. + required: true + - !ruby/object:Api::Type::Array + name: 'subjectAltNames' + description: | + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + required: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: 'sessionAffinity' + description: | + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. + values: + - :NONE + - :CLIENT_IP + - :CLIENT_IP_PORT_PROTO + - :CLIENT_IP_PROTO + - :GENERATED_COOKIE + - :HEADER_FIELD + - :HTTP_COOKIE + - !ruby/object:Api::Type::Integer + name: 'timeoutSec' + description: | + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + description: | + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + at_least_one_of: + - log_config.0.enable + - log_config.0.sample_rate + description: | + Whether to enable logging for the load balancer traffic served by this backend service. + - !ruby/object:Api::Type::Double + name: 'sampleRate' + at_least_one_of: + - log_config.0.enable + - log_config.0.sample_rate + description: | + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. diff --git a/mmv1/products/compute/BackendServiceSignedUrlKey.yaml b/mmv1/products/compute/BackendServiceSignedUrlKey.yaml new file mode 100644 index 000000000000..a57f9664254c --- /dev/null +++ b/mmv1/products/compute/BackendServiceSignedUrlKey.yaml @@ -0,0 +1,78 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BackendServiceSignedUrlKey' +kind: 'compute#BackendServiceSignedUrlKey' +immutable: true +base_url: projects/{{project}}/global/backendServices/{{backend_service}} +create_url: projects/{{project}}/global/backendServices/{{backend_service}}/addSignedUrlKey +create_verb: :POST +delete_url: projects/{{project}}/global/backendServices/{{backend_service}}/deleteSignedUrlKey?keyName={{name}} +delete_verb: :POST +self_link: projects/{{project}}/global/backendServices/{{backend_service}} +identity: + - name +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - cdnPolicy + - signedUrlKeyNames + is_list_of_ids: true +description: | + A key for signing Cloud CDN signed URLs for Backend Services. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Signed URLs': 'https://cloud.google.com/cdn/docs/using-signed-urls/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/backendServices' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'BackendService' + imports: 'name' + description: | + The backend service this signed URL key belongs. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + api_name: 'keyName' + description: | + Name of the signed URL key. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'keyValue' + description: | + 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + required: true + immutable: true diff --git a/mmv1/products/compute/Disk.yaml b/mmv1/products/compute/Disk.yaml new file mode 100644 index 000000000000..05ef858c85f1 --- /dev/null +++ b/mmv1/products/compute/Disk.yaml @@ -0,0 +1,367 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Disk' +kind: 'compute#disk' +immutable: true +base_url: projects/{{project}}/zones/{{zone}}/disks +collection_url_key: 'items' +has_self_link: true +description: | + Persistent disks are durable storage devices that function similarly to + the physical disks in a desktop or a server. Compute Engine manages the + hardware behind these devices to ensure data redundancy and optimize + performance for you. Persistent disks are available as either standard + hard disk drives (HDD) or solid-state drives (SSD). + + Persistent disks are located independently from your virtual machine + instances, so you can detach or move persistent disks to keep your data + even after you delete your instances. Persistent disk performance scales + automatically with size, so you can resize your existing persistent disks + or add more persistent disks to an instance to meet your performance and + storage space requirements. + + Add a persistent disk to your instance when you need reliable and + affordable storage with consistent performance characteristics. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Adding a persistent disk': + 'https://cloud.google.com/compute/docs/disks/add-persistent-disk' + api: 'https://cloud.google.com/compute/docs/reference/v1/disks' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'A reference to the zone where the disk resides.' + required: true + - !ruby/object:Api::Type::NestedObject + name: 'sourceImageEncryptionKey' + description: | + The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + immutable: true + - !ruby/object:Api::Type::String + name: 'sourceImageId' + description: | + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'diskEncryptionKey' + description: | + Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'rsaEncryptedKey' + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + Your project's Compute Engine System service account + (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have + `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + immutable: true + - !ruby/object:Api::Type::ResourceRef + name: 'sourceSnapshot' + resource: 'Snapshot' + imports: 'selfLink' + description: | + The source snapshot used to create this disk. You can provide this as + a partial or full URL to the resource. If the snapshot is in another + project than this disk, you must supply a full URL. For example, the + following are valid values: + + * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` + * `projects/project/global/snapshots/snapshot` + * `global/snapshots/snapshot` + - !ruby/object:Api::Type::NestedObject + name: 'sourceSnapshotEncryptionKey' + description: | + The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + immutable: true + - !ruby/object:Api::Type::String + name: 'sourceSnapshotId' + description: | + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + output: true +properties: + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/setLabels' + update_verb: :POST + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Time + name: 'lastAttachTimestamp' + description: 'Last attach timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Time + name: 'lastDetachTimestamp' + description: 'Last detach timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this disk. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/setLabels' + - !ruby/object:Api::Type::Array + name: 'licenses' + description: 'Any applicable publicly visible licenses.' + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Integer + name: 'sizeGb' + description: | + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the sourceImage or + sourceSnapshot parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with sourceImage or sourceSnapshot, + the value of sizeGb must not be less than the size of the sourceImage + or the size of the snapshot. + update_verb: :POST + update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/resize' + - !ruby/object:Api::Type::Array + name: 'users' + description: | + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance + item_type: !ruby/object:Api::Type::ResourceRef + name: 'user' + resource: 'Instance' + imports: 'selfLink' + description: 'A reference to a user of this disk' + output: true + - !ruby/object:Api::Type::Integer + name: 'physicalBlockSizeBytes' + description: | + Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + - !ruby/object:Api::Type::String + name: 'interface' + min_version: 'beta' + # interface is removed using url_param_only to preserve schema definition + # and prevent sending or reading in API requests + url_param_only: true + default_value: 'SCSI' + deprecation_message: This field is no longer in use, disk interfaces will be automatically determined on attachment. To resolve this issue, remove this field from your config. + description: | + Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. + - !ruby/object:Api::Type::String + name: 'sourceDisk' + description: | + The source disk used to create this disk. You can provide this as a partial or full URL to the resource. + For example, the following are valid values: + + * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk} + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk} + * projects/{project}/zones/{zone}/disks/{disk} + * projects/{project}/regions/{region}/disks/{disk} + * zones/{zone}/disks/{disk} + * regions/{region}/disks/{disk} + - !ruby/object:Api::Type::String + name: 'sourceDiskId' + description: | + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'type' + resource: 'DiskType' + imports: 'selfLink' + description: | + URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + - !ruby/object:Api::Type::String + name: 'sourceImage' + description: | + The source image used to create this disk. If the source image is + deleted, this field will not be set. + + To create a disk with one of the public operating system images, + specify the image by its family name. For example, specify + family/debian-11 to use the latest Debian 11 image: + + projects/debian-cloud/global/images/family/debian-11 + + Alternatively, use a specific version of a public operating system + image: + + projects/debian-cloud/global/images/debian-11-bullseye-vYYYYMMDD + + To create a disk with a private image that you created, specify the + image name in the following format: + + global/images/my-private-image + + You can also specify a private image by its image family, which + returns the latest version of the image in that family. Replace the + image name with family/family-name: + + global/images/family/my-private-family + immutable: true + - !ruby/object:Api::Type::Array + name: 'resourcePolicies' + min_version: beta + description: 'Resource policies applied to this disk for automatic snapshot creations.' + item_type: !ruby/object:Api::Type::ResourceRef + name: 'resourcePolicy' + resource: 'ResourcePolicy' + imports: 'selfLink' + description: 'A resource policy applied to this disk for automatic snapshot creations.' + - !ruby/object:Api::Type::Boolean + name: 'multiWriter' + description: | + Indicates whether or not the disk can be read/write attached to more than one instance. + min_version: beta + - !ruby/object:Api::Type::Integer + name: 'provisionedIops' + description: | + Indicates how many IOPS must be provisioned for the disk. diff --git a/mmv1/products/compute/DiskResourcePolicyAttachment.yaml b/mmv1/products/compute/DiskResourcePolicyAttachment.yaml new file mode 100644 index 000000000000..d1b8aa8e7b6d --- /dev/null +++ b/mmv1/products/compute/DiskResourcePolicyAttachment.yaml @@ -0,0 +1,72 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DiskResourcePolicyAttachment' +immutable: true +base_url: projects/{{project}}/zones/{{zone}}/disks/{{disk}} +create_verb: :POST +create_url: projects/{{project}}/zones/{{zone}}/disks/{{disk}}/addResourcePolicies +delete_verb: :POST +delete_url: projects/{{project}}/zones/{{zone}}/disks/{{disk}}/removeResourcePolicies +self_link: projects/{{project}}/zones/{{zone}}/disks/{{disk}} +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - resourcePolicies + is_list_of_ids: true +identity: + - name +description: | + Disk resource policies define a schedule for taking snapshots and a + retention period for these snapshots. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'disk' + resource: 'Disk' + imports: 'name' + description: | + The name of the disk in which the resource policies are attached to. + required: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'A reference to the zone where the disk resides.' + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource policy to be attached to the disk for scheduling snapshot + creation. Do not specify the self link. + required: true diff --git a/mmv1/products/compute/DiskType.yaml b/mmv1/products/compute/DiskType.yaml new file mode 100644 index 000000000000..68185bba074c --- /dev/null +++ b/mmv1/products/compute/DiskType.yaml @@ -0,0 +1,108 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DiskType' +kind: 'compute#diskType' +base_url: projects/{{project}}/zones/{{zone}}/diskTypes +collection_url_key: 'items' +# TODO(nelsonjr): Search all documentation for references of using URL (like +# the description below) and replace with the proper reference to the +# corresponding type. +description: | + Represents a DiskType resource. A DiskType resource represents the type + of disk to use, such as a pd-ssd, pd-balanced or pd-standard. To reference a disk + type, use the disk type's full or partial URL. +# TODO(nelsonjr): Temporarily make DiskType virtual so no tests gets +# triggered for create. Implement support for read only objects, and delete +# the virtual tag +# | readonly: true +readonly: true +has_self_link: true +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'A reference to the zone where the disk type resides.' + required: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Integer + name: 'defaultDiskSizeGb' + description: 'Server-defined default disk size in GB.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'deprecated' + description: 'The deprecation status associated with this disk type.' + output: true + properties: + - !ruby/object:Api::Type::Time + name: 'deleted' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DELETED. + output: true + - !ruby/object:Api::Type::Time + name: 'deprecated' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DEPRECATED. + output: true + - !ruby/object:Api::Type::Time + name: 'obsolete' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to OBSOLETE. + output: true + - !ruby/object:Api::Type::String + name: 'replacement' + description: | + The URL of the suggested replacement for a deprecated resource. The + suggested replacement resource must be the same kind of resource as + the deprecated resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource using a + DEPRECATED resource will return successfully, but with a warning + indicating the deprecated resource and recommending its replacement. + Operations which use OBSOLETE or DELETED resources will be rejected + and result in an error. + values: + - :DEPRECATED + - :OBSOLETE + - :DELETED + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the resource.' + - !ruby/object:Api::Type::String + name: 'validDiskSize' + description: | + An optional textual description of the valid disk size, such as + "10GB-10TB". + output: true diff --git a/mmv1/products/compute/ExternalVpnGateway.yaml b/mmv1/products/compute/ExternalVpnGateway.yaml new file mode 100644 index 000000000000..dbecd9c61a0c --- /dev/null +++ b/mmv1/products/compute/ExternalVpnGateway.yaml @@ -0,0 +1,90 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ExternalVpnGateway' +kind: 'compute#externalVpnGateway' +base_url: projects/{{project}}/global/externalVpnGateways +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a VPN gateway managed outside of GCP. +references: !ruby/object:Api::Resource::ReferenceLinks + api: https://cloud.google.com/compute/docs/reference/rest/v1/externalVpnGateways +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'Labels for the external VPN gateway resource.' + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::Enum + name: 'redundancyType' + description: | + Indicates the redundancy type of this external VPN gateway + values: + - :FOUR_IPS_REDUNDANCY + - :SINGLE_IP_INTERNALLY_REDUNDANT + - :TWO_IPS_REDUNDANCY + - !ruby/object:Api::Type::Array + name: 'interfaces' + description: | + A list of interfaces on this external VPN gateway. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'id' + send_empty_value: true + description: | + The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * `0 - SINGLE_IP_INTERNALLY_REDUNDANT` + * `0, 1 - TWO_IPS_REDUNDANCY` + * `0, 1, 2, 3 - FOUR_IPS_REDUNDANCY` + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: | + IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. diff --git a/mmv1/products/compute/Firewall.yaml b/mmv1/products/compute/Firewall.yaml new file mode 100644 index 000000000000..23f5c6da281f --- /dev/null +++ b/mmv1/products/compute/Firewall.yaml @@ -0,0 +1,299 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Firewall' +kind: 'compute#firewall' +base_url: projects/{{project}}/global/firewalls +collection_url_key: 'items' +update_verb: :PATCH +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/firewalls' + api: 'https://cloud.google.com/compute/docs/reference/v1/firewalls' +description: | + Each network has its own firewall controlling access to and from the + instances. + + All traffic to instances, even from other instances, is blocked by the + firewall unless firewall rules are created to allow it. + + The default network has automatically created firewall rules that are + shown in default firewall rules. No manually created network has + automatically created firewall rules except for a default "allow" rule for + outgoing traffic and a default "deny" for incoming traffic. For all + networks except the default network, you must create any firewall rules + you need. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + # TODO(nelsonjr): [nice to have] Make the format here simpler to use, in + # the form of # 22/tcp, [12345-23456]/tcp. It requires a conversion + # function to the # final JSON format expected by the API for this + # proposal to work. + - !ruby/object:Api::Type::Array + name: 'allowed' + description: | + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + exactly_one_of: + - allow + - deny + item_type: !ruby/object:Api::Type::NestedObject + properties: + # IPProtocol has to be string, instead of Enum because user can + # specify the protocol by number as well. + - !ruby/object:Api::Type::String + name: 'ip_protocol' + description: | + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + api_name: 'IPProtocol' + required: true + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'ports' + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Array + name: 'denied' + exactly_one_of: + - allow + - deny + description: | + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + item_type: !ruby/object:Api::Type::NestedObject + properties: + # IPProtocol has to be string, instead of Enum because user can + # specify the protocol by number as well. + - !ruby/object:Api::Type::String + name: 'ip_protocol' + description: | + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + api_name: 'IPProtocol' + required: true + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'ports' + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Array + name: 'destinationRanges' + description: | + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. Only IPv4 is supported. + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: 'direction' + description: | + Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + `source_ranges` OR `source_tags`. For INGRESS traffic, one of `source_ranges`, + `source_tags` or `source_service_accounts` is required. + values: + - :INGRESS + - :EGRESS + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + send_empty_value: true + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + description: | + This field denotes the logging options for a particular firewall rule. + If logging is enabled, logs will be exported to Cloud Logging. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + description: | + This field denotes whether to enable logging for a particular + firewall rule. If logging is enabled, logs will be exported to + Stackdriver. + - !ruby/object:Api::Type::Enum + name: 'metadata' + description: | + This field denotes whether to include or exclude metadata for firewall logs. + values: + - :EXCLUDE_ALL_METADATA + - :INCLUDE_ALL_METADATA + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + required: true + description: | + URL of the network resource for this firewall rule. If not specified + when creating a firewall rule, the default network is used: + + global/networks/default + + If you choose to specify this property, you can specify the network as + a full or partial URL. For example, the following are all valid URLs: + + https://www.googleapis.com/compute/v1/projects/myproject/global/ + networks/my-network + projects/myproject/global/networks/my-network + global/networks/default + - !ruby/object:Api::Type::Integer + name: 'priority' + description: | + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + default_value: 1000 + send_empty_value: true + - !ruby/object:Api::Type::Array + name: 'sourceRanges' + description: | + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. Only IPv4 is supported. For INGRESS traffic, one of `source_ranges`, + `source_tags` or `source_service_accounts` is required. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'sourceServiceAccounts' + description: | + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. For INGRESS traffic, + one of `source_ranges`, `source_tags` or `source_service_accounts` is required. + item_type: Api::Type::String + max_size: 10 + conflicts: + - source_tags + - target_tags + - !ruby/object:Api::Type::Array + name: 'sourceTags' + description: | + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of `source_ranges`, `source_tags` or `source_service_accounts` is required. + item_type: Api::Type::String + conflicts: + - source_service_accounts + - target_service_accounts + - !ruby/object:Api::Type::Array + name: 'targetServiceAccounts' + description: | + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + item_type: Api::Type::String + max_size: 10 + conflicts: + - source_tags + - target_tags + - !ruby/object:Api::Type::Array + name: 'targetTags' + description: | + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + item_type: Api::Type::String + conflicts: + - source_service_accounts + - target_service_accounts diff --git a/mmv1/products/compute/ForwardingRule.yaml b/mmv1/products/compute/ForwardingRule.yaml new file mode 100644 index 000000000000..d7e5d8ba0e51 --- /dev/null +++ b/mmv1/products/compute/ForwardingRule.yaml @@ -0,0 +1,323 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ForwardingRule' +kind: 'compute#forwardingRule' +base_url: projects/{{project}}/regions/{{region}}/forwardingRules +collection_url_key: 'items' +has_self_link: true +description: | + A ForwardingRule resource. A ForwardingRule resource specifies which pool + of target virtual machines to forward a packet to if it matches the given + [IPAddress, IPProtocol, portRange] tuple. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules' + api: 'https://cloud.google.com/compute/docs/reference/v1/forwardingRules' +immutable: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + A reference to the region where the regional forwarding rule resides. + This field is not applicable to global forwarding rules. + required: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Boolean + name: 'isMirroringCollector' + description: | + Indicates whether or not this load balancer can be used + as a collector for packet mirroring. To prevent mirroring loops, + instances behind this load balancer will not have their traffic + mirrored even if a PacketMirroring rule applies to them. This + can only be set to true for load balancers that have their + loadBalancingScheme set to INTERNAL. + - !ruby/object:Api::Type::String + name: 'pscConnectionId' + description: 'The PSC connection id of the PSC Forwarding Rule.' + output: true + - !ruby/object:Api::Type::String + name: 'pscConnectionStatus' + description: 'The PSC connection status of the PSC Forwarding Rule. Possible + values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + # This is a multi-resource resource reference (Address, GlobalAddress) + - !ruby/object:Api::Type::String + name: 'IPAddress' + description: | + The IP address that this forwarding rule serves. When a client sends + traffic to this IP address, the forwarding rule directs the traffic to + the target that you specify in the forwarding rule. The + loadBalancingScheme and the forwarding rule's target determine the + type of IP address that you can use. For detailed information, refer + to [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). + + An address can be specified either by a literal IP address or a + reference to an existing Address resource. If you don't specify a + reserved IP address, an ephemeral IP address is assigned. + + The value must be set to 0.0.0.0 when the target is a targetGrpcProxy + that has validateForProxyless field set to true. + + For Private Service Connect forwarding rules that forward traffic to + Google APIs, IP address must be provided. + - !ruby/object:Api::Type::Enum + name: 'IPProtocol' + description: | + The IP protocol to which this rule applies. + + When the load balancing scheme is INTERNAL, only TCP and UDP are + valid. + values: + - :TCP + - :UDP + - :ESP + - :AH + - :SCTP + - :ICMP + - :L3_DEFAULT + # This is a multi-resource resource reference (BackendService (global), RegionBackendService) + # We have custom expands that manage this. + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'BackendService' + imports: 'selfLink' + description: | + A BackendService to receive the matched traffic. This is used only + for INTERNAL load balancing. + - !ruby/object:Api::Type::Enum + name: 'loadBalancingScheme' + description: | + This signifies what the ForwardingRule will be used for and can be + EXTERNAL, EXTERNAL_MANAGED, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic + Cloud VPN gateways, protocol forwarding to VMs from an external IP address, + and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. + INTERNAL is used for protocol forwarding to VMs from an internal IP address, + and internal TCP/UDP load balancers. + EXTERNAL_MANAGED is used for regional external HTTP(S) load balancers. + INTERNAL_MANAGED is used for internal HTTP(S) load balancers. + + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set to "" + if the target is an URI of a service attachment. + values: + - :EXTERNAL + - :EXTERNAL_MANAGED + - :INTERNAL + - :INTERNAL_MANAGED + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + For internal load balancing, this field identifies the network that + the load balanced IP should belong to for this Forwarding Rule. If + this field is not specified, the default network will be used. + This field is only used for INTERNAL load balancing. + # TODO(nelsonjr): When implementing new types enable converting the + # manifest input from a single value to a range of form NN-NN. The API + # accepts a single value, e.g. '80', but the API stores and returns + # '80-80'. This causes idempotency false positive. + - !ruby/object:Api::Type::String + name: 'portRange' + description: | + This field is used along with the target field for TargetHttpProxy, + TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, + TargetPool, TargetInstance. + + Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets + addressed to ports in the specified range will be forwarded to target. + Forwarding rules with the same [IPAddress, IPProtocol] pair must have + disjoint port ranges. + + Some types of forwarding target have constraints on the acceptable + ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, + 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, + 1883, 5222 + * TargetVpnGateway: 500, 4500 + - !ruby/object:Api::Type::Array + name: 'ports' + max_size: 5 + description: | + This field is used along with internal load balancing and network + load balancer when the forwarding rule references a backend service + and when protocol is not L3_DEFAULT. + + A single port or a comma separated list of ports can be configured. + Only packets addressed to these ports will be forwarded to the backends + configured with this forwarding rule. + + You can only use one of ports and portRange, or allPorts. + The three are mutually exclusive. + + You may specify a maximum of up to 5 ports, which can be non-contiguous. + item_type: Api::Type::String + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + The subnetwork that the load balanced IP should belong to for this + Forwarding Rule. This field is only used for INTERNAL load balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. + # This is a multi-resource resource reference (TargetHttp(s)Proxy, + # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, + # TargetInstance) + - !ruby/object:Api::Type::String + name: 'target' + description: | + The URL of the target resource to receive the matched traffic. + The target must live in the same region as the forwarding rule. + The forwarded traffic must be of a type appropriate to the target + object. + update_verb: :POST + update_url: + 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setTarget' + - !ruby/object:Api::Type::Boolean + name: 'allowGlobalAccess' + description: | + If true, clients can access ILB from all regions. + Otherwise only allows from the local region the ILB is located at. + send_empty_value: true + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this forwarding rule. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' + min_version: beta + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' + update_verb: :POST + min_version: beta + # While this field doesn't appear in the resource definition in the docs, + # it's present in Get and Insert, and the resource has no Update/Patch call. + - !ruby/object:Api::Type::Boolean + name: 'allPorts' + description: | + This field can be used with internal load balancer or network load balancer + when the forwarding rule references a backend service, or with the target + field when it references a TargetInstance. Set this to true to + allow packets addressed to any ports to be forwarded to the backends configured + with this forwarding rule. This can be used when the protocol is TCP/UDP, and it + must be set to true when the protocol is set to L3_DEFAULT. + Cannot be set if port or portRange are set. + - !ruby/object:Api::Type::Enum + name: 'networkTier' + description: | + The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + values: + - :PREMIUM + - :STANDARD + immutable: true + - !ruby/object:Api::Type::Array + name: 'serviceDirectoryRegistrations' + description: | + Service Directory resources to register this forwarding rule with. Currently, + only supports a single Service Directory resource. + min_size: 0 + max_size: 1 + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'namespace' + description: | + Service Directory namespace to register the forwarding rule under. + immutable: true + - !ruby/object:Api::Type::String + name: 'service' + description: | + Service Directory service to register the forwarding rule under. + immutable: true + - !ruby/object:Api::Type::String + name: 'serviceLabel' + description: | + An optional prefix to the service name for this Forwarding Rule. + If specified, will be the first label of the fully qualified service + name. + + The label must be 1-63 characters long, and comply with RFC1035. + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first + character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + This field is only used for INTERNAL load balancing. + - !ruby/object:Api::Type::String + name: 'serviceName' + description: | + The internal fully qualified service name for this Forwarding Rule. + This field is only used for INTERNAL load balancing. + output: true diff --git a/mmv1/products/compute/GlobalAddress.yaml b/mmv1/products/compute/GlobalAddress.yaml new file mode 100644 index 000000000000..7f73414e48db --- /dev/null +++ b/mmv1/products/compute/GlobalAddress.yaml @@ -0,0 +1,147 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'GlobalAddress' +kind: 'compute#address' +base_url: projects/{{project}}/global/addresses +collection_url_key: 'items' +has_self_link: true +description: | + Represents a Global Address resource. Global addresses are used for + HTTP(S) load balancing. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Reserving a Static External IP Address': + 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address' + api: 'https://cloud.google.com/compute/docs/reference/v1/globalAddresses' +immutable: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: 'address' + description: | + The IP address or beginning of the address range represented by this + resource. This can be supplied as an input to reserve a specific + address or omitted to allow GCP to choose a valid one for you. + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this address. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' + min_version: beta + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' + update_verb: :POST + min_version: beta + - !ruby/object:Api::Type::Enum + name: 'ipVersion' + description: | + The IP Version that will be used by this address. The default value is `IPV4`. + values: + - :IPV4 + - :IPV6 + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + description: | + A reference to the region where the regional address resides. + output: true + - !ruby/object:Api::Type::Integer + name: 'prefixLength' + description: | + The prefix length of the IP range. If not present, it means the + address field is a single IP address. + + This field is not applicable to addresses with addressType=EXTERNAL, + or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT + - !ruby/object:Api::Type::Enum + name: 'addressType' + description: | + The type of the address to reserve. + + * EXTERNAL indicates public/external single IP address. + * INTERNAL indicates internal IP ranges belonging to some network. + values: + - :EXTERNAL + - :INTERNAL + default_value: :EXTERNAL + - !ruby/object:Api::Type::String + name: 'purpose' + description: | + The purpose of the resource. Possible values include: + + * VPC_PEERING - for peer networks + + * PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The URL of the network in which to reserve the IP range. The IP range + must be in RFC1918 space. The network cannot be deleted if there are + any reserved IP ranges referring to it. + + This should only be set when using an Internal address. + # status is not useful for state convergence + # users[] is not useful for state convergence diff --git a/mmv1/products/compute/GlobalForwardingRule.yaml b/mmv1/products/compute/GlobalForwardingRule.yaml new file mode 100644 index 000000000000..323efc3e79de --- /dev/null +++ b/mmv1/products/compute/GlobalForwardingRule.yaml @@ -0,0 +1,256 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'GlobalForwardingRule' +kind: 'compute#forwardingRule' +base_url: projects/{{project}}/global/forwardingRules +immutable: true +has_self_link: true +collection_url_key: 'items' +description: | + Represents a GlobalForwardingRule resource. Global forwarding rules are + used to forward traffic to the correct load balancer for HTTP load + balancing. Global forwarding rules can only be used for HTTP load + balancing. + + For more information, see + https://cloud.google.com/compute/docs/load-balancing/http/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + # This is a multi-resource resource reference (Address, GlobalAddress) + - !ruby/object:Api::Type::String + name: 'IPAddress' + description: | + The IP address that this forwarding rule serves. When a client sends + traffic to this IP address, the forwarding rule directs the traffic to + the target that you specify in the forwarding rule. The + loadBalancingScheme and the forwarding rule's target determine the + type of IP address that you can use. For detailed information, refer + to [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). + + An address can be specified either by a literal IP address or a + reference to an existing Address resource. If you don't specify a + reserved IP address, an ephemeral IP address is assigned. + + The value must be set to 0.0.0.0 when the target is a targetGrpcProxy + that has validateForProxyless field set to true. + + For Private Service Connect forwarding rules that forward traffic to + Google APIs, IP address must be provided. + - !ruby/object:Api::Type::Enum + name: 'IPProtocol' + description: | + The IP protocol to which this rule applies. When the load balancing scheme is + INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the + global address is configured as a purpose of PRIVATE_SERVICE_CONNECT + and addressType of INTERNAL + values: + - :TCP + - :UDP + - :ESP + - :AH + - :SCTP + - :ICMP + - !ruby/object:Api::Type::Enum + name: 'ipVersion' + description: | + The IP Version that will be used by this global forwarding rule. + values: + - :IPV4 + - :IPV6 + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this forwarding rule. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' + min_version: beta + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' + update_verb: :POST + min_version: beta + - !ruby/object:Api::Type::Enum + name: 'loadBalancingScheme' + description: | + This signifies what the GlobalForwardingRule will be used for. + The value of INTERNAL_SELF_MANAGED means that this will be used for + Internal Global HTTP(S) LB. The value of EXTERNAL means that this + will be used for External Global Load Balancing (HTTP(S) LB, + External TCP/UDP LB, SSL Proxy). The value of EXTERNAL_MANAGED means + that this will be used for Global external HTTP(S) load balancers. + + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is + configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. + default_value: :EXTERNAL + values: + - :EXTERNAL + - :EXTERNAL_MANAGED + - :INTERNAL_SELF_MANAGED + - !ruby/object:Api::Type::Array + name: 'metadataFilters' + description: | + Opaque filter criteria used by Loadbalancer to restrict routing + configuration to a limited set xDS compliant clients. In their xDS + requests to Loadbalancer, xDS clients present node metadata. If a + match takes place, the relevant routing configuration is made available + to those proxies. + + For each metadataFilter in this list, if its filterMatchCriteria is set + to MATCH_ANY, at least one of the filterLabels must match the + corresponding label provided in the metadata. If its filterMatchCriteria + is set to MATCH_ALL, then all of its filterLabels must match with + corresponding labels in the provided metadata. + + metadataFilters specified here can be overridden by those specified in + the UrlMap that this ForwardingRule references. + + metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'filterMatchCriteria' + description: | + Specifies how individual filterLabel matches within the list of + filterLabels contribute towards the overall metadataFilter match. + + MATCH_ANY - At least one of the filterLabels must have a matching + label in the provided metadata. + MATCH_ALL - All filterLabels must have matching labels in the + provided metadata. + required: true + values: + - :MATCH_ANY + - :MATCH_ALL + - !ruby/object:Api::Type::Array + name: 'filterLabels' + description: | + The list of label value pairs that must match labels in the + provided metadata based on filterMatchCriteria + + This list must not be empty and can have at the most 64 entries. + min_size: 1 + max_size: 64 + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the metadata label. The length must be between + 1 and 1024 characters, inclusive. + required: true + - !ruby/object:Api::Type::String + name: 'value' + description: | + The value that the label must match. The value has a maximum + length of 1024 characters. + required: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + This field is not used for external load balancing. + For INTERNAL_SELF_MANAGED load balancing, this field + identifies the network that the load balanced IP should belong to + for this global forwarding rule. If this field is not specified, + the default network will be used. + # TODO(nelsonjr): When implementing new types enable converting the + # manifest input from a single value to a range of form NN-NN. The API + # accepts a single value, e.g. '80', but the API stores and returns + # '80-80'. This causes idempotency false positive. + - !ruby/object:Api::Type::String + name: 'portRange' + description: | + This field is used along with the target field for TargetHttpProxy, + TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, + TargetPool, TargetInstance. + + Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets + addressed to ports in the specified range will be forwarded to target. + Forwarding rules with the same [IPAddress, IPProtocol] pair must have + disjoint port ranges. + + Some types of forwarding target have constraints on the acceptable + ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, + 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, + 1883, 5222 + * TargetVpnGateway: 500, 4500 + # This is a multi-resource resource reference (TargetHttp(s)Proxy, + # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, + # TargetInstance) + - !ruby/object:Api::Type::String + name: 'target' + required: true + description: | + The URL of the target resource to receive the matched traffic. + The forwarded traffic must be of a type appropriate to the target object. + For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and + addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid. + update_verb: :POST + update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setTarget' diff --git a/mmv1/products/compute/GlobalNetworkEndpoint.yaml b/mmv1/products/compute/GlobalNetworkEndpoint.yaml new file mode 100644 index 000000000000..6594960b470d --- /dev/null +++ b/mmv1/products/compute/GlobalNetworkEndpoint.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'GlobalNetworkEndpoint' +kind: 'compute#networkEndpoint' +base_url: 'projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}' +description: | + A Global Network endpoint represents a IP address and port combination that exists outside of GCP. + **NOTE**: Global network endpoints cannot be created outside of a + global network endpoint group. +immutable: true +create_verb: :POST +create_url: projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/attachNetworkEndpoints +delete_verb: :POST +delete_url: projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/detachNetworkEndpoints +read_verb: :POST +self_link: projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/listNetworkEndpoints +identity: + - ipAddress + - fqdn + - port +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - items +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'globalNetworkEndpointGroup' + resource: 'GlobalNetworkEndpointGroup' + imports: 'name' + description: | + The global network endpoint group this endpoint is part of. + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + Port number of the external endpoint. + required: true + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: | + IPv4 address external endpoint. + - !ruby/object:Api::Type::String + name: 'fqdn' + at_least_one_of: + - fqdn + - ip_address + description: | + Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. diff --git a/mmv1/products/compute/GlobalNetworkEndpointGroup.yaml b/mmv1/products/compute/GlobalNetworkEndpointGroup.yaml new file mode 100644 index 000000000000..22fb206f415f --- /dev/null +++ b/mmv1/products/compute/GlobalNetworkEndpointGroup.yaml @@ -0,0 +1,83 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'GlobalNetworkEndpointGroup' +kind: 'compute#networkEndpointGroup' +base_url: 'projects/{{project}}/global/networkEndpointGroups' +immutable: true +has_self_link: true +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +description: | + A global network endpoint group contains endpoints that reside outside of Google Cloud. + Currently a global network endpoint group can only support a single endpoint. + + Recreating a global network endpoint group that's in use by another resource will give a + `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` + to avoid this type of error. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Enum + name: 'networkEndpointType' + required: true + description: | + Type of network endpoints in this network endpoint group. + values: + - :INTERNET_IP_PORT + - :INTERNET_FQDN_PORT + - !ruby/object:Api::Type::Integer + name: 'defaultPort' + description: | + The default port used if the port number is not specified in the + network endpoint. diff --git a/mmv1/products/compute/HealthCheck.yaml b/mmv1/products/compute/HealthCheck.yaml new file mode 100644 index 000000000000..33a0b8a16449 --- /dev/null +++ b/mmv1/products/compute/HealthCheck.yaml @@ -0,0 +1,787 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'HealthCheck' +kind: 'compute#healthCheck' +base_url: projects/{{project}}/global/healthChecks +collection_url_key: 'items' +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/health-checks' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks' +description: | + Health Checks determine whether instances are responsive and able to do work. + They are an important part of a comprehensive load balancing configuration, + as they enable monitoring instances behind load balancers. + + Health Checks poll instances at a specified interval. Instances that + do not respond successfully to some number of probes in a row are marked + as unhealthy. No new connections are sent to unhealthy instances, + though existing connections will continue. The health check will + continue to poll unhealthy instances. If an instance later responds + successfully to some number of consecutive probes, it is marked + healthy again and can receive new connections. + + ~>**NOTE**: Legacy HTTP(S) health checks must be used for target pool-based network + load balancers. See the [official guide](https://cloud.google.com/load-balancing/docs/health-check-concepts#selecting_hc) + for choosing a type of health check. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Integer + name: 'checkIntervalSec' + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + send_empty_value: true + - !ruby/object:Api::Type::Integer + name: 'healthyThreshold' + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + default_value: 2 + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + - !ruby/object:Api::Type::Integer + name: 'timeoutSec' + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + default_value: 5 + - !ruby/object:Api::Type::Integer + name: 'unhealthyThreshold' + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + default_value: 2 + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + Specifies the type of the healthCheck, either TCP, SSL, HTTP or + HTTPS. If not specified, the default is TCP. Exactly one of the + protocol-specific health check field must be specified, which must + match type field. + values: + - :TCP + - :SSL + - :HTTP + - :HTTPS + - :HTTP2 + - !ruby/object:Api::Type::NestedObject + name: 'httpHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'host' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + - !ruby/object:Api::Type::String + name: 'requestPath' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The request path of the HTTP health check request. + The default value is /. + default_value: "/" + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The TCP port number for the HTTP health check request. + The default value is 80. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'httpsHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'host' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + - !ruby/object:Api::Type::String + name: 'requestPath' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The request path of the HTTPS health check request. + The default value is /. + default_value: "/" + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The TCP port number for the HTTPS health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'tcpHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'request' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + The TCP port number for the TCP health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'sslHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'request' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + The TCP port number for the SSL health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'http2HealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'host' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + - !ruby/object:Api::Type::String + name: 'requestPath' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The request path of the HTTP2 health check request. + The default value is /. + default_value: "/" + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The TCP port number for the HTTP2 health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'grpcHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::String + name: 'grpcServiceName' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + description: | + Configure logging on this health check. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + description: | + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + default_value: false diff --git a/mmv1/products/compute/HttpHealthCheck.yaml b/mmv1/products/compute/HttpHealthCheck.yaml new file mode 100644 index 000000000000..a7a33deaa998 --- /dev/null +++ b/mmv1/products/compute/HttpHealthCheck.yaml @@ -0,0 +1,110 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'HttpHealthCheck' +kind: 'compute#httpHealthCheck' +base_url: projects/{{project}}/global/httpHealthChecks +collection_url_key: 'items' +has_self_link: true +description: | + An HttpHealthCheck resource. This resource defines a template for how + individual VMs should be checked for health, via HTTP. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Adding Health Checks': 'https://cloud.google.com/compute/docs/load-balancing/health-checks#legacy_health_checks' + api: 'https://cloud.google.com/compute/docs/reference/v1/httpHealthChecks' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Integer + name: 'checkIntervalSec' + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'healthyThreshold' + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + - !ruby/object:Api::Type::String + name: 'host' + description: | + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + The TCP port number for the HTTP health check request. + The default value is 80. + - !ruby/object:Api::Type::String + name: 'requestPath' + description: | + The request path of the HTTP health check request. + The default value is /. + - !ruby/object:Api::Type::Integer + name: 'timeoutSec' + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + - !ruby/object:Api::Type::Integer + name: 'unhealthyThreshold' + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. diff --git a/mmv1/products/compute/HttpsHealthCheck.yaml b/mmv1/products/compute/HttpsHealthCheck.yaml new file mode 100644 index 000000000000..80d0d2a981dd --- /dev/null +++ b/mmv1/products/compute/HttpsHealthCheck.yaml @@ -0,0 +1,109 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'HttpsHealthCheck' +kind: 'compute#httpsHealthCheck' +base_url: projects/{{project}}/global/httpsHealthChecks +collection_url_key: 'items' +has_self_link: true +description: | + An HttpsHealthCheck resource. This resource defines a template for how + individual VMs should be checked for health, via HTTPS. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Adding Health Checks': 'https://cloud.google.com/compute/docs/load-balancing/health-checks#legacy_health_checks' + api: 'https://cloud.google.com/compute/docs/reference/v1/httpsHealthChecks' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Integer + name: 'checkIntervalSec' + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'healthyThreshold' + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + - !ruby/object:Api::Type::String + name: 'host' + description: | + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + The TCP port number for the HTTPS health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'requestPath' + description: | + The request path of the HTTPS health check request. + The default value is /. + - !ruby/object:Api::Type::Integer + name: 'timeoutSec' + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + - !ruby/object:Api::Type::Integer + name: 'unhealthyThreshold' + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. diff --git a/mmv1/products/compute/Image.yaml b/mmv1/products/compute/Image.yaml new file mode 100644 index 000000000000..69d3455eed22 --- /dev/null +++ b/mmv1/products/compute/Image.yaml @@ -0,0 +1,334 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Image' +kind: 'compute#image' +base_url: projects/{{project}}/global/images +immutable: true +has_self_link: true +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/images' + api: 'https://cloud.google.com/compute/docs/reference/v1/images' +description: | + Represents an Image resource. + + Google Compute Engine uses operating system images to create the root + persistent disks for your instances. You specify an image when you create + an instance. Images contain a boot loader, an operating system, and a + root file system. Linux operating system images are also capable of + running containers on Compute Engine. + + Images can be either public or custom. + + Public images are provided and maintained by Google, open-source + communities, and third-party vendors. By default, all projects have + access to these images and can use them to create instances. Custom + images are available only to your project. You can create a custom image + from root persistent disks and other images. Then, use the custom image + to create an instance. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Integer + name: 'archiveSizeBytes' + description: | + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + output: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'deprecated' + description: The deprecation status associated with this image. + output: true + properties: + - !ruby/object:Api::Type::Time + name: 'deleted' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DELETED. This is only + informational and the status will not change unless the client + explicitly changes it. + - !ruby/object:Api::Type::Time + name: 'deprecated' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DEPRECATED. This is only + informational and the status will not change unless the client + explicitly changes it. + - !ruby/object:Api::Type::Time + name: 'obsolete' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to OBSOLETE. This is only + informational and the status will not change unless the client + explicitly changes it. + - !ruby/object:Api::Type::String + name: 'replacement' + description: | + The URL of the suggested replacement for a deprecated resource. + The suggested replacement resource must be the same kind of + resource as the deprecated resource. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource + using a DEPRECATED resource will return successfully, but with a + warning indicating the deprecated resource and recommending its + replacement. Operations which use OBSOLETE or DELETED resources + will be rejected and result in an error. + values: + - :DEPRECATED + - :OBSOLETE + - :DELETED + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'diskSizeGb' + description: | + Size of the image when restored onto a persistent disk (in GB). + # TODO(alexstephen): Build family support. + # Families use a different API + - !ruby/object:Api::Type::String + name: 'family' + description: | + The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + - !ruby/object:Api::Type::Array + name: 'guestOsFeatures' + description: | + A list of features to enable on the guest operating system. + Applicable only for bootable images. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'type' + required: true + description: | + The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. + values: + - :MULTI_IP_SUBNET + - :SECURE_BOOT + - :SEV_CAPABLE + - :UEFI_COMPATIBLE + - :VIRTIO_SCSI_MULTIQUEUE + - :WINDOWS + - :GVNIC + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier + is defined by the server. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'imageEncryptionKey' + description: | + Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image) + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service + account is used. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels to apply to this Image. + update_verb: :POST + update_url: 'projects/{{project}}/global/images/{{name}}/setLabels' + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/global/images/{{name}}/setLabels' + update_verb: :POST + - !ruby/object:Api::Type::Array + name: 'licenses' + description: Any applicable license URI. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'license' + description: 'An applicable license URI' + resource: 'License' + imports: 'selfLink' + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'rawDisk' + description: The parameters of the raw disk image. + properties: + - !ruby/object:Api::Type::Enum + name: 'containerType' + description: | + The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. + values: + - :TAR + - !ruby/object:Api::Type::String + name: 'sha1Checksum' + description: | + An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + # TODO(alexstephen): Figure out cross-module ResourceRefs + - !ruby/object:Api::Type::String + name: 'source' + required: true + description: | + The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + - !ruby/object:Api::Type::ResourceRef + name: 'sourceDisk' + description: | + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + resource: 'Disk' + imports: 'selfLink' + - !ruby/object:Api::Type::NestedObject + name: 'sourceDiskEncryptionKey' + description: | + The customer-supplied encryption key of the source disk. Required if + the source disk is protected by a customer-supplied encryption key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + min_version: beta + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'sourceDiskId' + description: | + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + - !ruby/object:Api::Type::ResourceRef + name: 'sourceImage' + description: | + URL of the source image used to create this image. In order to create an image, you must provide the full or partial + URL of one of the following: + + * The selfLink URL + * This property + * The rawDisk.source URL + * The sourceDisk URL + resource: 'Image' + imports: 'selfLink' + - !ruby/object:Api::Type::ResourceRef + name: 'sourceSnapshot' + description: | + URL of the source snapshot used to create this image. + + In order to create an image, you must provide the full or partial URL of one of the following: + + * The selfLink URL + * This property + * The sourceImage URL + * The rawDisk.source URL + * The sourceDisk URL + resource: 'Snapshot' + imports: 'selfLink' + - !ruby/object:Api::Type::Enum + name: 'sourceType' + description: | + The type of the image used to create this disk. The default and + only value is RAW + values: + - :RAW + - !ruby/object:Api::Type::String + name: 'selfLink' + exclude: true + description: | + The self link of the image + - !ruby/object:Api::Type::Enum + name: 'status' + output: true + exclude: true + description: | + The status of the image. Either `READY` `PENDING` or `FAILED`. + values: + - :READY + - :PENDING + - :FAILED + # State is not applicable for state convergence. diff --git a/mmv1/products/compute/Instance.yaml b/mmv1/products/compute/Instance.yaml new file mode 100644 index 000000000000..8b402e5c338d --- /dev/null +++ b/mmv1/products/compute/Instance.yaml @@ -0,0 +1,591 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +kind: 'compute#instance' +base_url: projects/{{project}}/zones/{{zone}}/instances +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + An instance is a virtual machine (VM) hosted on Google's infrastructure. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'A reference to the zone where the machine resides.' + required: true +properties: + - !ruby/object:Api::Type::Boolean + name: 'canIpForward' + description: | + Allows this instance to send and receive packets with non-matching + destination or source IPs. This is required if you plan to use this + instance to forward routes. + - !ruby/object:Api::Type::String + name: 'cpuPlatform' + description: The CPU platform used by this instance. + output: true + - !ruby/object:Api::Type::String + name: 'creationTimestamp' + description: Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Boolean + name: 'deletionProtection' + description: Whether the resource should be protected against deletion. + # The code for this update is custom because MM doesn't support + # sending empty bodies + the new option as a request parameter. + update_verb: :POST + update_url: /projects/{{project}}/zones/{{zone}}/instances/{resourceId}/setDeletionProtection + - !ruby/object:Api::Type::Array + name: 'disks' + description: | + An array of disks that are associated with the instances that are + created from this template. + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Boolean + name: 'autoDelete' + description: | + Specifies whether the disk will be auto-deleted when the + instance is deleted (but not when the disk is detached from + the instance). + + Tip: Disks should be set to autoDelete=true + so that leftover disks are not left behind on machine + deletion. + - !ruby/object:Api::Type::Boolean + name: 'boot' + description: | + Indicates that this is a boot disk. The virtual machine will + use the first partition of the disk for its root filesystem. + - !ruby/object:Api::Type::String + name: 'deviceName' + description: | + Specifies a unique device name of your choice that is + reflected into the /dev/disk/by-id/google-* tree of a Linux + operating system running within the instance. This name can + be used to reference the device for mounting, resizing, and + so on, from within the instance. + - !ruby/object:Api::Type::NestedObject + name: 'diskEncryptionKey' + description: | + Encrypts or decrypts a disk using a customer-supplied + encryption key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, + encoded in RFC 4648 base64 to either encrypt or decrypt + this resource. + - !ruby/object:Api::Type::String + name: 'rsaEncryptedKey' + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped + 2048-bit customer-supplied encryption key to either + encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this + resource. + output: true + - !ruby/object:Api::Type::Integer + name: 'index' + description: | + Assigns a zero-based index to this disk, where 0 is + reserved for the boot disk. For example, if you have many + disks attached to an instance, each disk would have a + unique index number. If not specified, the server will + choose an appropriate value. + - !ruby/object:Api::Type::NestedObject + name: 'initializeParams' + description: | + Specifies the parameters for a new disk that will be + created alongside the new instance. Use initialization + parameters to create boot disks or local SSDs attached to + the new instance. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'diskName' + description: | + Specifies the disk name. If not specified, the default + is to use the name of the instance. + - !ruby/object:Api::Type::Integer + name: 'diskSizeGb' + description: Specifies the size of the disk in base-2 GB. + # diskStorageType - deprecated + - !ruby/object:Api::Type::ResourceRef + name: 'diskType' + description: | + Reference to a disk type. + Specifies the disk type to use to create the instance. + If not specified, the default is pd-standard. + resource: 'DiskType' + imports: 'selfLink' + - !ruby/object:Api::Type::String + name: 'sourceImage' + description: | + The source image to create this disk. When creating a + new instance, one of initializeParams.sourceImage or + disks.source is required. To create a disk with one of + the public operating system images, specify the image + by its family name. + - !ruby/object:Api::Type::NestedObject + name: 'sourceImageEncryptionKey' + description: | + The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to either encrypt + or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this + resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'interface' + description: | + Specifies the disk interface to use for attaching this + disk, which is either SCSI or NVME. The default is SCSI. + Persistent disks must always use SCSI and the request will + fail if you attempt to attach a persistent disk in any + other format than SCSI. + values: + - :SCSI + - :NVME + # Ignoring kind - It's a constant and we don't need it. + # TODO(alexstephen): Place in licenses - it's a Array of + # ResourceRefs + - !ruby/object:Api::Type::Enum + name: 'mode' + description: | + The mode in which to attach this disk, either READ_WRITE or + READ_ONLY. If not specified, the default is to attach the + disk in READ_WRITE mode. + values: + - :READ_WRITE + - :READ_ONLY + # This is the name, not selfLink of a disk. + - !ruby/object:Api::Type::ResourceRef + name: 'source' + resource: 'Disk' + imports: 'selfLink' + description: | + Reference to a disk. When creating a new instance, + one of initializeParams.sourceImage or disks.source is required. + + If desired, you can also attach existing non-root + persistent disks using this property. This field is only + applicable for persistent disks. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + Specifies the type of the disk, either SCRATCH or + PERSISTENT. If not specified, the default is PERSISTENT. + values: + - :SCRATCH + - :PERSISTENT + - !ruby/object:Api::Type::Array + name: 'licenses' + description: 'Any applicable publicly visible licenses.' + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::Array + name: 'guestAccelerators' + description: | + List of the type and count of accelerator cards attached to the + instance + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'acceleratorCount' + description: | + The number of the guest accelerator cards exposed to this + instance. + # TODO(alexstephen): Change to ResourceRef once AcceleratorType is + # created. + - !ruby/object:Api::Type::String + name: 'acceleratorType' + description: | + Full or partial URL of the accelerator type resource to expose + to this instance. + - !ruby/object:Api::Type::String + name: 'hostname' + description: | + The hostname of the instance to be created. The specified hostname + must be RFC1035 compliant. If hostname is not specified, the default + hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the + global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when + using zonal DNS. + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setLabels' + update_verb: :POST + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this instance. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setLabels' + # TODO(nelsonjr): Implement updating metadata *after* resource is created. + + # Expose instance 'metadata' as a simple name/value pair hash. However the API + # defines metadata as a NestedObject with the following layout: + # + # metadata { + # fingerprint: 'hash-of-last-metadata' + # items: [ + # { + # key: 'metadata1-key' + # value: 'metadata1-value' + # }, + # ... + # ] + # } + # + # Fingerprint is an optimistic locking mechanism for updates, which requires + # adding the 'fingerprint' of the last metadata to allow update. + # + # To comply with the API please add an encoder: and decoder: to the provider. + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + The metadata key/value pairs to assign to instances that are + created from this template. These pairs can consist of custom + metadata or predefined keys. + - !ruby/object:Api::Type::ResourceRef + name: 'machineType' + resource: 'MachineType' + imports: 'selfLink' + description: 'A reference to a machine type which defines VM kind.' + update_url: projects/{{project}}/zones/{{zone}}/instances/{{name}}/setMachineType + update_verb: :POST + # TODO(alexstephen): Add metadata + - !ruby/object:Api::Type::String + name: 'minCpuPlatform' + description: | + Specifies a minimum CPU platform for the VM instance. Applicable + values are the friendly names of CPU platforms + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the resource, provided by the client when initially + creating the resource. The resource name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 + characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a + lowercase letter, and all following characters must be a dash, + lowercase letter, or digit, except the last character, which cannot + be a dash. + - !ruby/object:Api::Type::Array + name: 'networkInterfaces' + description: | + An array of configurations for this interface. This specifies + how this interface is configured to interact with other + network services, such as connecting to the internet. Only + one network interface is supported per instance. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'accessConfigs' + description: | + An array of configurations for this interface. Currently, only + one access config, ONE_TO_ONE_NAT, is supported. If there are no + accessConfigs specified, then this instance will have no + external internet access. + item_type: !ruby/object:Api::Type::NestedObject + properties: + # 'kind' is not needed for object convergence + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of this access configuration. The + default and recommended name is External NAT but you can + use any arbitrary string you would like. For example, My + external IP or Network Access. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'natIP' + resource: 'Address' + imports: 'address' + description: | + Reference to an address. + An external IP address associated with this instance. + Specify an unused static external IP address available to + the project or leave this field undefined to use an IP + from a shared ephemeral IP address pool. If you specify a + static external IP address, it must live in the same + region as the zone of the instance. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + The type of configuration. The default and only option is + ONE_TO_ONE_NAT. + values: + - :ONE_TO_ONE_NAT + required: true + - !ruby/object:Api::Type::Boolean + name: 'setPublicPtr' + description: | + Specifies whether a public DNS PTR record should be + created to map the external IP address of the instance + to a DNS domain name. + - !ruby/object:Api::Type::String + name: 'publicPtrDomainName' + description: | + The DNS domain name for the public PTR record. You can + set this field only if the setPublicPtr field is + enabled. + - !ruby/object:Api::Type::Enum + name: 'networkTier' + description: | + This signifies the networking tier used for configuring + this access configuration. If an AccessConfig is + specified without a valid external IP address, an + ephemeral IP will be created with this networkTier. If an + AccessConfig with a valid external IP address is + specified, it must match that of the networkTier + associated with the Address resource owning that IP. + values: + - :PREMIUM + - :STANDARD + - !ruby/object:Api::Type::Array + name: 'aliasIpRanges' + description: | + An array of alias IP ranges for this network interface. Can + only be specified for network interfaces on subnet-mode + networks. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipCidrRange' + description: | + The IP CIDR range represented by this alias IP range. + This IP CIDR range must belong to the specified + subnetwork and cannot contain IP addresses reserved by + system or used by other network interfaces. This range + may be a single IP address (e.g. 10.2.3.4), a netmask + (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). + - !ruby/object:Api::Type::String + name: 'subnetworkRangeName' + description: | + Optional subnetwork secondary range name specifying + the secondary range from which to allocate the IP + CIDR range for this alias IP range. If left + unspecified, the primary range of the subnetwork will + be used. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the network interface, generated by the + server. For network devices, these are eth0, eth1, etc + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + Specifies the title of an existing network. When creating + an instance, if neither the network nor the subnetwork is specified, + the default network global/networks/default is used; if the network + is not specified but the subnetwork is specified, the network is + inferred. + - !ruby/object:Api::Type::String + name: 'networkIP' + description: | + An IPv4 internal network address to assign to the + instance for this network interface. If not specified + by the user, an unused internal IP is assigned by the + system. + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + Reference to a VPC network. + If the network resource is in legacy mode, do not + provide this property. If the network is in auto + subnet mode, providing the subnetwork is optional. If + the network is in custom subnet mode, then this field + should be specified. + # networkInterfaces.kind is not necessary for convergence. + - !ruby/object:Api::Type::NestedObject + name: 'scheduling' + description: Sets the scheduling options for this instance. + properties: + - !ruby/object:Api::Type::Boolean + name: 'automaticRestart' + description: | + Specifies whether the instance should be automatically restarted + if it is terminated by Compute Engine (not terminated by a user). + You can only set the automatic restart option for standard + instances. Preemptible instances cannot be automatically + restarted. + - !ruby/object:Api::Type::String + name: 'onHostMaintenance' + description: | + Defines the maintenance behavior for this instance. For standard + instances, the default behavior is MIGRATE. For preemptible + instances, the default and only possible behavior is TERMINATE. + For more information, see Setting Instance Scheduling Options. + - !ruby/object:Api::Type::Boolean + name: 'preemptible' + description: | + Defines whether the instance is preemptible. This can only be set + during instance creation, it cannot be set or changed after the + instance has been created. + - !ruby/object:Api::Type::Array + name: 'serviceAccounts' + description: | + A list of service accounts, with their specified scopes, authorized + for this instance. Only one service account per VM instance is + supported. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'email' + description: Email address of the service account. + - !ruby/object:Api::Type::Array + name: scopes + description: | + The list of scopes to be made available for this service + account. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'shieldedInstanceConfig' + description: Configuration for various parameters related to shielded instances. + # The code for this update method is custom because MM does not support + # sending just the nested properties + update_verb: :PATCH + update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig + properties: + - !ruby/object:Api::Type::Boolean + name: 'enableSecureBoot' + description: Defines whether the instance has Secure Boot enabled. + update_verb: :PATCH + update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig + - !ruby/object:Api::Type::Boolean + name: 'enableVtpm' + description: Defines whether the instance has the vTPM enabled + update_verb: :PATCH + update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig + - !ruby/object:Api::Type::Boolean + name: 'enableIntegrityMonitoring' + description: Defines whether the instance has integrity monitoring enabled. + update_verb: :PATCH + update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig + - !ruby/object:Api::Type::NestedObject + name: 'confidentialInstanceConfig' + description: 'Configuration for confidential computing (requires setting the machine type to any of the n2d-* types and a boot disk of type pd-ssd).' + properties: + - !ruby/object:Api::Type::Boolean + name: 'enableConfidentialCompute' + description: Enables confidential computing + - !ruby/object:Api::Type::Enum + name: 'status' + description: | + The status of the instance. One of the following values: + PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, + and TERMINATED. + + As a user, use RUNNING to keep a machine "on" and TERMINATED to + turn a machine off + # GCP API shows this as output: true. + # This is incorrect because you can make actions on the Instance (start, stop) + # In an idempotent world, the best way to express these actions is to + # change the status value. + output: false + values: + - :PROVISIONING + - :STAGING + - :RUNNING + - :STOPPING + - :SUSPENDING + - :SUSPENDED + - :TERMINATED + - !ruby/object:Api::Type::String + name: 'statusMessage' + description: An optional, human-readable explanation of the status. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'tags' + description: | + A list of tags to apply to this instance. Tags are used to identify + valid sources or targets for network firewalls and are specified by + the client during instance creation. The tags can be later modified + by the setTags method. Each tag within the list must comply with + RFC1035. + properties: + # TODO(alexstephen) Investigate bytes type + - !ruby/object:Api::Type::String + name: 'fingerprint' + description: | + Specifies a fingerprint for this request, which is essentially a + hash of the metadata's contents and used for optimistic locking. + The fingerprint is initially generated by Compute Engine and + changes after every request to modify or update metadata. You + must always provide an up-to-date fingerprint hash in order to + update or change metadata. + - !ruby/object:Api::Type::Array + name: 'items' + description: | + An array of tags. Each tag must be 1-63 characters long, and + comply with RFC1035. + item_type: Api::Type::String diff --git a/mmv1/products/compute/InstanceGroup.yaml b/mmv1/products/compute/InstanceGroup.yaml new file mode 100644 index 000000000000..1719f33ac86a --- /dev/null +++ b/mmv1/products/compute/InstanceGroup.yaml @@ -0,0 +1,127 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InstanceGroup' +kind: 'compute#instanceGroup' +base_url: projects/{{project}}/zones/{{zone}}/instanceGroups +collection_url_key: 'items' +has_self_link: true +description: | + Represents an Instance Group resource. Instance groups are self-managed + and can contain identical or different instances. Instance groups do not + use an instance template. Unlike managed instance groups, you must create + and add instances to an instance group manually. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +immutable: true +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'A reference to the zone where the instance group resides.' + required: true + - !ruby/object:Api::Type::Array + name: 'instances' + description: | + The list of instances associated with this InstanceGroup. + All instances must be created before being added to an InstanceGroup. + All instances not in this list will be removed from the InstanceGroup + and will not be deleted. + Only the full identifier of the instance will be returned. + exclude: true + item_type: !ruby/object:Api::Type::ResourceRef + name: 'instance' + description: 'An instance being added to the InstanceGroup' + resource: 'Instance' + imports: 'selfLink' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + # 'fingerprint' not applicable to state convergence. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'A unique identifier for this instance group.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the instance group. + The name must be 1-63 characters long, and comply with RFC1035. + - !ruby/object:Api::Type::Array + name: 'namedPorts' + description: | + Assigns a name to a port number. + For example: {name: "http", port: 80}. + + This allows the system to reference ports by the assigned name + instead of a port number. Named ports can also contain multiple + ports. + + For example: [{name: "http", port: 80},{name: "http", port: 8080}] + + Named ports apply to all instances in this instance group. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this named port. + The name must be 1-63 characters long, and comply with RFC1035. + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + The port number, which can be a value between 1 and 65535. + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The network to which all instances in the instance group belong. + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + description: | + The region where the instance group is located + (for regional resources). + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + The subnetwork to which all instances in the instance group belong. diff --git a/mmv1/products/compute/InstanceGroupManager.yaml b/mmv1/products/compute/InstanceGroupManager.yaml new file mode 100644 index 000000000000..c4609ca54690 --- /dev/null +++ b/mmv1/products/compute/InstanceGroupManager.yaml @@ -0,0 +1,212 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InstanceGroupManager' +kind: 'compute#instanceGroupManager' +base_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers +collection_url_key: 'items' +has_self_link: true +description: | + Creates a managed instance group using the information that you specify in + the request. After the group is created, it schedules an action to create + instances in the group using the specified instance template. This + operation is marked as DONE when the group is created even if the + instances in the group have not yet been created. You must separately + verify the status of the individual instances. + + A managed instance group can have up to 1000 VM instances per group. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'The zone the managed instance group resides.' + required: true +properties: + - !ruby/object:Api::Type::String + name: 'baseInstanceName' + description: | + The base instance name to use for instances in this group. The value + must be 1-58 characters long. Instances are named by appending a + hyphen and a random four-character string to the base instance name. + The base instance name must comply with RFC1035. + required: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + The creation timestamp for this managed instance group in RFC3339 + text format. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'currentActions' + description: | + The list of instance actions and the number of instances in this + managed instance group that are scheduled for each of those actions. + properties: + - !ruby/object:Api::Type::Integer + name: 'abandoning' + description: | + The total number of instances in the managed instance group that + are scheduled to be abandoned. Abandoning an instance removes it + from the managed instance group without deleting it. + output: true + - !ruby/object:Api::Type::Integer + name: 'creating' + description: | + The number of instances in the managed instance group that are + scheduled to be created or are currently being created. If the + group fails to create any of these instances, it tries again until + it creates the instance successfully. + + If you have disabled creation retries, this field will not be + populated; instead, the creatingWithoutRetries field will be + populated. + output: true + - !ruby/object:Api::Type::Integer + name: 'creatingWithoutRetries' + description: | + The number of instances that the managed instance group will + attempt to create. The group attempts to create each instance only + once. If the group fails to create any of these instances, it + decreases the group's targetSize value accordingly. + output: true + - !ruby/object:Api::Type::Integer + name: 'deleting' + description: | + The number of instances in the managed instance group that are + scheduled to be deleted or are currently being deleted. + output: true + - !ruby/object:Api::Type::Integer + name: 'none' + description: | + The number of instances in the managed instance group that are + running and have no scheduled actions. + output: true + - !ruby/object:Api::Type::Integer + name: 'recreating' + description: | + The number of instances in the managed instance group that are + scheduled to be recreated or are currently being being recreated. + Recreating an instance deletes the existing root persistent disk + and creates a new disk from the image that is defined in the + instance template. + output: true + - !ruby/object:Api::Type::Integer + name: 'refreshing' + description: | + The number of instances in the managed instance group that are + being reconfigured with properties that do not require a restart + or a recreate action. For example, setting or removing target + pools for the instance. + output: true + - !ruby/object:Api::Type::Integer + name: 'restarting' + description: | + The number of instances in the managed instance group that are + scheduled to be restarted or are currently being restarted. + output: true + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + immutable: true + # fingerprint ignored as it is an internal locking detail + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'A unique identifier for this resource' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'instanceGroup' + resource: 'InstanceGroup' + imports: 'selfLink' + description: 'The instance group being managed' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'instanceTemplate' + resource: 'InstanceTemplate' + imports: 'selfLink' + description: | + The instance template that is specified for this managed instance + group. The group uses this template to create all new instances in the + managed instance group. + required: true + # kind is internal transport detail + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the managed instance group. The name must be 1-63 + characters long, and comply with RFC1035. + required: true + # TODO(nelsonjr): Make namedPorts a NameValue(name[string], port[integer]) + - !ruby/object:Api::Type::Array + name: 'namedPorts' + description: + Named ports configured for the Instance Groups complementary to this + Instance Group Manager. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this named port. The name must be 1-63 characters + long, and comply with RFC1035. + - !ruby/object:Api::Type::Integer + name: 'port' + description: + The port number, which can be a value between 1 and 65535. + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + description: | + The region this managed instance group resides + (for regional resources). + output: true + - !ruby/object:Api::Type::Array + name: 'targetPools' + description: | + TargetPool resources to which instances in the instanceGroup field are + added. The target pools automatically apply to all of the instances in + the managed instance group. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'targetPool' + description: 'The targetPool to receive managed instances.' + resource: 'TargetPool' + imports: 'selfLink' + - !ruby/object:Api::Type::Integer + name: 'targetSize' + description: | + The target number of running instances for this managed instance + group. Deleting or abandoning instances reduces this number. Resizing + the group changes this number. diff --git a/mmv1/products/compute/InstanceGroupNamedPort.yaml b/mmv1/products/compute/InstanceGroupNamedPort.yaml new file mode 100644 index 000000000000..faae21ad0513 --- /dev/null +++ b/mmv1/products/compute/InstanceGroupNamedPort.yaml @@ -0,0 +1,85 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InstanceGroupNamedPort' +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' +self_link: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' +immutable: true +description: | + Mange the named ports setting for a managed instance group without + managing the group as whole. This resource is primarily intended for use + with GKE-generated groups that shouldn't otherwise be managed by other + tools. +create_verb: :POST +create_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/setNamedPorts' +delete_verb: :POST +delete_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/setNamedPorts' +identity: + - port + - name +nested_query: !ruby/object:Api::Resource::NestedQuery + modify_by_patch: true + keys: + - namedPorts +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroup' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'group' + resource: 'InstanceGroup' + imports: 'name' + required: true + url_param_only: true + description: | + The name of the instance group. + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + required: true + url_param_only: true + description: | + The zone of the instance group. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name for this named port. The name must be 1-63 characters + long, and comply with RFC1035. + - !ruby/object:Api::Type::Integer + name: 'port' + required: true + description: + The port number, which can be a value between 1 and 65535. diff --git a/mmv1/products/compute/InstanceTemplate.yaml b/mmv1/products/compute/InstanceTemplate.yaml new file mode 100644 index 000000000000..1fd68bb81d3a --- /dev/null +++ b/mmv1/products/compute/InstanceTemplate.yaml @@ -0,0 +1,523 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InstanceTemplate' +kind: 'compute#instanceTemplate' +immutable: true +base_url: projects/{{project}}/global/instanceTemplates +collection_url_key: 'items' +has_self_link: true +description: | + Defines an Instance Template resource that provides configuration settings + for your virtual machine instances. Instance templates are not tied to the + lifetime of an instance and can be used and reused as to deploy virtual + machines. You can also use different templates to create different virtual + machine configurations. Instance templates are required when you create a + managed instance group. + + Tip: Disks should be set to autoDelete=true + so that leftover disks are not left behind on machine deletion. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier + is defined by the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. The name is 1-63 characters long + and complies with RFC1035. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'properties' + description: 'The instance properties for this instance template.' + properties: + - !ruby/object:Api::Type::Boolean + name: 'canIpForward' + description: | + Enables instances created based on this template to send packets + with source IP addresses other than their own and receive packets + with destination IP addresses other than their own. If these + instances will be used as an IP gateway or it will be set as the + next-hop in a Route resource, specify true. If unsure, leave this + set to false. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional text description for the instances that are created + from this instance template. + - !ruby/object:Api::Type::Array + name: 'disks' + description: | + An array of disks that are associated with the instances that are + created from this template. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'licenses' + description: Any applicable license URI. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::Boolean + name: 'autoDelete' + description: | + Specifies whether the disk will be auto-deleted when the + instance is deleted (but not when the disk is detached from + the instance). + + Tip: Disks should be set to autoDelete=true + so that leftover disks are not left behind on machine + deletion. + - !ruby/object:Api::Type::Boolean + name: 'boot' + description: | + Indicates that this is a boot disk. The virtual machine will + use the first partition of the disk for its root filesystem. + - !ruby/object:Api::Type::String + name: 'deviceName' + description: | + Specifies a unique device name of your choice that is + reflected into the /dev/disk/by-id/google-* tree of a Linux + operating system running within the instance. This name can + be used to reference the device for mounting, resizing, and + so on, from within the instance. + - !ruby/object:Api::Type::NestedObject + name: 'diskEncryptionKey' + description: | + Encrypts or decrypts a disk using a customer-supplied + encryption key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, + encoded in RFC 4648 base64 to either encrypt or decrypt + this resource. + - !ruby/object:Api::Type::String + name: 'rsaEncryptedKey' + description: | + Specifies an RFC 4648 base64 encoded, RSA-wrapped + 2048-bit customer-supplied encryption key to either + encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this + resource. + output: true + - !ruby/object:Api::Type::Integer + name: 'index' + description: | + Assigns a zero-based index to this disk, where 0 is + reserved for the boot disk. For example, if you have many + disks attached to an instance, each disk would have a + unique index number. If not specified, the server will + choose an appropriate value. + - !ruby/object:Api::Type::NestedObject + name: 'initializeParams' + description: | + Specifies the parameters for a new disk that will be + created alongside the new instance. Use initialization + parameters to create boot disks or local SSDs attached to + the new instance. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'diskName' + description: | + Specifies the disk name. If not specified, the default + is to use the name of the instance. + - !ruby/object:Api::Type::Integer + name: 'diskSizeGb' + description: Specifies the size of the disk in base-2 GB. + # diskStorageType - deprecated + - !ruby/object:Api::Type::ResourceRef + name: 'diskType' + description: | + Reference to a disk type. + Specifies the disk type to use to create the instance. + If not specified, the default is pd-standard. + resource: 'DiskType' + imports: 'selfLink' + - !ruby/object:Api::Type::String + name: 'sourceImage' + description: | + The source image to create this disk. When creating a + new instance, one of initializeParams.sourceImage or + disks.source is required. To create a disk with one of + the public operating system images, specify the image + by its family name. + - !ruby/object:Api::Type::NestedObject + name: 'sourceImageEncryptionKey' + description: | + The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to either encrypt + or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this + resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'interface' + description: | + Specifies the disk interface to use for attaching this + disk, which is either SCSI or NVME. The default is SCSI. + Persistent disks must always use SCSI and the request will + fail if you attempt to attach a persistent disk in any + other format than SCSI. + values: + - :SCSI + - :NVME + # Ignoring kind - It's a constant and we don't need it. + # TODO(alexstephen): Place in licenses - it's a Array of + # ResourceRefs + - !ruby/object:Api::Type::Enum + name: 'mode' + description: | + The mode in which to attach this disk, either READ_WRITE or + READ_ONLY. If not specified, the default is to attach the + disk in READ_WRITE mode. + values: + - :READ_WRITE + - :READ_ONLY + # This is the name, not selfLink of a disk. + - !ruby/object:Api::Type::ResourceRef + name: 'source' + resource: 'Disk' + imports: 'name' + description: | + Reference to a disk. When creating a new instance, + one of initializeParams.sourceImage or disks.source is required. + + If desired, you can also attach existing non-root + persistent disks using this property. This field is only + applicable for persistent disks. + + Note that for InstanceTemplate, specify the disk name, not + the URL for the disk. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + Specifies the type of the disk, either SCRATCH or + PERSISTENT. If not specified, the default is PERSISTENT. + values: + - :SCRATCH + - :PERSISTENT + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels to apply to this address. A list of key->value pairs. + # This machineType seems to be the shortname. + # This is because machineType selfLinks are zone specific. + - !ruby/object:Api::Type::ResourceRef + name: 'machineType' + description: | + The machine type to use in the VM instance template. + # InstanceTemplates take a name. Instances take a self-link + required: true + resource: 'MachineType' + imports: 'name' + - !ruby/object:Api::Type::String + name: 'minCpuPlatform' + description: | + Specifies a minimum CPU platform for the VM instance. Applicable + values are the friendly names of CPU platforms + # TODO(nelsonjr): Implement updating metadata *after* resource is created. + + # Expose instance 'metadata' as a simple name/value pair hash. However the API + # defines metadata as a NestedObject with the following layout: + # + # metadata { + # fingerprint: 'hash-of-last-metadata' + # items: [ + # { + # key: 'metadata1-key' + # value: 'metadata1-value' + # }, + # ... + # ] + # } + # + # Fingerprint is an optimistic locking mechanism for updates, which requires + # adding the 'fingerprint' of the last metadata to allow update. + # + # To comply with the API please add an encoder: and decoder: to the provider. + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + The metadata key/value pairs to assign to instances that are + created from this template. These pairs can consist of custom + metadata or predefined keys. + - !ruby/object:Api::Type::Array + name: 'guestAccelerators' + description: | + List of the type and count of accelerator cards attached to the + instance + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'acceleratorCount' + description: | + The number of the guest accelerator cards exposed to this + instance. + # TODO(alexstephen): Change to ResourceRef once AcceleratorType is + # created. + - !ruby/object:Api::Type::String + name: 'acceleratorType' + description: | + Full or partial URL of the accelerator type resource to expose + to this instance. + - !ruby/object:Api::Type::Array + name: 'networkInterfaces' + description: | + An array of configurations for this interface. This specifies + how this interface is configured to interact with other + network services, such as connecting to the internet. Only + one network interface is supported per instance. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'accessConfigs' + description: | + An array of configurations for this interface. Currently, only + one access config, ONE_TO_ONE_NAT, is supported. If there are no + accessConfigs specified, then this instance will have no + external internet access. + item_type: !ruby/object:Api::Type::NestedObject + properties: + # 'kind' is not needed for object convergence + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of this access configuration. The + default and recommended name is External NAT but you can + use any arbitrary string you would like. For example, My + external IP or Network Access. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'natIP' + resource: 'Address' + imports: 'address' + description: | + Reference to an address. + An external IP address associated with this instance. + Specify an unused static external IP address available to + the project or leave this field undefined to use an IP + from a shared ephemeral IP address pool. If you specify a + static external IP address, it must live in the same + region as the zone of the instance. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + The type of configuration. The default and only option is + ONE_TO_ONE_NAT. + values: + - :ONE_TO_ONE_NAT + required: true + - !ruby/object:Api::Type::Boolean + name: 'setPublicPtr' + description: | + Specifies whether a public DNS PTR record should be + created to map the external IP address of the instance + to a DNS domain name. + - !ruby/object:Api::Type::String + name: 'publicPtrDomainName' + description: | + The DNS domain name for the public PTR record. You can + set this field only if the setPublicPtr field is + enabled. + - !ruby/object:Api::Type::Enum + name: 'networkTier' + description: | + This signifies the networking tier used for configuring + this access configuration. If an AccessConfig is + specified without a valid external IP address, an + ephemeral IP will be created with this networkTier. If an + AccessConfig with a valid external IP address is + specified, it must match that of the networkTier + associated with the Address resource owning that IP. + values: + - :PREMIUM + - :STANDARD + - !ruby/object:Api::Type::Array + name: 'aliasIpRanges' + description: | + An array of alias IP ranges for this network interface. Can + only be specified for network interfaces on subnet-mode + networks. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipCidrRange' + description: | + The IP CIDR range represented by this alias IP range. + This IP CIDR range must belong to the specified + subnetwork and cannot contain IP addresses reserved by + system or used by other network interfaces. This range + may be a single IP address (e.g. 10.2.3.4), a netmask + (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). + - !ruby/object:Api::Type::String + name: 'subnetworkRangeName' + description: | + Optional subnetwork secondary range name specifying + the secondary range from which to allocate the IP + CIDR range for this alias IP range. If left + unspecified, the primary range of the subnetwork will + be used. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the network interface, generated by the + server. For network devices, these are eth0, eth1, etc + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + Specifies the title of an existing network. When creating + an instance, if neither the network nor the subnetwork is specified, + the default network global/networks/default is used; if the network + is not specified but the subnetwork is specified, the network is + inferred. + - !ruby/object:Api::Type::String + name: 'networkIP' + description: | + An IPv4 internal network address to assign to the + instance for this network interface. If not specified + by the user, an unused internal IP is assigned by the + system. + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + Reference to a VPC network. + If the network resource is in legacy mode, do not + provide this property. If the network is in auto + subnet mode, providing the subnetwork is optional. If + the network is in custom subnet mode, then this field + should be specified. + # networkInterfaces.kind is not necessary for convergence. + - !ruby/object:Api::Type::NestedObject + name: 'scheduling' + description: Sets the scheduling options for this instance. + properties: + - !ruby/object:Api::Type::Boolean + name: 'automaticRestart' + description: | + Specifies whether the instance should be automatically restarted + if it is terminated by Compute Engine (not terminated by a user). + You can only set the automatic restart option for standard + instances. Preemptible instances cannot be automatically + restarted. + - !ruby/object:Api::Type::String + name: 'onHostMaintenance' + description: | + Defines the maintenance behavior for this instance. For standard + instances, the default behavior is MIGRATE. For preemptible + instances, the default and only possible behavior is TERMINATE. + For more information, see Setting Instance Scheduling Options. + - !ruby/object:Api::Type::Boolean + name: 'preemptible' + description: | + Defines whether the instance is preemptible. This can only be set + during instance creation, it cannot be set or changed after the + instance has been created. + - !ruby/object:Api::Type::Array + name: 'serviceAccounts' + description: | + A list of service accounts, with their specified scopes, authorized + for this instance. Only one service account per VM instance is + supported. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'email' + description: Email address of the service account. + - !ruby/object:Api::Type::Array + name: scopes + description: | + The list of scopes to be made available for this service + account. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'tags' + description: | + A list of tags to apply to this instance. Tags are used to identify + valid sources or targets for network firewalls and are specified by + the client during instance creation. The tags can be later modified + by the setTags method. Each tag within the list must comply with + RFC1035. + properties: + # TODO(alexstephen) Investigate bytes type + - !ruby/object:Api::Type::String + name: 'fingerprint' + description: | + Specifies a fingerprint for this request, which is essentially a + hash of the metadata's contents and used for optimistic locking. + The fingerprint is initially generated by Compute Engine and + changes after every request to modify or update metadata. You + must always provide an up-to-date fingerprint hash in order to + update or change metadata. + - !ruby/object:Api::Type::Array + name: 'items' + description: | + An array of tags. Each tag must be 1-63 characters long, and + comply with RFC1035. + item_type: Api::Type::String diff --git a/mmv1/products/compute/InterconnectAttachment.yaml b/mmv1/products/compute/InterconnectAttachment.yaml new file mode 100644 index 000000000000..3cda7a8fbcce --- /dev/null +++ b/mmv1/products/compute/InterconnectAttachment.yaml @@ -0,0 +1,279 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InterconnectAttachment' +kind: 'compute#interconnectAttachment' +base_url: 'projects/{{project}}/regions/{{region}}/interconnectAttachments' +collection_url_key: 'items' +update_verb: :PATCH +has_self_link: true +description: | + Represents an InterconnectAttachment (VLAN attachment) resource. For more + information, see Creating VLAN Attachments. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + required: true + description: | + Region where the regional interconnect attachment resides. +properties: + - !ruby/object:Api::Type::Boolean + name: 'adminEnabled' + send_empty_value: true + default_value: true + description: | + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment + - !ruby/object:Api::Type::String + name: 'cloudRouterIpAddress' + description: | + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + output: true + - !ruby/object:Api::Type::String + name: 'customerRouterIpAddress' + description: | + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + output: true + - !ruby/object:Api::Type::String + name: 'interconnect' + immutable: true + description: | + URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::String + name: 'mtu' + description: | + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + - !ruby/object:Api::Type::Enum + name: 'bandwidth' + description: | + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G + values: + - :BPS_50M + - :BPS_100M + - :BPS_200M + - :BPS_300M + - :BPS_400M + - :BPS_500M + - :BPS_1G + - :BPS_2G + - :BPS_5G + - :BPS_10G + - :BPS_20G + - :BPS_50G + - !ruby/object:Api::Type::String + name: 'edgeAvailabilityDomain' + immutable: true + description: | + Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + - !ruby/object:Api::Type::String + name: 'pairingKey' + description: | + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain" + output: true + - !ruby/object:Api::Type::String + name: 'partnerAsn' + description: | + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'privateInterconnectInfo' + description: | + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + output: true + properties: + - !ruby/object:Api::Type::Integer + name: tag8021q + description: | + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + output: true + - !ruby/object:Api::Type::Enum + name: 'type' + immutable: true + description: | + The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. + values: + - :DEDICATED + - :PARTNER + - :PARTNER_PROVIDER + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + [Output Only] The current state of this attachment's functionality. + values: + - :ACTIVE + - :DEFUNCT + - :PARTNER_REQUEST_RECEIVED + - :PENDING_CUSTOMER + - :PENDING_PARTNER + - :STATE_UNSPECIFIED + output: true + - !ruby/object:Api::Type::String + name: 'googleReferenceId' + description: | + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + output: true + - !ruby/object:Api::Type::String + name: 'operationalStatus' + description: | + The current status of whether or not this interconnect attachment + is functional. + output: true + exclude: true + - !ruby/object:Api::Type::ResourceRef + name: 'router' + resource: 'Router' + imports: 'selfLink' + description: | + URL of the cloud router to be used for dynamic routing. This router must be in + the same region as this InterconnectAttachment. The InterconnectAttachment will + automatically connect the Interconnect to the network & region within which the + Cloud Router is configured. + required: true + immutable: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'id' + description: | + The unique identifier for the resource. This identifier is + defined by the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is created. The + name must be 1-63 characters long, and comply with RFC1035. Specifically, the + name must be 1-63 characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a + lowercase letter, and all following characters must be a dash, lowercase + letter, or digit, except the last character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::Array + name: candidateSubnets + immutable: true + description: | + Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: vlanTag8021q + immutable: true + description: | + The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + - !ruby/object:Api::Type::Array + name: 'ipsecInternalAddresses' + description: | + URL of addresses that have been reserved for the interconnect attachment, + Used only for interconnect attachment that has the encryption option as + IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA VPN + gateway over the interconnect attachment, if the attachment is configured + to use an RFC 1918 IP address, then the VPN gateway's IP address will be + allocated from the IP address range specified here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN gateway + interface 0 will be allocated from the IP address specified for this + interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on this + interconnect attachment, the HA VPN gateway's IP address will be + allocated from regional external IP address pool. + immutable: true + item_type: !ruby/object:Api::Type::ResourceRef + name: 'ipsecInternalAddress' + resource: 'Address' + imports: 'selfLink' + description: | + URL of an address that has been reserved for the interconnect + attachment. + - !ruby/object:Api::Type::Enum + name: 'encryption' + description: | + Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. + immutable: true + values: + - :NONE + - :IPSEC + default_value: :NONE diff --git a/mmv1/products/compute/License.yaml b/mmv1/products/compute/License.yaml new file mode 100644 index 000000000000..452897ab19c4 --- /dev/null +++ b/mmv1/products/compute/License.yaml @@ -0,0 +1,37 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'License' +kind: 'compute#license' +base_url: /projects/{{project}}/global/licenses +collection_url_key: 'items' +readonly: true +has_self_link: true +description: | + A License resource represents a software license. Licenses are used to + track software usage in images, persistent disks, snapshots, and virtual + machine instances. +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. The name is 1-63 characters long + and complies with RFC1035. + output: true + - !ruby/object:Api::Type::Boolean + name: 'chargesUseFee' + description: | + If true, the customer will be charged license fee for + running software that contains this license on an instance. + output: true diff --git a/mmv1/products/compute/MachineImage.yaml b/mmv1/products/compute/MachineImage.yaml new file mode 100644 index 000000000000..16b1871fbdb8 --- /dev/null +++ b/mmv1/products/compute/MachineImage.yaml @@ -0,0 +1,101 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'MachineImage' +kind: 'compute#machineImage' +base_url: projects/{{project}}/global/machineImages +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a Machine Image resource. Machine images store all the configuration, + metadata, permissions, and data from one or more disks required to create a + Virtual machine (VM) instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/machine-images' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/machineImages' +min_version: beta +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: name + description: 'Name of the resource.' + required: true + - !ruby/object:Api::Type::String + name: description + description: 'A text description of the resource.' + - !ruby/object:Api::Type::ResourceRef + name: sourceInstance + description: 'The source instance used to create the machine image. You can provide this as a partial or full URL to the resource.' + resource: 'Instance' + imports: 'selfLink' + required: true + - !ruby/object:Api::Type::Array + name: 'storageLocations' + description: | + The regional or multi-regional Cloud Storage bucket location where the machine image is stored. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::Boolean + name: guestFlush + description: | + Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + - !ruby/object:Api::Type::NestedObject + name: 'machineImageEncryptionKey' + description: | + Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image) + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. diff --git a/mmv1/products/compute/MachineType.yaml b/mmv1/products/compute/MachineType.yaml new file mode 100644 index 000000000000..9f8405b61e6c --- /dev/null +++ b/mmv1/products/compute/MachineType.yaml @@ -0,0 +1,121 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'MachineType' +kind: 'compute#machineType' +base_url: projects/{{project}}/zones/{{zone}}/machineTypes +collection_url_key: 'items' +has_self_link: true +readonly: true +description: | + Represents a MachineType resource. Machine types determine the virtualized + hardware specifications of your virtual machine instances, such as the + amount of memory or number of virtual CPUs. +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'deprecated' + description: 'The deprecation status associated with this machine type.' + properties: + - !ruby/object:Api::Type::Time + name: 'deleted' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DELETED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - !ruby/object:Api::Type::Time + name: 'deprecated' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DEPRECATED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - !ruby/object:Api::Type::Time + name: 'obsolete' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to OBSOLETE. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - !ruby/object:Api::Type::String + name: 'replacement' + description: | + The URL of the suggested replacement for a deprecated resource. + The suggested replacement resource must be the same kind of + resource as the deprecated resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource + using a DEPRECATED resource will return successfully, but with a + warning indicating the deprecated resource and recommending its + replacement. Operations which use OBSOLETE or DELETED resources + will be rejected and result in an error. + values: + - :DEPRECATED + - :OBSOLETE + - :DELETED + output: true + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional textual description of the resource.' + output: true + - !ruby/object:Api::Type::Integer + name: 'guestCpus' + description: | + The number of virtual CPUs that are available to the instance. + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Boolean + name: 'isSharedCpu' + description: | + Whether this machine type has a shared CPU. See Shared-core machine + types for more information. + output: true + - !ruby/object:Api::Type::Integer + name: 'maximumPersistentDisks' + description: 'Maximum persistent disks allowed.' + output: true + - !ruby/object:Api::Type::Integer + name: 'maximumPersistentDisksSizeGb' + description: 'Maximum total persistent disks size (GB) allowed.' + output: true + - !ruby/object:Api::Type::Integer + name: 'memoryMb' + description: | + The amount of physical memory available to the instance, defined in + MB. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the resource.' + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'The zone the machine type is defined.' + required: true diff --git a/mmv1/products/compute/ManagedSslCertificate.yaml b/mmv1/products/compute/ManagedSslCertificate.yaml new file mode 100644 index 000000000000..490c2333af12 --- /dev/null +++ b/mmv1/products/compute/ManagedSslCertificate.yaml @@ -0,0 +1,107 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ManagedSslCertificate' +kind: 'compute#sslCertificate' +base_url: projects/{{project}}/global/sslCertificates +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates' +immutable: true +has_self_link: true +description: | + An SslCertificate resource, used for HTTPS load balancing. This resource + represents a certificate for which the certificate secrets are created and + managed by Google. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 30 + update_minutes: 30 + # Deletes can take 20-30 minutes to complete, since they depend + # on the provisioning process either succeeding or failing completely. + delete_minutes: 30 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::NestedObject + name: 'managed' + description: | + Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of `MANAGED` in `type`). + properties: + - !ruby/object:Api::Type::Array + name: 'domains' + description: | + Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + max_size: 100 + item_type: Api::Type::String + required: true + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + Enum field whose value is always `MANAGED` - used to signal to the API + which type this is. + values: + - :MANAGED + default_value: :MANAGED + - !ruby/object:Api::Type::Array + name: 'subjectAlternativeNames' + description: | + Domains associated with the certificate via Subject Alternative Name. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::Time + name: 'expireTime' + description: | + Expire time of the certificate in RFC3339 text format. + output: true diff --git a/mmv1/products/compute/Network.yaml b/mmv1/products/compute/Network.yaml new file mode 100644 index 000000000000..2bc5bf57df5d --- /dev/null +++ b/mmv1/products/compute/Network.yaml @@ -0,0 +1,181 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Network' +kind: 'compute#network' +base_url: projects/{{project}}/global/networks +collection_url_key: 'items' +immutable: true +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks' +description: | + Manages a VPC network or legacy network resource on GCP. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. The resource must be + recreated to modify this field. + immutable: true + - !ruby/object:Api::Type::String + name: 'gateway_ipv4' + # We override this in api.yaml so that the name is more aesthetic + api_name: 'gatewayIPv4' + output: true + description: | + The gateway address for default routing out of the network. This value + is selected by GCP. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Array + # TODO: Change subnetworks to ResourceRef + name: 'subnetworks' + description: | + Server-defined fully-qualified URLs for all subnetworks in this + network. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::Boolean + name: 'autoCreateSubnetworks' + description: | + When set to `true`, the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + `10.128.0.0/9` address range. + + When set to `false`, the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + immutable: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'routingConfig' + update_verb: :PATCH + update_url: projects/{{project}}/global/networks/{{name}} + description: | + The network-level routing configuration for this network. Used by Cloud + Router to determine what type of network-wide routing behavior to + enforce. + properties: + - !ruby/object:Api::Type::Enum + name: 'routingMode' + required: true + description: | + The network-wide routing mode to use. If set to `REGIONAL`, this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to `GLOBAL`, + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. + values: + - :REGIONAL + - :GLOBAL + - !ruby/object:Api::Type::Array + name: 'peerings' + # This is only used in InSpec, handled via fine-grained in Terraform + exclude: true + output: true + description: | + Peerings for a network + item_type: !ruby/object:Api::Type::NestedObject + name: subnetworks + description: The subnetworks that should be mirrored. + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the peering. + - !ruby/object:Api::Type::String + name: 'state' + description: | + State of the peering. + - !ruby/object:Api::Type::String + name: 'stateDetails' + description: | + Details about the current state of the peering. + - !ruby/object:Api::Type::String + name: 'network' + description: | + URL of the peer network + - !ruby/object:Api::Type::Boolean + name: 'exportCustomRoutes' + description: | + Whether to export the custom routes to the peer network. + - !ruby/object:Api::Type::Boolean + name: 'importCustomRoutes' + description: | + Whether to import the custom routes to the peer network. + - !ruby/object:Api::Type::Integer + name: 'peerMtu' + description: | + Maximum Transmission Unit in bytes. + - !ruby/object:Api::Type::Integer + name: 'mtu' + description: | + Maximum Transmission Unit in bytes. The default value is 1460 bytes. + The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). + Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped + with an ICMP `Fragmentation-Needed` message if the packets are routed to the Internet or other VPCs + with varying MTUs. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'enableUlaInternalIpv6' + description: | + Enable ULA internal ipv6 on this network. Enabling this feature will assign + a /48 from google defined ULA prefix fd20::/20. + immutable: true + - !ruby/object:Api::Type::String + name: 'internalIpv6Range' + description: | + When enabling ula internal ipv6, caller optionally can specify the /48 range + they want from the google defined ULA prefix fd20::/20. The input must be a + valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will + fail if the speficied /48 is already in used by another resource. + If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. + immutable: true diff --git a/mmv1/products/compute/NetworkEndpoint.yaml b/mmv1/products/compute/NetworkEndpoint.yaml new file mode 100644 index 000000000000..d3733d700042 --- /dev/null +++ b/mmv1/products/compute/NetworkEndpoint.yaml @@ -0,0 +1,98 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'NetworkEndpoint' +kind: 'compute#networkEndpoint' +base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}' +description: | + A Network endpoint represents a IP address and port combination that is + part of a specific network endpoint group (NEG). NEGs are zonal + collections of these endpoints for GCP resources within a + single subnet. **NOTE**: Network endpoints cannot be created outside of a + network endpoint group. +immutable: true +create_verb: :POST +create_url: projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/attachNetworkEndpoints +delete_verb: :POST +delete_url: projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/detachNetworkEndpoints +read_verb: :POST +self_link: projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/listNetworkEndpoints +identity: + - instance + - ipAddress + - port +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - items +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: | + Zone where the containing network endpoint group is located. + required: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: 'networkEndpointGroup' + resource: 'NetworkEndpointGroup' + imports: 'name' + description: | + The network endpoint group this endpoint is part of. + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::ResourceRef + name: 'instance' + resource: 'Instance' + imports: 'name' + description: | + The name for a specific VM instance that the IP address belongs to. + This is required for network endpoints of type GCE_VM_IP_PORT. + The instance must be in the same zone of network endpoint group. + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + Port number of network endpoint. + **Note** `port` is required unless the Network Endpoint Group is created + with the type of `GCE_VM_IP` + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: | + IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + required: true diff --git a/mmv1/products/compute/NetworkEndpointGroup.yaml b/mmv1/products/compute/NetworkEndpointGroup.yaml new file mode 100644 index 000000000000..988cbe7a567b --- /dev/null +++ b/mmv1/products/compute/NetworkEndpointGroup.yaml @@ -0,0 +1,126 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'NetworkEndpointGroup' +kind: 'compute#networkEndpointGroup' +base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups' +immutable: true +has_self_link: true +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' +description: | + Network endpoint groups (NEGs) are zonal resources that represent + collections of IP address and port combinations for GCP resources within a + single subnet. Each IP address and port combination is called a network + endpoint. + + Network endpoint groups can be used as backends in backend services for + HTTP(S), TCP proxy, and SSL proxy load balancers. You cannot use NEGs as a + backend with internal load balancers. Because NEG backends allow you to + specify IP addresses and ports, you can distribute traffic in a granular + fashion among applications or containers running within VM instances. + + Recreating a network endpoint group that's in use by another resource will give a + `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` + to avoid this type of error. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: | + Zone where the network endpoint group is located. + required: true +properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Enum + name: 'networkEndpointType' + description: | + Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. + values: + - :GCE_VM_IP + - :GCE_VM_IP_PORT + - :NON_GCP_PRIVATE_IP_PORT + default_value: :GCE_VM_IP_PORT + - !ruby/object:Api::Type::Integer + name: 'size' + description: Number of network endpoints in the network endpoint group. + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The network to which all network endpoints in the NEG belong. + Uses "default" project network if unspecified. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + Optional subnetwork to which all network endpoints in the NEG belong. + - !ruby/object:Api::Type::Integer + name: 'defaultPort' + description: | + The default port used if the port number is not specified in the + network endpoint. diff --git a/mmv1/products/compute/NetworkPeeringRoutesConfig.yaml b/mmv1/products/compute/NetworkPeeringRoutesConfig.yaml new file mode 100644 index 000000000000..ef9e144ba855 --- /dev/null +++ b/mmv1/products/compute/NetworkPeeringRoutesConfig.yaml @@ -0,0 +1,80 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'NetworkPeeringRoutesConfig' +base_url: 'projects/{{project}}/global/networks/{{network}}' +self_link: 'projects/{{project}}/global/networks/{{network}}' +description: | + Manage a network peering's route settings without managing the peering as + a whole. This resource is primarily intended for use with GCP-generated + peerings that shouldn't otherwise be managed by other tools. Deleting this + resource is a no-op and the peering will not be modified. +create_verb: :PATCH +create_url: 'projects/{{project}}/global/networks/{{network}}/updatePeering' +update_verb: :PATCH +update_url: 'projects/{{project}}/global/networks/{{network}}/updatePeering' +identity: + - peering +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - peerings +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc-peering' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks/updatePeering' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'name' + description: | + The name of the primary network for the peering. + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'peering' + # renamed to make it clear that this is an existing peering + api_name: 'name' + required: true + description: | + Name of the peering. + - !ruby/object:Api::Type::Boolean + name: 'exportCustomRoutes' + required: true + description: | + Whether to export the custom routes to the peer network. + - !ruby/object:Api::Type::Boolean + name: 'importCustomRoutes' + required: true + description: | + Whether to import the custom routes to the peer network. diff --git a/mmv1/products/compute/NodeGroup.yaml b/mmv1/products/compute/NodeGroup.yaml new file mode 100644 index 000000000000..3f828c656201 --- /dev/null +++ b/mmv1/products/compute/NodeGroup.yaml @@ -0,0 +1,165 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'NodeGroup' +kind: 'compute#NodeGroup' +base_url: projects/{{project}}/zones/{{zone}}/nodeGroups +create_url: projects/{{project}}/zones/{{zone}}/nodeGroups?initialNodeCount={{size}} +has_self_link: true +description: | + Represents a NodeGroup resource to manage a group of sole-tenant nodes. +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Sole-Tenant Nodes': 'https://cloud.google.com/compute/docs/nodes/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups' +collection_url_key: 'items' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'selfLink' + required: true + description: | + Zone where this node group is located +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional textual description of the resource. + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. + - !ruby/object:Api::Type::ResourceRef + name: 'nodeTemplate' + resource: 'NodeTemplate' + imports: 'selfLink' + required: true + description: | + The URL of the node template to which this node group belongs. + update_verb: :POST + update_url: 'projects/{{project}}/zones/{{zone}}/nodeGroups/{{name}}/setNodeTemplate' + - !ruby/object:Api::Type::Integer + name: 'size' + description: | + The total number of nodes in the node group. + immutable: true + send_empty_value: true + - !ruby/object:Api::Type::Integer + name: 'initialSize' + description: | + The initial number of nodes in the node group. One of `initial_size` or `size` must be specified. + url_param_only: true + exactly_one_of: + - size + - initial_size + - !ruby/object:Api::Type::String + name: 'maintenancePolicy' + description: | + Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. + default_value: DEFAULT + - !ruby/object:Api::Type::NestedObject + name: 'maintenanceWindow' + description: | + contains properties for the timeframe of maintenance + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + required: true + description: | + instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid. + - !ruby/object:Api::Type::NestedObject + name: 'autoscalingPolicy' + description: | + If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + - !ruby/object:Api::Type::Enum + name: 'mode' + required: true + description: | + The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. + values: + - :OFF + - :ON + - :ONLY_SCALE_OUT + - !ruby/object:Api::Type::Integer + name: 'minNodes' + description: | + Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + - !ruby/object:Api::Type::Integer + name: 'maxNodes' + description: | + Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'shareSettings' + description: | + Share settings for the node group. + properties: + - !ruby/object:Api::Type::Enum + name: 'shareType' + required: true + description: | + Node group sharing type. + values: + - :ORGANIZATION + - :SPECIFIC_PROJECTS + - :LOCAL + - !ruby/object:Api::Type::Map + name: 'projectMap' + description: | + A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. + key_name: id + key_description: | + The project ID. + value_type: !ruby/object:Api::Type::NestedObject + name: projectConfig + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + required: true + description: | + The project id/number should be the same as the key of this project config in the project map. diff --git a/mmv1/products/compute/NodeTemplate.yaml b/mmv1/products/compute/NodeTemplate.yaml new file mode 100644 index 000000000000..e023ce7b299b --- /dev/null +++ b/mmv1/products/compute/NodeTemplate.yaml @@ -0,0 +1,139 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'NodeTemplate' +kind: 'compute#nodeTemplate' +base_url: projects/{{project}}/regions/{{region}}/nodeTemplates +has_self_link: true +description: | + Represents a NodeTemplate resource. Node templates specify properties + for creating sole-tenant nodes, such as node type, vCPU and memory + requirements, node affinity labels, and region. +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Sole-Tenant Nodes': 'https://cloud.google.com/compute/docs/nodes/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/nodeTemplates' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + required: true + description: | + Region where nodes using the node template will be created +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional textual description of the resource.' + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the resource.' + - !ruby/object:Api::Type::KeyValuePairs + name: 'nodeAffinityLabels' + description: | + Labels to use for node affinity, which will be used in + instance scheduling. + - !ruby/object:Api::Type::String + name: 'nodeType' + description: | + Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + conflicts: + - node_type_flexibility + - !ruby/object:Api::Type::NestedObject + name: 'nodeTypeFlexibility' + description: | + Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + conflicts: + - node_type + properties: + - !ruby/object:Api::Type::String + name: cpus + at_least_one_of: + - node_type_flexibility.0.cpus + - node_type_flexibility.0.memory + description: | + Number of virtual CPUs to use. + - !ruby/object:Api::Type::String + name: memory + at_least_one_of: + - node_type_flexibility.0.cpus + - node_type_flexibility.0.memory + description: | + Physical memory available to the node, defined in MB. + - !ruby/object:Api::Type::String + name: localSsd + description: | + Use local SSD + output: true + - !ruby/object:Api::Type::NestedObject + name: 'serverBinding' + description: | + The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + - !ruby/object:Api::Type::Enum + name: 'type' + required: true + description: | + Type of server binding policy. If `RESTART_NODE_ON_ANY_SERVER`, + nodes using this template will restart on any physical server + following a maintenance event. + + If `RESTART_NODE_ON_MINIMAL_SERVER`, nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. + values: + - :RESTART_NODE_ON_ANY_SERVER + - :RESTART_NODE_ON_MINIMAL_SERVERS + - !ruby/object:Api::Type::Enum + name: 'cpuOvercommitType' + description: | + CPU overcommit. + values: + - :ENABLED + - :NONE + default_value: :NONE diff --git a/mmv1/products/compute/OrganizationSecurityPolicy.yaml b/mmv1/products/compute/OrganizationSecurityPolicy.yaml new file mode 100644 index 000000000000..6a55b9e94c8d --- /dev/null +++ b/mmv1/products/compute/OrganizationSecurityPolicy.yaml @@ -0,0 +1,67 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'OrganizationSecurityPolicy' +min_version: beta +base_url: 'locations/global/securityPolicies?parentId={{parent}}' +self_link: 'locations/global/securityPolicies/{{id}}' +create_url: 'locations/global/securityPolicies?parentId={{parent}}' +update_verb: :PATCH +description: | + Organization security policies are used to control incoming/outgoing traffic. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a firewall policy': + 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-policy' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies' +parameters: + - !ruby/object:Api::Type::String + name: parent + description: | + The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id} + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: displayName + description: | + A textual name of the security policy. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: description + description: | + A textual description for the organization security policy. + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + output: true + - !ruby/object:Api::Type::String + name: id + description: | + The unique identifier for the resource. This identifier is defined by the server. + output: true + - !ruby/object:Api::Type::Enum + name: type + description: | + The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". + immutable: true + values: + - :FIREWALL + default_value: :FIREWALL diff --git a/mmv1/products/compute/OrganizationSecurityPolicyAssociation.yaml b/mmv1/products/compute/OrganizationSecurityPolicyAssociation.yaml new file mode 100644 index 000000000000..071b3dbabe2d --- /dev/null +++ b/mmv1/products/compute/OrganizationSecurityPolicyAssociation.yaml @@ -0,0 +1,53 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'OrganizationSecurityPolicyAssociation' +min_version: beta +base_url: 'locations/global/securityPolicies/{{policy_id}}' +self_link: 'locations/global/securityPolicies/{{policy_id}}/getAssociation?name={{name}}' +create_url: 'locations/global/securityPolicies/{{policy_id}}/addAssociation' +delete_verb: :POST +delete_url: 'locations/global/securityPolicies/{{policy_id}}/removeAssociation?name={{name}}' +description: | + An association for the OrganizationSecurityPolicy. +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Associating a policy with the organization or folder': + 'https://cloud.google.com/vpc/docs/using-firewall-policies#associate' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addAssociation' +parameters: + - !ruby/object:Api::Type::String + name: 'policyId' + description: | + The security policy ID of the association. + required: true + url_param_only: true + api_name: 'securityPolicyId' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The name for an association. + required: true + - !ruby/object:Api::Type::String + name: 'attachmentId' + description: | + The resource that the security policy is attached to. + required: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The display name of the security policy of the association. + output: true diff --git a/mmv1/products/compute/OrganizationSecurityPolicyRule.yaml b/mmv1/products/compute/OrganizationSecurityPolicyRule.yaml new file mode 100644 index 000000000000..00aa18b69a2f --- /dev/null +++ b/mmv1/products/compute/OrganizationSecurityPolicyRule.yaml @@ -0,0 +1,160 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'OrganizationSecurityPolicyRule' +min_version: beta +base_url: 'locations/global/securityPolicies/{{policy_id}}' +self_link: 'locations/global/securityPolicies/{{policy_id}}/getRule?priority={{priority}}' +create_url: 'locations/global/securityPolicies/{{policy_id}}/addRule?priority={{priority}}' +update_verb: :POST +update_url: 'locations/global/securityPolicies/{{policy_id}}/patchRule?priority={{priority}}' +delete_verb: :POST +delete_url: 'locations/global/securityPolicies/{{policy_id}}/removeRule?priority={{priority}}' +description: | + A rule for the OrganizationSecurityPolicy. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating firewall rules': + 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-rules' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addRule' +parameters: + - !ruby/object:Api::Type::String + name: policyId + description: | + The ID of the OrganizationSecurityPolicy this rule applies to. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the rule. + - !ruby/object:Api::Type::Integer + name: 'priority' + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest prority. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'match' + description: + A match condition that incoming traffic is evaluated against. If it evaluates to true, + the corresponding 'action' is enforced. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the rule. + - !ruby/object:Api::Type::Enum + name: 'versionedExpr' + description: | + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". + values: + - :FIREWALL + default_value: :FIREWALL + - !ruby/object:Api::Type::NestedObject + name: 'config' + description: + The configuration options for matching the rule. + required: true + properties: + - !ruby/object:Api::Type::Array + name: 'srcIpRanges' + description: | + Source IP address range in CIDR format. Required for + INGRESS rules. + item_type: Api::Type::String + exactly_one_of: + - match.0.config.0.src_ip_ranges + - match.0.config.0.dest_ip_ranges + - !ruby/object:Api::Type::Array + name: 'destIpRanges' + description: | + Destination IP address range in CIDR format. Required for + EGRESS rules. + item_type: Api::Type::String + exactly_one_of: + - match.0.config.0.src_ip_ranges + - match.0.config.0.dest_ip_ranges + - !ruby/object:Api::Type::Array + name: 'layer4Config' + api_name: 'layer4Configs' + description: | + Pairs of IP protocols and ports that the rule should match. + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipProtocol' + description: | + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + required: true + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'ports' + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + - !ruby/object:Api::Type::String + name: 'action' + description: | + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + required: true + - !ruby/object:Api::Type::Boolean + name: 'preview' + description: | + If set to true, the specified action is not enforced. + - !ruby/object:Api::Type::Enum + name: 'direction' + description: | + The direction in which this rule applies. If unspecified an INGRESS rule is created. + values: + - :INGRESS + - :EGRESS + - !ruby/object:Api::Type::Array + name: 'targetResources' + description: | + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'enableLogging' + description: | + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + send_empty_value: true + - !ruby/object:Api::Type::Array + name: 'targetServiceAccounts' + description: | + A list of service accounts indicating the sets of + instances that are applied with this rule. + item_type: Api::Type::String diff --git a/mmv1/products/compute/PacketMirroring.yaml b/mmv1/products/compute/PacketMirroring.yaml new file mode 100644 index 000000000000..3e584496eea6 --- /dev/null +++ b/mmv1/products/compute/PacketMirroring.yaml @@ -0,0 +1,175 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'PacketMirroring' +base_url: projects/{{project}}/regions/{{region}}/packetMirrorings +update_verb: :PATCH +self_link: projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}} +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Packet Mirroring': 'https://cloud.google.com/vpc/docs/using-packet-mirroring#creating' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/packetMirrorings' +description: | + Packet Mirroring mirrors traffic to and from particular VM instances. + You can use the collected traffic to help you detect security threats + and monitor application performance. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' + +properties: + - !ruby/object:Api::Type::String + name: name + description: The name of the packet mirroring rule + required: true + - !ruby/object:Api::Type::String + name: description + description: A human-readable description of the rule. + immutable: true + - !ruby/object:Api::Type::String + name: region + description: The region where this rule is active. + required: true + - !ruby/object:Api::Type::NestedObject + name: network + immutable: true + description: | + Specifies the mirrored VPC network. Only packets in this network + will be mirrored. All mirrored VMs should have a NIC in the given + network. All mirrored subnetworks should belong to the given network. + properties: + - !ruby/object:Api::Type::ResourceRef + name: url + description: The full self_link URL of the network where this rule is active. + resource: 'Network' + imports: 'selfLink' + required: true + immutable: true + required: true + - !ruby/object:Api::Type::Integer + name: priority + description: | + Since only one rule can be active at a time, priority is + used to break ties in the case of two rules that apply to + the same instances. + required: true + - !ruby/object:Api::Type::NestedObject + name: collectorIlb + description: | + The Forwarding Rule resource (of type loadBalancingScheme=INTERNAL) + that will be used as collector for mirrored traffic. The + specified forwarding rule must have isMirroringCollector + set to true. + required: true + properties: + - !ruby/object:Api::Type::ResourceRef + name: url + required: true + resource: 'ForwardingRule' + imports: 'selfLink' + description: The URL of the forwarding rule. + - !ruby/object:Api::Type::NestedObject + name: filter + description: | + A filter for mirrored traffic. If unset, all traffic is mirrored. + properties: + - !ruby/object:Api::Type::Array + name: ipProtocols + api_name: 'IPProtocols' + description: | + Protocols that apply as a filter on mirrored traffic. + item_type: Api::Type::String + name: ipProtocols + description: Possible IP protocols including tcp, udp, icmp and esp + - !ruby/object:Api::Type::Array + name: cidrRanges + description: | + IP CIDR ranges that apply as a filter on the source (ingress) or + destination (egress) IP in the IP header. Only IPv4 is supported. + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: direction + description: Direction of traffic to mirror. + values: + - :INGRESS + - :EGRESS + - :BOTH + default_value: :BOTH + - !ruby/object:Api::Type::NestedObject + name: mirroredResources + required: true + description: | + A means of specifying which resources to mirror. + properties: + - !ruby/object:Api::Type::Array + name: subnetworks + at_least_one_of: + - mirrored_resources.0.subnetworks + - mirrored_resources.0.instances + - mirrored_resources.0.tags + description: | + All instances in one of these subnetworks will be mirrored. + item_type: !ruby/object:Api::Type::NestedObject + name: subnetworks + description: The subnetworks that should be mirrored. Specify at most 5. + properties: + - !ruby/object:Api::Type::ResourceRef + name: url + resource: 'Subnetwork' + imports: 'selfLink' + description: The URL of the subnetwork where this rule should be active. + required: true + - !ruby/object:Api::Type::Array + name: instances + description: | + All the listed instances will be mirrored. Specify at most 50. + at_least_one_of: + - mirrored_resources.0.subnetworks + - mirrored_resources.0.instances + - mirrored_resources.0.tags + item_type: !ruby/object:Api::Type::NestedObject + name: instances + description: The instances that should be mirrored. + properties: + - !ruby/object:Api::Type::ResourceRef + name: url + resource: 'Instance' + imports: 'selfLink' + description: The URL of the instances where this rule should be active. + required: true + - !ruby/object:Api::Type::Array + name: tags + at_least_one_of: + - mirrored_resources.0.subnetworks + - mirrored_resources.0.instances + - mirrored_resources.0.tags + description: | + All instances with these tags will be mirrored. + item_type: Api::Type::String + diff --git a/mmv1/products/compute/PerInstanceConfig.yaml b/mmv1/products/compute/PerInstanceConfig.yaml new file mode 100644 index 000000000000..320b3a6c9e4f --- /dev/null +++ b/mmv1/products/compute/PerInstanceConfig.yaml @@ -0,0 +1,182 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'PerInstanceConfig' +base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}' +description: | + A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name + across instance group manager operations and can define stateful disks or metadata that are unique to the instance. +create_verb: :POST +create_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/createInstances +update_verb: :POST +update_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/updatePerInstanceConfigs +delete_verb: :POST +delete_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/deletePerInstanceConfigs +read_verb: :POST +self_link: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/listPerInstanceConfigs +identity: + - name +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - items +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: | + Zone where the containing instance group manager is located + required: true + url_param_only: true + immutable: true + - !ruby/object:Api::Type::ResourceRef + name: 'instanceGroupManager' + resource: 'InstanceGroupManager' + imports: 'name' + description: | + The instance group manager this instance config is part of. + required: true + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this per-instance config and its corresponding instance. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'preservedState' + description: 'The preserved state for this instance.' + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + Preserved metadata defined for this instance. This is a list of key->value pairs. + - !ruby/object:Api::Type::Array + name: 'disk' + api_name: disks + description: | + Stateful disks for the instance. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: deviceName + required: true + description: | + A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. + - !ruby/object:Api::Type::String + name: source + required: true + description: | + The URI of an existing persistent disk to attach under the specified device-name in the format + `projects/project-id/zones/zone/disks/disk-name`. + - !ruby/object:Api::Type::Enum + name: mode + description: | + The mode of the disk. + values: + - :READ_ONLY + - :READ_WRITE + default_value: :READ_WRITE + - !ruby/object:Api::Type::Enum + name: deleteRule + description: | + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are `NEVER` and `ON_PERMANENT_INSTANCE_DELETION`. + `NEVER` - detach the disk when the VM is deleted, but do not delete the disk. + `ON_PERMANENT_INSTANCE_DELETION` will delete the stateful disk when the VM is permanently + deleted from the instance group. + values: + - :NEVER + - :ON_PERMANENT_INSTANCE_DELETION + default_value: :NEVER + - !ruby/object:Api::Type::Map + name: 'internalIp' + api_name: internalIPs + min_version: beta + key_name: "interface_name" + description: | + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: autoDelete + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + values: + - :NEVER + - :ON_PERMANENT_INSTANCE_DELETION + default_value: :NEVER + - !ruby/object:Api::Type::NestedObject + name: 'ipAddress' + description: | + Ip address representation + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: | + The URL of the reservation for this IP address. + - !ruby/object:Api::Type::Map + name: 'externalIp' + min_version: beta + api_name: externalIPs + key_name: "interface_name" + description: | + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: autoDelete + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + values: + - :NEVER + - :ON_PERMANENT_INSTANCE_DELETION + default_value: :NEVER + - !ruby/object:Api::Type::NestedObject + name: 'ipAddress' + description: | + Ip address representation + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: | + The URL of the reservation for this IP address. diff --git a/mmv1/products/compute/ProjectInfo.yaml b/mmv1/products/compute/ProjectInfo.yaml new file mode 100644 index 000000000000..a39622d84259 --- /dev/null +++ b/mmv1/products/compute/ProjectInfo.yaml @@ -0,0 +1,75 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ProjectInfo' +base_url: projects +self_link: projects/{{project}} +readonly: true +description: | + Information about the project specifically for compute. +properties: + - !ruby/object:Api::Type::String + name: name + description: The name of this project + - !ruby/object:Api::Type::NestedObject + name: 'commonInstanceMetadata' + description: 'Metadata shared for all instances in this project' + properties: + - !ruby/object:Api::Type::Array + name: 'items' + description: | + Array of key/values + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'key' + description: 'Key of the metadata key/value pair' + - !ruby/object:Api::Type::String + name: 'value' + description: 'Value of the metadata key/value pair' + - !ruby/object:Api::Type::Array + name: 'enabledFeatures' + description: | + Restricted features enabled for use on this project + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: defaultServiceAccount + description: Default service account used by VMs in this project + - !ruby/object:Api::Type::String + name: xpnProjectStatus + description: The role this project has in a shared VPC configuration. + - !ruby/object:Api::Type::String + name: defaultNetworkTier + description: The default network tier used for configuring resources in this project + - !ruby/object:Api::Type::Array + name: 'quotas' + description: | + Quotas applied to this project + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'metric' + description: 'Name of the quota metric' + - !ruby/object:Api::Type::String + name: 'limit' + description: 'Quota limit for this metric' + - !ruby/object:Api::Type::String + name: 'usage' + description: 'Current usage of this metric' + - !ruby/object:Api::Type::String + name: 'owner' + description: Owning resource. This is the resource on which this quota is applied. + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' diff --git a/mmv1/products/compute/Region.yaml b/mmv1/products/compute/Region.yaml new file mode 100644 index 000000000000..79cbc7515271 --- /dev/null +++ b/mmv1/products/compute/Region.yaml @@ -0,0 +1,118 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Region' +kind: 'compute#region' +base_url: projects/{{project}}/regions +collection_url_key: 'items' +has_self_link: true +readonly: true +description: | + Represents a Region resource. A region is a specific geographical + location where you can run your resources. Each region has one or more + zones +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'deprecated' + description: 'The deprecation state of this resource.' + output: true + properties: + - !ruby/object:Api::Type::Time + name: 'deleted' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DELETED. + - !ruby/object:Api::Type::Time + name: 'deprecated' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DEPRECATED. + output: true + - !ruby/object:Api::Type::Time + name: 'obsolete' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to OBSOLETE. + output: true + - !ruby/object:Api::Type::String + name: 'replacement' + description: | + The URL of the suggested replacement for a deprecated resource. The + suggested replacement resource must be the same kind of resource as + the deprecated resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource using a + DEPRECATED resource will return successfully, but with a warning + indicating the deprecated resource and recommending its replacement. + Operations which use OBSOLETE or DELETED resources will be rejected + and result in an error. + values: + - :DEPRECATED + - :OBSOLETE + - :DELETED + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the resource.' + - !ruby/object:Api::Type::Array + name: 'quotas' + description: 'Quotas assigned to this region.' + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'metric' + description: 'Name of the quota metric.' + output: true + - !ruby/object:Api::Type::Double + name: 'limit' + description: 'Quota limit for this metric.' + output: true + - !ruby/object:Api::Type::Double + name: 'usage' + description: 'Current usage of this metric.' + output: true + - !ruby/object:Api::Type::String + name: 'owner' + description: 'Owning resource. This is the resource on which this quota is applied.' + output: true + - !ruby/object:Api::Type::Enum + name: 'status' + description: | + Status of the region, either UP or DOWN. + values: + - :UP + - :DOWN + output: true + - !ruby/object:Api::Type::Array + name: 'zones' + description: 'List of zones within the region' + item_type: Api::Type::String + output: true diff --git a/mmv1/products/compute/RegionAutoscaler.yaml b/mmv1/products/compute/RegionAutoscaler.yaml new file mode 100644 index 000000000000..88ef724dfb7d --- /dev/null +++ b/mmv1/products/compute/RegionAutoscaler.yaml @@ -0,0 +1,385 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionAutoscaler' +kind: 'compute#autoscaler' +base_url: projects/{{project}}/regions/{{region}}/autoscalers +update_url: projects/{{project}}/regions/{{region}}/autoscalers?autoscaler={{name}} +collection_url_key: 'items' +has_self_link: true +description: | + Represents an Autoscaler resource. + + Autoscalers allow you to automatically scale virtual machine instances in + managed instance groups according to an autoscaling policy that you + define. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Autoscaling Groups of Instances': 'https://cloud.google.com/compute/docs/autoscaler/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionAutoscalers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + URL of the region where the instance group resides. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'Unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. The name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::NestedObject + name: 'autoscalingPolicy' + description: | + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + required: true + properties: + - !ruby/object:Api::Type::Integer + name: 'minNumReplicas' + description: | + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + send_empty_value: true + - !ruby/object:Api::Type::Integer + name: 'maxNumReplicas' + description: | + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + required: true + - !ruby/object:Api::Type::Integer + name: 'coolDownPeriodSec' + description: | + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + default_value: 60 + - !ruby/object:Api::Type::Enum + name: 'mode' + default_value: :ON + description: | + Defines operating mode for this policy. + values: + - :OFF + - :ONLY_UP + - :ON + - !ruby/object:Api::Type::NestedObject + name: 'scaleDownControl' + min_version: beta + description: | + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - !ruby/object:Api::Type::NestedObject + name: 'maxScaledDownReplicas' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas + - autoscaling_policy.0.scale_down_control.0.time_window_sec + properties: + - !ruby/object:Api::Type::Integer + name: 'fixed' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + - !ruby/object:Api::Type::Integer + name: 'percent' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + - !ruby/object:Api::Type::Integer + name: 'timeWindowSec' + at_least_one_of: + - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas + - autoscaling_policy.0.scale_down_control.0.time_window_sec + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + - !ruby/object:Api::Type::NestedObject + name: 'scaleInControl' + description: | + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - !ruby/object:Api::Type::NestedObject + name: 'maxScaledInReplicas' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas + - autoscaling_policy.0.scale_in_control.0.time_window_sec + properties: + - !ruby/object:Api::Type::Integer + name: 'fixed' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent + description: | + Specifies a fixed number of VM instances. This must be a positive + integer. + - !ruby/object:Api::Type::Integer + name: 'percent' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent + description: | + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + - !ruby/object:Api::Type::Integer + name: 'timeWindowSec' + at_least_one_of: + - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas + - autoscaling_policy.0.scale_in_control.0.time_window_sec + description: | + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + - !ruby/object:Api::Type::NestedObject + name: 'cpuUtilization' + description: | + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + - !ruby/object:Api::Type::Double + name: 'utilizationTarget' + description: | + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + - !ruby/object:Api::Type::String + name: 'predictiveMethod' + default_value: NONE + description: | + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + - !ruby/object:Api::Type::Array + name: 'customMetricUtilizations' + description: | + Configuration parameters of autoscaling based on a custom metric. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'metric' + description: | + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + required: true + - !ruby/object:Api::Type::Double + name: 'singleInstanceAssignment' + min_version: beta + description: | + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + `pubsub.googleapis.com/subscription/num_undelivered_messages` + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + - !ruby/object:Api::Type::Double + name: 'utilizationTarget' + description: | + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + - !ruby/object:Api::Type::Enum + name: 'utilizationTargetType' + description: | + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. + values: + - :GAUGE + - :DELTA_PER_SECOND + - :DELTA_PER_MINUTE + - !ruby/object:Api::Type::String + name: 'filter' + description: | + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + min_version: beta + - !ruby/object:Api::Type::NestedObject + name: 'loadBalancingUtilization' + description: | + Configuration parameters of autoscaling based on a load balancer. + properties: + - !ruby/object:Api::Type::Double + name: 'utilizationTarget' + description: | + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + - !ruby/object:Api::Type::Map + name: 'scalingSchedules' + description: | + Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. + key_name: name + key_description: | + A name for the schedule. + value_type: !ruby/object:Api::Type::NestedObject + name: scalingSchedule + properties: + - !ruby/object:Api::Type::Integer + name: 'minRequiredReplicas' + description: | + Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. + required: true + send_empty_value: true + - !ruby/object:Api::Type::String + name: 'schedule' + description: | + The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). + required: true + - !ruby/object:Api::Type::String + name: 'timeZone' + default_value: UTC + description: | + The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. + - !ruby/object:Api::Type::Integer + name: 'durationSec' + description: | + The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. + required: true + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. + default_value: false + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of a scaling schedule. + - !ruby/object:Api::Type::String + name: 'target' + # TODO(#303): resourceref once RegionIGM exists + # resource: 'RegionInstanceGroupManager' + # imports: 'selfLink' + description: | + URL of the managed instance group that this autoscaler will scale. + required: true diff --git a/mmv1/products/compute/RegionBackendService.yaml b/mmv1/products/compute/RegionBackendService.yaml new file mode 100644 index 000000000000..1cb6eb92cf27 --- /dev/null +++ b/mmv1/products/compute/RegionBackendService.yaml @@ -0,0 +1,1128 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionBackendService' +kind: 'compute#backendService' +base_url: projects/{{project}}/regions/{{region}}/backendServices +collection_url_key: 'items' +has_self_link: true +description: | + A Region Backend Service defines a regionally-scoped group of virtual + machines that will serve traffic for load balancing. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Internal TCP/UDP Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/internal/' + api: 'https://cloud.google.com/compute/docs/reference/latest/regionBackendServices' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + A reference to the region where the regional backend service resides. + required: true +properties: + - !ruby/object:Api::Type::Integer + name: 'affinityCookieTtlSec' + description: | + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + - !ruby/object:Api::Type::Array + name: 'backends' + description: | + The set of backends that serve this RegionBackendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'balancingMode' + default_value: :CONNECTION + values: + - :UTILIZATION + - :RATE + - :CONNECTION + description: | + Specifies the balancing mode for this backend. + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. + - !ruby/object:Api::Type::Double + name: 'capacityScaler' + description: | + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + ~>**NOTE**: This field cannot be set for + INTERNAL region backend services (default loadBalancingScheme), + but is required for non-INTERNAL backend service. The total + capacity_scaler for all backends must be non-zero. + + A setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + send_empty_value: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + Provide this property when you create the resource. + - !ruby/object:Api::Type::Boolean + name: 'failover' + description: | + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + - !ruby/object:Api::Type::String + name: 'group' + required: true + description: | + The fully-qualified URL of an Instance Group or Network Endpoint + Group resource. In case of instance group this defines the list + of instances that serve traffic. Member virtual machine + instances from each instance group must live in the same zone as + the instance group itself. No two backends in a backend service + are allowed to use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and + Network Endpoint Group backends. + + When the `load_balancing_scheme` is INTERNAL, only instance groups + are supported. + + Note that you must specify an Instance Group or Network Endpoint + Group resource using the fully-qualified URL, rather than a + partial URL. + - !ruby/object:Api::Type::Integer + name: 'maxConnections' + description: | + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + Cannot be set for INTERNAL backend services. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + - !ruby/object:Api::Type::Integer + name: 'maxConnectionsPerInstance' + description: | + The max number of simultaneous connections that a single + backend instance can handle. Cannot be set for INTERNAL backend + services. + + This is used to calculate the capacity of the group. + Can be used in either CONNECTION or UTILIZATION balancing modes. + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + - !ruby/object:Api::Type::Integer + name: 'maxConnectionsPerEndpoint' + description: | + The max number of simultaneous connections that a single backend + network endpoint can handle. Cannot be set + for INTERNAL backend services. + + This is used to calculate the capacity of the group. Can be + used in either CONNECTION or UTILIZATION balancing modes. For + CONNECTION mode, either maxConnections or + maxConnectionsPerEndpoint must be set. + - !ruby/object:Api::Type::Integer + name: 'maxRate' + description: | + The max requests per second (RPS) of the group. Cannot be set + for INTERNAL backend services. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. Either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + - !ruby/object:Api::Type::Double + name: 'maxRatePerInstance' + description: | + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. Cannot be set + for INTERNAL backend services. + - !ruby/object:Api::Type::Double + name: 'maxRatePerEndpoint' + description: | + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. Cannot be set + for INTERNAL backend services. + - !ruby/object:Api::Type::Double + name: 'maxUtilization' + description: | + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + Cannot be set for INTERNAL backend services. + - !ruby/object:Api::Type::NestedObject + name: 'circuitBreakers' + description: | + Settings controlling the volume of connections to a backend service. This field + is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED + and the `protocol` is set to HTTP, HTTPS, or HTTP2. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'connectTimeout' + min_version: beta + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The timeout for new network connections to hosts. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Integer + name: 'maxRequestsPerConnection' + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + - !ruby/object:Api::Type::Integer + name: 'maxConnections' + default_value: 1024 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of connections to the backend cluster. + Defaults to 1024. + - !ruby/object:Api::Type::Integer + name: 'maxPendingRequests' + default_value: 1024 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + - !ruby/object:Api::Type::Integer + name: 'maxRequests' + default_value: 1024 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + - !ruby/object:Api::Type::Integer + name: 'maxRetries' + default_value: 3 + at_least_one_of: + - circuit_breakers.0.connect_timeout + - circuit_breakers.0.max_requests_per_connection + - circuit_breakers.0.max_connections + - circuit_breakers.0.max_pending_requests + - circuit_breakers.0.max_requests + - circuit_breakers.0.max_retries + description: | + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + - !ruby/object:Api::Type::NestedObject + name: 'consistentHash' + description: | + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. + This field only applies when all of the following are true - + * `load_balancing_scheme` is set to INTERNAL_MANAGED + * `protocol` is set to HTTP, HTTPS, or HTTP2 + * `locality_lb_policy` is set to MAGLEV or RING_HASH + properties: + - !ruby/object:Api::Type::NestedObject + name: 'httpCookie' + at_least_one_of: + - consistent_hash.0.http_cookie + - consistent_hash.0.http_header_name + - consistent_hash.0.minimum_ring_size + description: | + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'ttl' + at_least_one_of: + - consistent_hash.0.http_cookie.0.ttl + - consistent_hash.0.http_cookie.0.name + - consistent_hash.0.http_cookie.0.path + description: | + Lifetime of the cookie. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'name' + at_least_one_of: + - consistent_hash.0.http_cookie.0.ttl + - consistent_hash.0.http_cookie.0.name + - consistent_hash.0.http_cookie.0.path + description: | + Name of the cookie. + - !ruby/object:Api::Type::String + name: 'path' + at_least_one_of: + - consistent_hash.0.http_cookie.0.ttl + - consistent_hash.0.http_cookie.0.name + - consistent_hash.0.http_cookie.0.path + description: | + Path to set for the cookie. + - !ruby/object:Api::Type::String + name: 'httpHeaderName' + at_least_one_of: + - consistent_hash.0.http_cookie + - consistent_hash.0.http_header_name + - consistent_hash.0.minimum_ring_size + description: | + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + - !ruby/object:Api::Type::Integer + name: 'minimumRingSize' + default_value: 1024 + at_least_one_of: + - consistent_hash.0.http_cookie + - consistent_hash.0.http_header_name + - consistent_hash.0.minimum_ring_size + description: | + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + - !ruby/object:Api::Type::NestedObject + name: 'cdnPolicy' + description: 'Cloud CDN configuration for this BackendService.' + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cacheKeyPolicy' + description: 'The CacheKeyPolicy for this CdnPolicy.' + at_least_one_of: + - cdn_policy.0.cache_key_policy + - cdn_policy.0.signed_url_cache_max_age_sec + properties: + - !ruby/object:Api::Type::Boolean + name: 'includeHost' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + If true requests to different hosts will be cached separately. + - !ruby/object:Api::Type::Boolean + name: 'includeProtocol' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + If true, http and https requests will be cached separately. + - !ruby/object:Api::Type::Boolean + name: 'includeQueryString' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + - !ruby/object:Api::Type::Array + name: 'queryStringBlacklist' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + send_empty_value: true + name: 'queryStringWhitelist' + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'includeNamedCookies' + send_empty_value: true + at_least_one_of: + - cdn_policy.0.cache_key_policy.0.include_host + - cdn_policy.0.cache_key_policy.0.include_protocol + - cdn_policy.0.cache_key_policy.0.include_query_string + - cdn_policy.0.cache_key_policy.0.query_string_blacklist + - cdn_policy.0.cache_key_policy.0.query_string_whitelist + - cdn_policy.0.cache_key_policy.0.include_named_cookies + description: | + Names of cookies to include in cache keys. + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'signedUrlCacheMaxAgeSec' + default_value: 3600 + at_least_one_of: + - cdn_policy.0.cache_key_policy + - cdn_policy.0.signed_url_cache_max_age_sec + description: | + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + - !ruby/object:Api::Type::Integer + name: 'defaultTtl' + description: | + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + - !ruby/object:Api::Type::Integer + name: 'maxTtl' + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + - !ruby/object:Api::Type::Integer + name: 'clientTtl' + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + - !ruby/object:Api::Type::Boolean + name: 'negativeCaching' + send_empty_value: true + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. + - !ruby/object:Api::Type::Array + name: 'negativeCachingPolicy' + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'code' + description: | + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + - !ruby/object:Api::Type::Integer + name: 'ttl' + min_version: beta + description: | + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + - !ruby/object:Api::Type::Enum + name: 'cacheMode' + description: | + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC + values: + - :USE_ORIGIN_HEADERS + - :FORCE_CACHE_ALL + - :CACHE_ALL_STATIC + - !ruby/object:Api::Type::Integer + name: 'serveWhileStale' + send_empty_value: true + description: | + Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. + + - !ruby/object:Api::Type::NestedObject + name: 'connectionDraining' + description: | + Settings for connection draining + properties: + - !ruby/object:Api::Type::Integer + name: 'drainingTimeoutSec' + default_value: 300 + description: | + Time for which instance will be drained (not accept new + connections, but still work to finish started). + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + Creation timestamp in RFC3339 text format. + output: true + # customRequestHeaders only supported for EXTERNAL load balancing + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::NestedObject + name: 'failoverPolicy' + description: | + Policy for failovers. + properties: + - !ruby/object:Api::Type::Boolean + name: 'disableConnectionDrainOnFailover' + at_least_one_of: + - failover_policy.0.disable_connection_drain_on_failover + - failover_policy.0.drop_traffic_if_unhealthy + - failover_policy.0.failover_ratio + description: | + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + - !ruby/object:Api::Type::Boolean + name: 'dropTrafficIfUnhealthy' + at_least_one_of: + - failover_policy.0.disable_connection_drain_on_failover + - failover_policy.0.drop_traffic_if_unhealthy + - failover_policy.0.failover_ratio + description: | + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + - !ruby/object:Api::Type::Double + name: 'failoverRatio' + at_least_one_of: + - failover_policy.0.disable_connection_drain_on_failover + - failover_policy.0.drop_traffic_if_unhealthy + - failover_policy.0.failover_ratio + description: | + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + - !ruby/object:Api::Type::Boolean + name: 'enableCDN' + description: | + If true, enable Cloud CDN for this RegionBackendService. + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + output: true + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + - !ruby/object:Api::Type::Array + name: 'healthChecks' + item_type: Api::Type::String + min_size: 1 + max_size: 1 + description: | + The set of URLs to HealthCheck resources for health checking + this RegionBackendService. Currently at most one health + check can be specified. + + A health check must be specified unless the backend service uses an internet + or serverless NEG as a backend. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'iap' + description: Settings for enabling Cloud Identity Aware Proxy + properties: + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: Enables IAP. + - !ruby/object:Api::Type::String + name: 'oauth2ClientId' + required: true + description: | + OAuth2 Client ID for IAP + - !ruby/object:Api::Type::String + name: 'oauth2ClientSecret' + required: true + description: | + OAuth2 Client Secret for IAP + - !ruby/object:Api::Type::String + name: 'oauth2ClientSecretSha256' + output: true + description: | + OAuth2 Client Secret SHA-256 for IAP + - !ruby/object:Api::Type::Enum + name: 'loadBalancingScheme' + immutable: true + description: | + Indicates what kind of load balancing this regional backend service + will be used for. A backend service created for one type of load + balancing cannot be used with the other(s). For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). + default_value: :INTERNAL + values: + - :EXTERNAL + - :EXTERNAL_MANAGED + - :INTERNAL + - :INTERNAL_MANAGED + - !ruby/object:Api::Type::Enum + name: 'localityLbPolicy' + values: + - :ROUND_ROBIN + - :LEAST_REQUEST + - :RING_HASH + - :RANDOM + - :ORIGINAL_DESTINATION + - :MAGLEV + description: | + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * `ROUND_ROBIN`: This is a simple policy in which each healthy backend + is selected in round robin order. + + * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * `RING_HASH`: The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * `RANDOM`: The load balancer selects a random healthy host. + + * `ORIGINAL_DESTINATION`: Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + + + If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, + session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::NestedObject + name: 'outlierDetection' + description: | + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the `load_balancing_scheme` is set + to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseEjectionTime' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Integer + name: 'consecutiveErrors' + default_value: 5 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + - !ruby/object:Api::Type::Integer + name: 'consecutiveGatewayFailure' + default_value: 5 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + - !ruby/object:Api::Type::Integer + name: 'enforcingConsecutiveErrors' + default_value: 100 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + - !ruby/object:Api::Type::Integer + name: 'enforcingConsecutiveGatewayFailure' + default_value: 0 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + - !ruby/object:Api::Type::Integer + name: 'enforcingSuccessRate' + default_value: 100 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + - !ruby/object:Api::Type::NestedObject + name: 'interval' + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + - !ruby/object:Api::Type::Integer + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Integer + name: 'maxEjectionPercent' + default_value: 10 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + - !ruby/object:Api::Type::Integer + name: 'successRateMinimumHosts' + default_value: 5 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + - !ruby/object:Api::Type::Integer + name: 'successRateRequestVolume' + default_value: 100 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + - !ruby/object:Api::Type::Integer + name: 'successRateStdevFactor' + default_value: 1900 + at_least_one_of: + - outlier_detection.0.base_ejection_time + - outlier_detection.0.consecutive_errors + - outlier_detection.0.consecutive_gateway_failure + - outlier_detection.0.enforcing_consecutive_errors + - outlier_detection.0.enforcing_consecutive_gateway_failure + - outlier_detection.0.enforcing_success_rate + - outlier_detection.0.interval + - outlier_detection.0.max_ejection_percent + - outlier_detection.0.success_rate_minimum_hosts + - outlier_detection.0.success_rate_request_volume + - outlier_detection.0.success_rate_stdev_factor + description: | + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + - !ruby/object:Api::Type::String + name: 'portName' + description: | + A named port on a backend instance group representing the port for + communication to the backend VMs in that group. Required when the + loadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED + and the backends are instance groups. The named port must be defined on each + backend instance group. This parameter has no meaning if the backends are NEGs. API sets a + default of "http" if not given. + Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing). + - !ruby/object:Api::Type::Enum + name: 'protocol' + description: | + The protocol this RegionBackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. + # This is removed to avoid breaking terraform, as default values cannot be + # unspecified. Providers should include this as needed via overrides + # default_value: :TCP + values: + - :HTTP + - :HTTPS + - :HTTP2 + - :SSL + - :TCP + - :UDP + - :GRPC + - :UNSPECIFIED + - !ruby/object:Api::Type::Enum + name: 'sessionAffinity' + description: | + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. + values: + - :NONE + - :CLIENT_IP + - :CLIENT_IP_PORT_PROTO + - :CLIENT_IP_PROTO + - :GENERATED_COOKIE + - :HEADER_FIELD + - :HTTP_COOKIE + - :CLIENT_IP_NO_DESTINATION + - !ruby/object:Api::Type::NestedObject + name: 'connectionTrackingPolicy' + min_version: 'beta' + description: | + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + properties: + - !ruby/object:Api::Type::Integer + name: 'idleTimeoutSec' + description: | + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + - !ruby/object:Api::Type::Enum + name: 'trackingMode' + description: | + Specifies the key used for connection tracking. There are two options: + `PER_CONNECTION`: The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + `PER_SESSION`: The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. + default_value: :PER_CONNECTION + values: + - :PER_CONNECTION + - :PER_SESSION + - !ruby/object:Api::Type::Enum + name: 'connectionPersistenceOnUnhealthyBackends' + description: | + Specifies connection persistence when backends are unhealthy. + + If set to `DEFAULT_FOR_PROTOCOL`, the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to `NEVER_PERSIST`, after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to `ALWAYS_PERSIST`, existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. + default_value: :DEFAULT_FOR_PROTOCOL + values: + - :DEFAULT_FOR_PROTOCOL + - :NEVER_PERSIST + - :ALWAYS_PERSIST + - !ruby/object:Api::Type::Integer + name: 'timeoutSec' + description: | + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + description: | + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + at_least_one_of: + - log_config.0.enable + - log_config.0.sample_rate + description: | + Whether to enable logging for the load balancer traffic served by this backend service. + - !ruby/object:Api::Type::Double + name: 'sampleRate' + at_least_one_of: + - log_config.0.enable + - log_config.0.sample_rate + description: | + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + - !ruby/object:Api::Type::ResourceRef + resource: 'Network' + name: 'network' + imports: 'selfLink' + description: | + The URL of the network to which this backend service belongs. + This field can only be specified when the load balancing scheme is set to INTERNAL. + - !ruby/object:Api::Type::NestedObject + name: 'subsetting' + min_version: beta + description: | + Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing and Internal HTTP(S) load balancing. + properties: + - !ruby/object:Api::Type::Enum + name: 'policy' + values: + - :CONSISTENT_HASH_SUBSETTING + required: true + description: | + The algorithm used for subsetting. diff --git a/mmv1/products/compute/RegionDisk.yaml b/mmv1/products/compute/RegionDisk.yaml new file mode 100644 index 000000000000..fcb45e0c7023 --- /dev/null +++ b/mmv1/products/compute/RegionDisk.yaml @@ -0,0 +1,277 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionDisk' +kind: 'compute#disk' +immutable: true +base_url: projects/{{project}}/regions/{{region}}/disks +collection_url_key: 'items' +has_self_link: true +description: | + Persistent disks are durable storage devices that function similarly to + the physical disks in a desktop or a server. Compute Engine manages the + hardware behind these devices to ensure data redundancy and optimize + performance for you. Persistent disks are available as either standard + hard disk drives (HDD) or solid-state drives (SSD). + + Persistent disks are located independently from your virtual machine + instances, so you can detach or move persistent disks to keep your data + even after you delete your instances. Persistent disk performance scales + automatically with size, so you can resize your existing persistent disks + or add more persistent disks to an instance to meet your performance and + storage space requirements. + + Add a persistent disk to your instance when you need reliable and + affordable storage with consistent performance characteristics. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Adding or Resizing Regional Persistent Disks': + 'https://cloud.google.com/compute/docs/disks/regional-persistent-disk' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionDisks' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'A reference to the region where the disk resides.' + required: true + - !ruby/object:Api::Type::NestedObject + name: 'diskEncryptionKey' + description: | + Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + immutable: true + - !ruby/object:Api::Type::ResourceRef + name: 'sourceSnapshot' + resource: 'Snapshot' + imports: 'selfLink' + description: | + The source snapshot used to create this disk. You can provide this as + a partial or full URL to the resource. For example, the following are + valid values: + + * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` + * `projects/project/global/snapshots/snapshot` + * `global/snapshots/snapshot` + - !ruby/object:Api::Type::NestedObject + name: 'sourceSnapshotEncryptionKey' + description: | + The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + min_version: beta + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + immutable: true + - !ruby/object:Api::Type::String + name: 'sourceSnapshotId' + description: | + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + output: true +properties: + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/setLabels' + update_verb: :POST + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Time + name: 'lastAttachTimestamp' + description: 'Last attach timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Time + name: 'lastDetachTimestamp' + description: 'Last detach timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this disk. A list of key->value pairs. + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/setLabels' + - !ruby/object:Api::Type::Array + name: 'licenses' + description: 'Any applicable publicly visible licenses.' + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Integer + name: 'sizeGb' + description: | + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the sourceImage or + sourceSnapshot parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with sourceImage or sourceSnapshot, + the value of sizeGb must not be less than the size of the sourceImage + or the size of the snapshot. + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/resize' + - !ruby/object:Api::Type::Array + name: 'users' + description: | + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance + item_type: !ruby/object:Api::Type::ResourceRef + name: 'user' + resource: 'Instance' + imports: 'selfLink' + description: 'A reference to a user of this disk' + output: true + - !ruby/object:Api::Type::Integer + name: 'physicalBlockSizeBytes' + description: | + Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + - !ruby/object:Api::Type::Array + name: 'replicaZones' + description: 'URLs of the zones where the disk should be replicated to.' + min_size: 2 + max_size: 2 + required: true + item_type: !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'selfLink' + description: | + A reference to a zone where the disk should be replicated to. + - !ruby/object:Api::Type::ResourceRef + name: 'type' + resource: 'RegionDiskType' + imports: 'selfLink' + description: | + URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + - !ruby/object:Api::Type::String + name: 'interface' + min_version: 'beta' + # interface is removed using url_param_only to preserve schema definition + # and prevent sending or reading in API requests + url_param_only: true + default_value: 'SCSI' + deprecation_message: This field is no longer in use, disk interfaces will be automatically determined on attachment. To resolve this issue, remove this field from your config. + description: | + Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. + - !ruby/object:Api::Type::String + name: 'sourceDisk' + description: | + The source disk used to create this disk. You can provide this as a partial or full URL to the resource. + For example, the following are valid values: + + * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk} + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk} + * projects/{project}/zones/{zone}/disks/{disk} + * projects/{project}/regions/{region}/disks/{disk} + * zones/{zone}/disks/{disk} + * regions/{region}/disks/{disk} + - !ruby/object:Api::Type::String + name: 'sourceDiskId' + description: | + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + output: true diff --git a/mmv1/products/compute/RegionDiskResourcePolicyAttachment.yaml b/mmv1/products/compute/RegionDiskResourcePolicyAttachment.yaml new file mode 100644 index 000000000000..6fdc8f973ea2 --- /dev/null +++ b/mmv1/products/compute/RegionDiskResourcePolicyAttachment.yaml @@ -0,0 +1,72 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionDiskResourcePolicyAttachment' +immutable: true +base_url: projects/{{project}}/regions/{{region}}/disks/{{disk}} +create_verb: :POST +create_url: projects/{{project}}/regions/{{region}}/disks/{{disk}}/addResourcePolicies +delete_verb: :POST +delete_url: projects/{{project}}/regions/{{region}}/disks/{{disk}}/removeResourcePolicies +self_link: projects/{{project}}/regions/{{region}}/disks/{{disk}} +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - resourcePolicies + is_list_of_ids: true +identity: + - name +description: | + Disk resource policies define a schedule for taking snapshots and a + retention period for these snapshots. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'disk' + resource: 'Disk' + imports: 'name' + description: | + The name of the regional disk in which the resource policies are attached to. + required: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'A reference to the region where the disk resides.' + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource policy to be attached to the disk for scheduling snapshot + creation. Do not specify the self link. + required: true diff --git a/mmv1/products/compute/RegionDiskType.yaml b/mmv1/products/compute/RegionDiskType.yaml new file mode 100644 index 000000000000..570b5bc9be09 --- /dev/null +++ b/mmv1/products/compute/RegionDiskType.yaml @@ -0,0 +1,101 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionDiskType' +kind: 'compute#diskType' +base_url: projects/{{project}}/regions/{{region}}/diskTypes +collection_url_key: 'items' +description: | + Represents a regional DiskType resource. A DiskType resource represents + the type of disk to use, such as a pd-ssd, pd-balanced or pd-standard. To reference a + disk type, use the disk type's full or partial URL. +readonly: true +has_self_link: true +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'A reference to the region where the disk type resides.' + required: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Integer + name: 'defaultDiskSizeGb' + description: 'Server-defined default disk size in GB.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'deprecated' + description: 'The deprecation status associated with this disk type.' + output: true + properties: + - !ruby/object:Api::Type::Time + name: 'deleted' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DELETED. + output: true + - !ruby/object:Api::Type::Time + name: 'deprecated' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to DEPRECATED. + output: true + - !ruby/object:Api::Type::Time + name: 'obsolete' + description: | + An optional RFC3339 timestamp on or after which the deprecation state + of this resource will be changed to OBSOLETE. + output: true + - !ruby/object:Api::Type::String + name: 'replacement' + description: | + The URL of the suggested replacement for a deprecated resource. The + suggested replacement resource must be the same kind of resource as + the deprecated resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource using a + DEPRECATED resource will return successfully, but with a warning + indicating the deprecated resource and recommending its replacement. + Operations which use OBSOLETE or DELETED resources will be rejected + and result in an error. + values: + - :DEPRECATED + - :OBSOLETE + - :DELETED + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the resource.' + - !ruby/object:Api::Type::String + name: 'validDiskSize' + description: | + An optional textual description of the valid disk size, such as + "10GB-10TB". + output: true diff --git a/mmv1/products/compute/RegionHealthCheck.yaml b/mmv1/products/compute/RegionHealthCheck.yaml new file mode 100644 index 000000000000..d58c3202e11d --- /dev/null +++ b/mmv1/products/compute/RegionHealthCheck.yaml @@ -0,0 +1,793 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionHealthCheck' +kind: 'compute#healthCheck' +base_url: projects/{{project}}/regions/{{region}}/healthChecks +collection_url_key: 'items' +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/health-checks' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionHealthChecks' +description: | + Health Checks determine whether instances are responsive and able to do work. + They are an important part of a comprehensive load balancing configuration, + as they enable monitoring instances behind load balancers. + + Health Checks poll instances at a specified interval. Instances that + do not respond successfully to some number of probes in a row are marked + as unhealthy. No new connections are sent to unhealthy instances, + though existing connections will continue. The health check will + continue to poll unhealthy instances. If an instance later responds + successfully to some number of consecutive probes, it is marked + healthy again and can receive new connections. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + immutable: true + description: | + The region where the regional health check resides. +properties: + - !ruby/object:Api::Type::Integer + name: 'checkIntervalSec' + description: | + How often (in seconds) to send a health check. The default value is 5 + seconds. + default_value: 5 + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + send_empty_value: true + - !ruby/object:Api::Type::Integer + name: 'healthyThreshold' + description: | + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + default_value: 2 + - !ruby/object:Api::Type::Integer + name: 'id' + description: | + The unique identifier for the resource. This identifier is defined by + the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + - !ruby/object:Api::Type::Integer + name: 'unhealthyThreshold' + description: | + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + default_value: 2 + - !ruby/object:Api::Type::Integer + name: 'timeoutSec' + description: | + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + default_value: 5 + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + Specifies the type of the healthCheck, either TCP, SSL, HTTP or + HTTPS. If not specified, the default is TCP. Exactly one of the + protocol-specific health check field must be specified, which must + match type field. + values: + - :TCP + - :SSL + - :HTTP + - :HTTPS + - :HTTP2 + - !ruby/object:Api::Type::NestedObject + name: 'httpHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'host' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + - !ruby/object:Api::Type::String + name: 'requestPath' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The request path of the HTTP health check request. + The default value is /. + default_value: "/" + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + The TCP port number for the HTTP health check request. + The default value is 80. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - http_health_check.0.host + - http_health_check.0.request_path + - http_health_check.0.response + - http_health_check.0.port + - http_health_check.0.port_name + - http_health_check.0.proxy_header + - http_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'httpsHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'host' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + - !ruby/object:Api::Type::String + name: 'requestPath' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The request path of the HTTPS health check request. + The default value is /. + default_value: "/" + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + The TCP port number for the HTTPS health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - https_health_check.0.host + - https_health_check.0.request_path + - https_health_check.0.response + - https_health_check.0.port + - https_health_check.0.port_name + - https_health_check.0.proxy_header + - https_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'tcpHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'request' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + The TCP port number for the TCP health check request. + The default value is 80. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - tcp_health_check.0.request + - tcp_health_check.0.response + - tcp_health_check.0.port + - tcp_health_check.0.port_name + - tcp_health_check.0.proxy_header + - tcp_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'sslHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'request' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + The TCP port number for the SSL health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - ssl_health_check.0.request + - ssl_health_check.0.response + - ssl_health_check.0.port + - ssl_health_check.0.port_name + - ssl_health_check.0.proxy_header + - ssl_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'http2HealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::String + name: 'host' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + - !ruby/object:Api::Type::String + name: 'requestPath' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The request path of the HTTP2 health check request. + The default value is /. + default_value: "/" + - !ruby/object:Api::Type::String + name: 'response' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + The TCP port number for the HTTP2 health check request. + The default value is 443. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + Specifies the type of proxy header to append before sending data to the + backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - http2_health_check.0.host + - http2_health_check.0.request_path + - http2_health_check.0.response + - http2_health_check.0.port + - http2_health_check.0.port_name + - http2_health_check.0.proxy_header + - http2_health_check.0.port_specification + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::NestedObject + name: 'grpcHealthCheck' + exactly_one_of: + - http_health_check + - https_health_check + - http2_health_check + - tcp_health_check + - ssl_health_check + - grpc_health_check + properties: + - !ruby/object:Api::Type::Integer + name: 'port' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + - !ruby/object:Api::Type::String + name: 'portName' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + - !ruby/object:Api::Type::Enum + name: 'portSpecification' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + Specifies how port is selected for health checking, can be one of the + following values: + + * `USE_FIXED_PORT`: The port number in `port` is used for health checking. + + * `USE_NAMED_PORT`: The `portName` is used for health checking. + + * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in `port` and + `portName` fields. + values: + - :USE_FIXED_PORT + - :USE_NAMED_PORT + - :USE_SERVING_PORT + - !ruby/object:Api::Type::String + name: 'grpcServiceName' + at_least_one_of: + - grpc_health_check.0.port + - grpc_health_check.0.port_name + - grpc_health_check.0.port_specification + - grpc_health_check.0.grpc_service_name + description: | + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + + * Empty serviceName means the overall status of all services at the backend. + * Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + + The grpcServiceName can only be ASCII. + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + description: | + Configure logging on this health check. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + description: | + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + default_value: false diff --git a/mmv1/products/compute/RegionInstanceGroupManager.yaml b/mmv1/products/compute/RegionInstanceGroupManager.yaml new file mode 100644 index 000000000000..99f9d3e7ec14 --- /dev/null +++ b/mmv1/products/compute/RegionInstanceGroupManager.yaml @@ -0,0 +1,219 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionInstanceGroupManager' +kind: 'compute#instanceGroupManager' +base_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers +collection_url_key: 'items' +has_self_link: true +description: | + Creates a managed instance group using the information that you specify in + the request. After the group is created, it schedules an action to create + instances in the group using the specified instance template. This + operation is marked as DONE when the group is created even if the + instances in the group have not yet been created. You must separately + verify the status of the individual instances. + + A managed instance group can have up to 1000 VM instances per group. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'The region the managed instance group resides.' + required: true +properties: + - !ruby/object:Api::Type::String + name: 'baseInstanceName' + description: | + The base instance name to use for instances in this group. The value + must be 1-58 characters long. Instances are named by appending a + hyphen and a random four-character string to the base instance name. + The base instance name must comply with RFC1035. + required: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: | + The creation timestamp for this managed instance group in RFC3339 + text format. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'currentActions' + description: | + The list of instance actions and the number of instances in this + managed instance group that are scheduled for each of those actions. + properties: + - !ruby/object:Api::Type::Integer + name: 'abandoning' + description: | + The total number of instances in the managed instance group that + are scheduled to be abandoned. Abandoning an instance removes it + from the managed instance group without deleting it. + output: true + - !ruby/object:Api::Type::Integer + name: 'creating' + description: | + The number of instances in the managed instance group that are + scheduled to be created or are currently being created. If the + group fails to create any of these instances, it tries again until + it creates the instance successfully. + + If you have disabled creation retries, this field will not be + populated; instead, the creatingWithoutRetries field will be + populated. + output: true + - !ruby/object:Api::Type::Integer + name: 'creatingWithoutRetries' + description: | + The number of instances that the managed instance group will + attempt to create. The group attempts to create each instance only + once. If the group fails to create any of these instances, it + decreases the group's targetSize value accordingly. + output: true + - !ruby/object:Api::Type::Integer + name: 'deleting' + description: | + The number of instances in the managed instance group that are + scheduled to be deleted or are currently being deleted. + output: true + - !ruby/object:Api::Type::Integer + name: 'none' + description: | + The number of instances in the managed instance group that are + running and have no scheduled actions. + output: true + - !ruby/object:Api::Type::Integer + name: 'recreating' + description: | + The number of instances in the managed instance group that are + scheduled to be recreated or are currently being being recreated. + Recreating an instance deletes the existing root persistent disk + and creates a new disk from the image that is defined in the + instance template. + output: true + - !ruby/object:Api::Type::Integer + name: 'refreshing' + description: | + The number of instances in the managed instance group that are + being reconfigured with properties that do not require a restart + or a recreate action. For example, setting or removing target + pools for the instance. + output: true + - !ruby/object:Api::Type::Integer + name: 'restarting' + description: | + The number of instances in the managed instance group that are + scheduled to be restarted or are currently being restarted. + output: true + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + immutable: true + # fingerprint ignored as it is an internal locking detail + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'A unique identifier for this resource' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'instanceGroup' + resource: 'InstanceGroup' + imports: 'selfLink' + description: 'The instance group being managed' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'instanceTemplate' + resource: 'InstanceTemplate' + imports: 'selfLink' + description: | + The instance template that is specified for this managed instance + group. The group uses this template to create all new instances in the + managed instance group. + required: true + # kind is internal transport detail + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the managed instance group. The name must be 1-63 + characters long, and comply with RFC1035. + required: true + # TODO(nelsonjr): Make namedPorts a NameValue(name[string], port[integer]) + - !ruby/object:Api::Type::Array + name: 'namedPorts' + description: + Named ports configured for the Instance Groups complementary to this + Instance Group Manager. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this named port. The name must be 1-63 characters + long, and comply with RFC1035. + - !ruby/object:Api::Type::Integer + name: 'port' + description: + The port number, which can be a value between 1 and 65535. + - !ruby/object:Api::Type::Array + name: 'targetPools' + description: | + TargetPool resources to which instances in the instanceGroup field are + added. The target pools automatically apply to all of the instances in + the managed instance group. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'targetPool' + description: 'The targetPool to receive managed instances.' + resource: 'TargetPool' + imports: 'selfLink' + - !ruby/object:Api::Type::Integer + name: 'targetSize' + description: | + The target number of running instances for this managed instance + group. Deleting or abandoning instances reduces this number. Resizing + the group changes this number. + - !ruby/object:Api::Type::Array + name: 'autoHealingPolicies' + description: | + The autohealing policy for this managed instance group + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'healthCheck' + description: | + The URL for the health check that signals autohealing. + - !ruby/object:Api::Type::Integer + name: 'initialDelaySec' + description: | + The number of seconds that the managed instance group waits + before it applies autohealing policies to new instances or recently recreated instances diff --git a/mmv1/products/compute/RegionNetworkEndpointGroup.yaml b/mmv1/products/compute/RegionNetworkEndpointGroup.yaml new file mode 100644 index 000000000000..2915461128a6 --- /dev/null +++ b/mmv1/products/compute/RegionNetworkEndpointGroup.yaml @@ -0,0 +1,248 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionNetworkEndpointGroup' +kind: 'compute#networkEndpointGroup' +base_url: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups' +immutable: true +has_self_link: true +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups' +description: | + A regional NEG that can support Serverless Products. + + Recreating a region network endpoint group that's in use by another resource will give a + `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` + to avoid this type of error. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + A reference to the region where the Serverless NEGs Reside. + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + - !ruby/object:Api::Type::Enum + name: 'networkEndpointType' + description: | + Type of network endpoints in this network endpoint group. Defaults to SERVERLESS + values: + - :SERVERLESS + - :PRIVATE_SERVICE_CONNECT + default_value: :SERVERLESS + - !ruby/object:Api::Type::String + name: 'pscTargetService' + description: | + The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + - !ruby/object:Api::Type::ResourceRef + name: 'subnetwork' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + - !ruby/object:Api::Type::NestedObject + name: 'cloudRun' + conflicts: + - cloud_function + - app_engine + - serverless_deployment + description: | + Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + - !ruby/object:Api::Type::String + name: 'service' + at_least_one_of: + - cloud_run.0.service + - cloud_run.0.url_mask + description: | + Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + - !ruby/object:Api::Type::String + name: 'tag' + description: | + Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + - !ruby/object:Api::Type::String + name: 'urlMask' + at_least_one_of: + - cloud_run.0.service + - cloud_run.0.url_mask + description: | + A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + - !ruby/object:Api::Type::NestedObject + name: 'appEngine' + conflicts: + - cloud_run + - cloud_function + - serverless_deployment + allow_empty_object: true + description: | + Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + - !ruby/object:Api::Type::String + name: 'service' + description: | + Optional serving service. + The service name must be 1-63 characters long, and comply with RFC1035. + Example value: "default", "my-service". + - !ruby/object:Api::Type::String + name: 'version' + description: | + Optional serving version. + The version must be 1-63 characters long, and comply with RFC1035. + Example value: "v1", "v2". + - !ruby/object:Api::Type::String + name: 'urlMask' + description: | + A template to parse service and version fields from a request URL. + URL mask allows for routing to multiple App Engine services without + having to create multiple Network Endpoint Groups and backend services. + + For example, the request URLs "foo1-dot-appname.appspot.com/v1" and + "foo1-dot-appname.appspot.com/v2" can be backed by the same Serverless NEG with + URL mask "-dot-appname.appspot.com/". The URL mask will parse + them to { service = "foo1", version = "v1" } and { service = "foo1", version = "v2" } respectively. + - !ruby/object:Api::Type::NestedObject + name: 'cloudFunction' + conflicts: + - cloud_run + - app_engine + - serverless_deployment + description: | + Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + - !ruby/object:Api::Type::String + name: 'function' + at_least_one_of: + - cloud_function.0.function + - cloud_function.0.url_mask + description: | + A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + - !ruby/object:Api::Type::String + name: 'urlMask' + at_least_one_of: + - cloud_function.0.function + - cloud_function.0.url_mask + description: | + A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + - !ruby/object:Api::Type::NestedObject + name: 'serverlessDeployment' + min_version: beta + conflicts: + - cloud_run + - cloud_function + - app_engine + allow_empty_object: true + description: | + Only valid when networkEndpointType is "SERVERLESS". + Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set. + properties: + - !ruby/object:Api::Type::String + name: 'platform' + required: true + # Docs (https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups) say support is offered for: + # API Gateway: apigateway.googleapis.com, App Engine: appengine.googleapis.com, + # Cloud Functions: cloudfunctions.googleapis.com, Cloud Run: run.googleapis.com + # However, only API Gateway is currently supported + description: | + The platform of the NEG backend target(s). Possible values: + API Gateway: apigateway.googleapis.com + - !ruby/object:Api::Type::String + name: 'resource' + description: | + The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask. + The resource identified by this value is platform-specific and is as follows: API Gateway: The gateway ID, App Engine: The service name, + Cloud Functions: The function name, Cloud Run: The service name + - !ruby/object:Api::Type::String + name: 'version' + description: | + The optional resource version. The version identified by this value is platform-specific and is follows: + API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag + - !ruby/object:Api::Type::String + name: 'urlMask' + required: false + description: | + A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources + on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources. + The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID, + App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag diff --git a/mmv1/products/compute/RegionPerInstanceConfig.yaml b/mmv1/products/compute/RegionPerInstanceConfig.yaml new file mode 100644 index 000000000000..6ad7c2c05474 --- /dev/null +++ b/mmv1/products/compute/RegionPerInstanceConfig.yaml @@ -0,0 +1,184 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionPerInstanceConfig' +base_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}' +description: | + A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name + across instance group manager operations and can define stateful disks or metadata that are unique to the instance. + This resource works with regional instance group managers. +create_verb: :POST +create_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/createInstances +update_verb: :POST +update_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/updatePerInstanceConfigs +delete_verb: :POST +delete_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/deletePerInstanceConfigs +read_verb: :POST +self_link: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/listPerInstanceConfigs +identity: + - name +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - items +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + Region where the containing instance group manager is located + required: true + url_param_only: true + immutable: true + - !ruby/object:Api::Type::ResourceRef + name: 'regionInstanceGroupManager' + resource: 'RegionInstanceGroupManager' + imports: 'name' + description: | + The region instance group manager this instance config is part of. + required: true + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this per-instance config and its corresponding instance. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'preservedState' + description: 'The preserved state for this instance.' + update_verb: :POST + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + Preserved metadata defined for this instance. This is a list of key->value pairs. + - !ruby/object:Api::Type::Array + name: 'disk' + api_name: disks + description: | + Stateful disks for the instance. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: deviceName + required: true + description: | + A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. + - !ruby/object:Api::Type::String + name: source + required: true + description: | + The URI of an existing persistent disk to attach under the specified device-name in the format + `projects/project-id/zones/zone/disks/disk-name`. + - !ruby/object:Api::Type::Enum + name: mode + description: | + The mode of the disk. + values: + - :READ_ONLY + - :READ_WRITE + default_value: :READ_WRITE + - !ruby/object:Api::Type::Enum + name: deleteRule + description: | + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are `NEVER` and `ON_PERMANENT_INSTANCE_DELETION`. + `NEVER` - detach the disk when the VM is deleted, but do not delete the disk. + `ON_PERMANENT_INSTANCE_DELETION` will delete the stateful disk when the VM is permanently + deleted from the instance group. + values: + - :NEVER + - :ON_PERMANENT_INSTANCE_DELETION + default_value: :NEVER + - !ruby/object:Api::Type::Map + name: 'internalIp' + api_name: internalIPs + min_version: beta + key_name: "interface_name" + description: | + Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: autoDelete + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + values: + - :NEVER + - :ON_PERMANENT_INSTANCE_DELETION + default_value: :NEVER + - !ruby/object:Api::Type::NestedObject + name: 'ipAddress' + description: | + Ip address representation + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: | + The URL of the reservation for this IP address. + - !ruby/object:Api::Type::Map + name: 'externalIp' + min_version: beta + api_name: externalIPs + key_name: "interface_name" + description: | + Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: autoDelete + description: | + These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. + values: + - :NEVER + - :ON_PERMANENT_INSTANCE_DELETION + default_value: :NEVER + - !ruby/object:Api::Type::NestedObject + name: 'ipAddress' + description: | + Ip address representation + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: | + The URL of the reservation for this IP address. diff --git a/mmv1/products/compute/RegionSslCertificate.yaml b/mmv1/products/compute/RegionSslCertificate.yaml new file mode 100644 index 000000000000..5d26e25d2f12 --- /dev/null +++ b/mmv1/products/compute/RegionSslCertificate.yaml @@ -0,0 +1,93 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionSslCertificate' +kind: 'compute#sslCertificate' +base_url: projects/{{project}}/regions/{{region}}/sslCertificates +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionSslCertificates' +immutable: true +has_self_link: true +description: | + A RegionSslCertificate resource, used for HTTPS load balancing. This resource + provides a mechanism to upload an SSL key and certificate to + the load balancer to serve secure connections from the user. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + required: true + immutable: true + description: | + The region where the regional ssl certificate resides. +properties: + - !ruby/object:Api::Type::String + name: 'certificate' + description: | + The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + required: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::String + name: 'expireTime' + output: true + description: 'Expire time of the certificate in RFC3339 text format.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::String + name: 'privateKey' + description: 'The write-only private key in PEM format.' + required: true + immutable: true diff --git a/mmv1/products/compute/RegionSslPolicy.yaml b/mmv1/products/compute/RegionSslPolicy.yaml new file mode 100644 index 000000000000..583ef8284008 --- /dev/null +++ b/mmv1/products/compute/RegionSslPolicy.yaml @@ -0,0 +1,135 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionSslPolicy' +kind: 'compute#sslPolicy' +base_url: projects/{{project}}/regions/{{region}}/sslPolicies +collection_url_key: 'items' +update_verb: :PATCH +has_self_link: true +min_version: beta +description: | + Represents a Regional SSL policy. SSL policies give you the ability to control the + features of SSL that your SSL proxy or HTTPS load balancer negotiates. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies' + api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionSslPolicies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + required: true + immutable: true + description: | + The region where the regional SSL policy resides. +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::String + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'profile' + description: | + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using `CUSTOM`, + the set of SSL features to enable must be specified in the + `customFeatures` field. + values: + - :COMPATIBLE + - :MODERN + - :RESTRICTED + - :CUSTOM + - !ruby/object:Api::Type::Enum + name: 'minTlsVersion' + description: | + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. + values: + - :TLS_1_0 + - :TLS_1_1 + - :TLS_1_2 + - !ruby/object:Api::Type::Array + name: 'enabledFeatures' + description: 'The list of features enabled in the SSL policy.' + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'customFeatures' + description: | + A list of features enabled when the selected profile is CUSTOM. The + method returns the set of features that can be specified in this + list. This field must be empty if the profile is not CUSTOM. + item_type: Api::Type::String + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + output: true + - !ruby/object:Api::Type::Array + name: 'warnings' + description: | + If potential misconfigurations are detected for this SSL policy, this + field will be populated with warning messages. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'code' + description: 'A warning code, if applicable.' + output: true + - !ruby/object:Api::Type::String + name: 'message' + description: 'A human-readable description of the warning code.' + output: true diff --git a/mmv1/products/compute/RegionTargetHttpProxy.yaml b/mmv1/products/compute/RegionTargetHttpProxy.yaml new file mode 100644 index 000000000000..79e676ca6187 --- /dev/null +++ b/mmv1/products/compute/RegionTargetHttpProxy.yaml @@ -0,0 +1,86 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionTargetHttpProxy' +base_url: projects/{{project}}/regions/{{region}}/targetHttpProxies +has_self_link: true +immutable: true +description: | + Represents a RegionTargetHttpProxy resource, which is used by one or more + forwarding rules to route incoming HTTP requests to a URL map. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + required: true + immutable: true + description: | + The region where the regional proxy resides. +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'urlMap' + resource: 'RegionUrlMap' + imports: 'selfLink' + description: | + A reference to the RegionUrlMap resource that defines the mapping from URL + to the BackendService. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}/setUrlMap' diff --git a/mmv1/products/compute/RegionTargetHttpsProxy.yaml b/mmv1/products/compute/RegionTargetHttpsProxy.yaml new file mode 100644 index 000000000000..7576c50c8ab7 --- /dev/null +++ b/mmv1/products/compute/RegionTargetHttpsProxy.yaml @@ -0,0 +1,135 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionTargetHttpsProxy' +base_url: projects/{{project}}/regions/{{region}}/targetHttpsProxies +has_self_link: true +immutable: true +description: | + Represents a RegionTargetHttpsProxy resource, which is used by one or more + forwarding rules to route incoming HTTPS requests to a URL map. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + immutable: true + required: true + description: | + The region where the regional proxy resides. +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + # This field is present in the schema but as of 2019 Sep 23 attempting to set it fails with + # a 400 "QUIC override is supported only with global TargetHttpsProxy". jamessynge@ said in an + # email sent on 2019 Sep 20 that support for this "is probably far in the future." + #- !ruby/object:Api::Type::Enum + # name: 'quicOverride' + # description: | + # Specifies the QUIC override policy for this resource. This determines + # whether the load balancer will attempt to negotiate QUIC with clients + # or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + # specified, uses the QUIC policy with no user overrides, which is + # equivalent to DISABLE. Not specifying this field is equivalent to + # specifying NONE. + # values: + # - :NONE + # - :ENABLE + # - :DISABLE + # update_verb: :POST + # update_url: + # 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setQuicOverride' + - !ruby/object:Api::Type::Array + name: 'sslCertificates' + description: | + A list of RegionSslCertificate resources that are used to authenticate + connections between users and the load balancer. Currently, exactly + one SSL certificate must be specified. + required: true + update_verb: :POST + update_url: + 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' + item_type: !ruby/object:Api::Type::ResourceRef + name: 'sslCertificate' + resource: 'RegionSslCertificate' + imports: 'selfLink' + description: 'The SSL certificates used by this TargetHttpsProxy' + - !ruby/object:Api::Type::ResourceRef + name: 'sslPolicy' + resource: 'RegionSslPolicy' + imports: 'selfLink' + min_version: beta + description: | + A reference to the Region SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + # 2022 May 28 - setSslPolicy method not yet listed + # https://cloud.google.com/compute/docs/reference/rest/beta/regionTargetHttpsProxies + # update_verb: :POST + # update_url: + # 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslPolicy' + - !ruby/object:Api::Type::ResourceRef + name: 'urlMap' + resource: 'RegionUrlMap' + imports: 'selfLink' + description: | + A reference to the RegionUrlMap resource that defines the mapping from URL + to the RegionBackendService. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setUrlMap' diff --git a/mmv1/products/compute/RegionTargetTcpProxy.yaml b/mmv1/products/compute/RegionTargetTcpProxy.yaml new file mode 100644 index 000000000000..1e1eaad5dfbb --- /dev/null +++ b/mmv1/products/compute/RegionTargetTcpProxy.yaml @@ -0,0 +1,101 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionTargetTcpProxy' +base_url: projects/{{project}}/regions/{{region}}/targetTcpProxies +has_self_link: true +immutable: true +description: | + Represents a RegionTargetTcpProxy resource, which is used by one or more + forwarding rules to route incoming TCP requests to a regional TCP proxy load + balancer. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/load-balancing/docs/tcp/internal-proxy' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetTcpProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + required: true + immutable: true + description: | + The region where the regional proxy resides. +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'proxyId' + api_name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + description: | + Specifies the type of proxy header to append before sending data to + the backend. + values: + - :NONE + - :PROXY_V1 + default_value: :NONE + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + A reference to the BackendService resource. + required: true + - !ruby/object:Api::Type::Boolean + name: 'proxyBind' + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. diff --git a/mmv1/products/compute/RegionUrlMap.yaml b/mmv1/products/compute/RegionUrlMap.yaml new file mode 100644 index 000000000000..63712fb6415d --- /dev/null +++ b/mmv1/products/compute/RegionUrlMap.yaml @@ -0,0 +1,1899 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RegionUrlMap' +kind: 'compute#urlMap' +base_url: projects/{{project}}/regions/{{region}}/urlMaps +collection_url_key: 'items' +has_self_link: true +description: | + UrlMaps are used to route requests to a backend service based on rules + that you define for the host and path of an incoming URL. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'A reference to the region where the url map resides.' + required: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'defaultService' + exactly_one_of: + - default_service + - default_url_redirect + - default_route_action.0.weighted_backend_services + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The full or partial URL of the defaultService resource to which traffic is directed if + none of the hostRules match. If defaultRouteAction is additionally specified, advanced + routing actions like URL Rewrites, etc. take effect prior to sending the request to the + backend. However, if defaultService is specified, defaultRouteAction cannot contain any + weightedBackendServices. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. + # 'fingerprint' used internally for object consistency. + - !ruby/object:Api::Type::Array + name: 'hostRules' + description: 'The list of HostRules to use against the URL.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this HostRule. Provide this property + when you create the resource. + - !ruby/object:Api::Type::Array + name: 'hosts' + required: true + item_type: Api::Type::String + description: | + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + - !ruby/object:Api::Type::String + name: 'pathMatcher' + required: true + description: | + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::Array + name: 'pathMatchers' + description: 'The list of named PathMatchers to use against the URL.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'defaultService' + # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # TODO: add defaultRouteAction.weightedBackendService here once they are supported. + # exactly_one_of: + # - path_matchers.0.default_service + # - path_matchers.0.default_url_redirect + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + A reference to a RegionBackendService resource. This will be used if + none of the pathRules defined by this PathMatcher is matched by + the URL's path portion. + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name to which this PathMatcher is referred by the HostRule. + - !ruby/object:Api::Type::Array + name: 'routeRules' + description: | + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'priority' + required: true + description: | + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Array + name: 'matchRules' + description: | + The rules for determining a match. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'fullPathMatch' + description: | + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + - !ruby/object:Api::Type::Array + name: 'headerMatches' + description: | + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'exactMatch' + description: | + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + - !ruby/object:Api::Type::Boolean + name: 'invertMatch' + default_value: false + description: | + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + - !ruby/object:Api::Type::String + name: 'prefixMatch' + description: | + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - !ruby/object:Api::Type::Boolean + name: 'presentMatch' + description: | + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - !ruby/object:Api::Type::NestedObject + name: 'rangeMatch' + description: | + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + - !ruby/object:Api::Type::Integer + name: 'rangeEnd' + required: true + description: | + The end of the range (exclusive). + - !ruby/object:Api::Type::Integer + name: 'rangeStart' + required: true + description: | + The start of the range (inclusive). + - !ruby/object:Api::Type::String + name: 'regexMatch' + description: | + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + - !ruby/object:Api::Type::String + name: 'suffixMatch' + description: | + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - !ruby/object:Api::Type::Boolean + name: 'ignoreCase' + default_value: false + description: | + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + - !ruby/object:Api::Type::Array + name: 'metadataFilters' + description: | + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'filterLabels' + min_size: 1 + max_size: 64 + required: true + description: | + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + - !ruby/object:Api::Type::String + name: 'value' + required: true + description: | + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'filterMatchCriteria' + required: true + description: | + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. + values: + - :MATCH_ALL + - :MATCH_ANY + - !ruby/object:Api::Type::String + name: 'prefixMatch' + description: | + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + - !ruby/object:Api::Type::Array + name: 'queryParameterMatches' + description: | + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'exactMatch' + description: | + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + - !ruby/object:Api::Type::Boolean + name: 'presentMatch' + description: | + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + - !ruby/object:Api::Type::String + name: 'regexMatch' + description: | + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + - !ruby/object:Api::Type::String + name: 'regexMatch' + description: | + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + - !ruby/object:Api::Type::NestedObject + name: 'routeAction' + description: | + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + default_value: false + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Headers header. + - !ruby/object:Api::Type::Array + name: 'allowMethods' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Methods header. + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + item_type: Api::Type::String + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + item_type: Api::Type::String + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Boolean + name: 'disabled' + default_value: false + description: | + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Expose-Headers header. + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + description: | + Specifies the value of the fixed delay interval. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The RegionBackendService resource being mirrored to. + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + Specifies the retry policy associated with this route. + properties: + - !ruby/object:Api::Type::Integer + name: 'numRetries' + required: true + description: | + Specifies the allowed number retries. This number must be > 0. + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Array + name: 'retryConditions' + item_type: Api::Type::String + description: | + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The default RegionBackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Integer + name: 'weight' + required: true + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + - !ruby/object:Api::Type::NestedObject + name: 'urlRedirect' + description: | + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + default_value: false + description: | + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + - !ruby/object:Api::Type::Array + name: 'pathRules' + description: | + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + - !ruby/object:Api::Type::Array + name: 'paths' + required: true + item_type: Api::Type::String + description: | + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + - !ruby/object:Api::Type::NestedObject + name: 'routeAction' + description: | + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + default_value: false + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Headers header. + - !ruby/object:Api::Type::Array + name: 'allowMethods' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Methods header. + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + item_type: Api::Type::String + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + item_type: Api::Type::String + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Boolean + name: 'disabled' + required: true + description: | + If true, specifies the CORS policy is disabled. + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Expose-Headers header. + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + required: true + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + required: true + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + required: true + description: | + Specifies the value of the fixed delay interval. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + required: true + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The RegionBackendService resource being mirrored to. + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + Specifies the retry policy associated with this route. + properties: + - !ruby/object:Api::Type::Integer + name: 'numRetries' + description: | + Specifies the allowed number retries. This number must be > 0. + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Array + name: 'retryConditions' + item_type: Api::Type::String + description: | + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The default RegionBackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Integer + name: 'weight' + required: true + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + - !ruby/object:Api::Type::NestedObject + name: 'urlRedirect' + description: | + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + description: | + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + - !ruby/object:Api::Type::NestedObject + name: 'defaultUrlRedirect' + # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # TODO: add defaultRouteAction.weightedBackendService here once they are supported. + # exactly_one_of: + # - path_matchers.0.default_service + # - path_matchers.0.default_url_redirect + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + - !ruby/object:Api::Type::Array + name: 'tests' + description: | + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: 'Description of this test case.' + - !ruby/object:Api::Type::String + name: 'host' + required: true + description: 'Host portion of the URL.' + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: 'Path portion of the URL.' + - !ruby/object:Api::Type::ResourceRef + name: 'service' + required: true + resource: 'RegionBackendService' + imports: 'selfLink' + description: + A reference to expected RegionBackendService resource the given URL + should be mapped to. + - !ruby/object:Api::Type::NestedObject + name: 'defaultUrlRedirect' + exactly_one_of: + - default_service + - default_url_redirect + - default_route_action.0.weighted_backend_services + conflicts: + - default_route_action + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + - !ruby/object:Api::Type::NestedObject + name: 'defaultRouteAction' + conflicts: + - default_url_redirect + description: | + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + description : | + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + exactly_one_of: + - default_service + - default_url_redirect + - default_route_action.0.weighted_backend_services + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::Integer + name: 'weight' + description: | + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request before forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request before forwarding the request to the backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: 'The name of the header.' + - !ruby/object:Api::Type::String + name: 'headerValue' + description: 'The value of the header to add.' + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + default_value: false + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response before sending the response back to the client. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response before sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: 'The name of the header.' + - !ruby/object:Api::Type::String + name: 'headerValue' + description: 'The value of the header to add.' + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + default_value: false + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description : | + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + at_least_one_of: + - default_route_action.0.url_rewrite.0.path_prefix_rewrite + - default_route_action.0.url_rewrite.0.host_rewrite + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + at_least_one_of: + - default_route_action.0.url_rewrite.0.path_prefix_rewrite + - default_route_action.0.url_rewrite.0.host_rewrite + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - default_route_action.0.timeout.0.seconds + - default_route_action.0.timeout.0.nanos + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - default_route_action.0.timeout.0.seconds + - default_route_action.0.timeout.0.nanos + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description : | + Specifies the retry policy associated with this route. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::Array + name: 'retryConditions' + item_type: Api::Type::String + description: | + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + at_least_one_of: + - default_route_action.0.retry_policy.0.retry_conditions + - default_route_action.0.retry_policy.0.num_retries + - default_route_action.0.retry_policy.0.per_try_timeout + - !ruby/object:Api::Type::Integer + name: 'numRetries' + description: | + Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. + default_value: 1 + at_least_one_of: + - default_route_action.0.retry_policy.0.retry_conditions + - default_route_action.0.retry_policy.0.num_retries + - default_route_action.0.retry_policy.0.per_try_timeout + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + at_least_one_of: + - default_route_action.0.retry_policy.0.retry_conditions + - default_route_action.0.retry_policy.0.num_retries + - default_route_action.0.retry_policy.0.per_try_timeout + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds + - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds + - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'RegionBackendService' + imports: 'selfLink' + description: | + The full or partial URL to the RegionBackendService resource being mirrored to. + The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored backend service. + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + description: | + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + description: | + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowMethods' + description: | + Specifies the content for the Access-Control-Allow-Methods header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + description: | + Specifies the content for the Access-Control-Allow-Headers header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + description: | + Specifies the content for the Access-Control-Expose-Headers header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + default_value: false + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect. + default_value: false + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay + - default_route_action.0.fault_injection_policy.0.abort + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + description: | + Specifies the value of the fixed delay interval. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay + - default_route_action.0.fault_injection_policy.0.delay.0.percentage + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay + - default_route_action.0.fault_injection_policy.0.delay.0.percentage + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault injection. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay + - default_route_action.0.fault_injection_policy.0.abort + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + description: | + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.abort.0.http_status + - default_route_action.0.fault_injection_policy.0.abort.0.percentage + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.abort.0.http_status + - default_route_action.0.fault_injection_policy.0.abort.0.percentage diff --git a/mmv1/products/compute/Reservation.yaml b/mmv1/products/compute/Reservation.yaml new file mode 100644 index 000000000000..ae593e574892 --- /dev/null +++ b/mmv1/products/compute/Reservation.yaml @@ -0,0 +1,222 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Reservation' +base_url: projects/{{project}}/zones/{{zone}}/reservations +update_verb: :PATCH +update_url: projects/{{project}}/zones/{{zone}}/reservations/{{name}} +update_mask: true +collection_url_key: 'items' +has_self_link: true +description: | + Represents a reservation resource. A reservation ensures that capacity is + held in a specific zone even if the reserved VMs are not running. + + Reservations apply only to Compute Engine, Cloud Dataproc, and Google + Kubernetes Engine VM usage.Reservations do not apply to `f1-micro` or + `g1-small` machine types, preemptible VMs, sole tenant nodes, or other + services not listed above + like Cloud SQL and Dataflow. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Reserving zonal resources': 'https://cloud.google.com/compute/docs/instances/reserving-zonal-resources' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/reservations' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: | + The zone where the reservation is made. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + output: true + description: | + Creation timestamp in RFC3339 text format. + - !ruby/object:Api::Type::String + name: 'description' + immutable: true + description: | + An optional description of this resource. + - !ruby/object:Api::Type::Integer + name: 'id' + output: true + description: | + The unique identifier for the resource. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::String + name: 'commitment' + output: true + description: | + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + - !ruby/object:Api::Type::Boolean + name: 'specificReservationRequired' + immutable: true + # Not a hard API default, but this should help avoid a unset/true/false + # trinary. + default_value: false + description: | + When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + - !ruby/object:Api::Type::String + name: 'status' + output: true + description: | + The status of the reservation. + - !ruby/object:Api::Type::NestedObject + name: 'shareSettings' + description: | + The share setting for reservations. + properties: + - !ruby/object:Api::Type::Enum + name: 'shareType' + values: + - :LOCAL + - :SPECIFIC_PROJECTS + description: | + Type of sharing for this shared-reservation + - !ruby/object:Api::Type::Map + name: 'projectMap' + description: | + A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. + key_name: id + key_description: | + The project id/number which is deleting or adding to the project list. + value_type: !ruby/object:Api::Type::NestedObject + name: projectConfig + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + description: | + The project id/number should be the same as the key of this project config in the project map. + - !ruby/object:Api::Type::NestedObject + name: 'specificReservation' + required: true + description: | + Reservation for instances with specific machine shapes. + update_verb: :POST + update_url: 'projects/{{project}}/zones/{{zone}}/reservations/{{name}}/resize' + properties: + - !ruby/object:Api::Type::Integer + name: 'count' + required: true + description: | + The number of resources that are allocated. + - !ruby/object:Api::Type::Integer + name: 'inUseCount' + output: true + description: | + How many instances are in use. + - !ruby/object:Api::Type::NestedObject + name: 'instanceProperties' + required: true + immutable: true + description: | + The instance properties for the reservation. + properties: + - !ruby/object:Api::Type::String + name: 'machineType' + required: true + immutable: true + description: | + The name of the machine type to reserve. + - !ruby/object:Api::Type::String + name: 'minCpuPlatform' + immutable: true + description: | + The minimum CPU platform for the reservation. For example, + `"Intel Skylake"`. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + - !ruby/object:Api::Type::Array + name: 'guestAccelerators' + description: | + Guest accelerator type and count. + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'acceleratorType' + required: true + immutable: true + description: | + The full or partial URL of the accelerator type to + attach to this instance. For example: + `projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100` + + If you are creating an instance template, specify only the accelerator name. + - !ruby/object:Api::Type::Integer + name: 'acceleratorCount' + required: true + immutable: true + description: | + The number of the guest accelerator cards exposed to + this instance. + - !ruby/object:Api::Type::Array + name: 'localSsds' + immutable: true + description: | + The amount of local ssd to reserve with each instance. This + reserves disks of type `local-ssd`. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'interface' + immutable: true + default_value: :SCSI + values: + - :SCSI + - :NVME + description: | + The disk interface to use for attaching this disk. + - !ruby/object:Api::Type::Integer + name: 'diskSizeGb' + required: true + immutable: true + description: | + The size of the disk in base-2 GB. diff --git a/mmv1/products/compute/ResourcePolicy.yaml b/mmv1/products/compute/ResourcePolicy.yaml new file mode 100644 index 000000000000..54a9c3b9184f --- /dev/null +++ b/mmv1/products/compute/ResourcePolicy.yaml @@ -0,0 +1,297 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ResourcePolicy' +kind: 'compute#resourcePolicy' +base_url: projects/{{project}}/regions/{{region}}/resourcePolicies +immutable: true +has_self_link: true +collection_url_key: 'items' +description: | + A policy that can be attached to a resource to specify or schedule actions on that resource. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: region + resource: Region + imports: name + description: Region where resource policy resides. + immutable: true + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name of the resource, provided by the client when initially creating + the resource. The resource name must be 1-63 characters long, and comply + with RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])`? which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when you create the resource. + - !ruby/object:Api::Type::NestedObject + name: 'snapshotSchedulePolicy' + conflicts: + - 'group_placement_policy' + - 'instance_schedule_policy' + description: | + Policy for creating snapshots of persistent disks. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'schedule' + description: | + Contains one of an `hourlySchedule`, `dailySchedule`, or `weeklySchedule`. + required: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'hourlySchedule' + description: | + The policy will execute every nth hour starting at the specified time. + exactly_one_of: + - snapshot_schedule_policy.0.schedule.0.hourly_schedule + - snapshot_schedule_policy.0.schedule.0.daily_schedule + - snapshot_schedule_policy.0.schedule.0.weekly_schedule + properties: + - !ruby/object:Api::Type::Integer + name: 'hoursInCycle' + description: | + The number of hours between snapshots. + required: true + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00 + required: true + - !ruby/object:Api::Type::NestedObject + name: 'dailySchedule' + description: | + The policy will execute every nth day at the specified time. + exactly_one_of: + - snapshot_schedule_policy.0.schedule.0.hourly_schedule + - snapshot_schedule_policy.0.schedule.0.daily_schedule + - snapshot_schedule_policy.0.schedule.0.weekly_schedule + properties: + - !ruby/object:Api::Type::Integer + name: 'daysInCycle' + description: | + The number of days between snapshots. + required: true + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'weeklySchedule' + description: | + Allows specifying a snapshot time for each day of the week. + exactly_one_of: + - snapshot_schedule_policy.0.schedule.0.hourly_schedule + - snapshot_schedule_policy.0.schedule.0.daily_schedule + - snapshot_schedule_policy.0.schedule.0.weekly_schedule + properties: + - !ruby/object:Api::Type::Array + name: 'dayOfWeeks' + description: | + May contain up to seven (one for each day of the week) snapshot times. + required: true + min_size: 1 + max_size: 7 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + required: true + - !ruby/object:Api::Type::Enum + name: 'day' + description: | + The day of the week to create the snapshot. e.g. MONDAY + required: true + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: 'retentionPolicy' + description: | + Retention policy applied to snapshots created by this resource policy. + properties: + - !ruby/object:Api::Type::Integer + name: 'maxRetentionDays' + description: | + Maximum age of the snapshot that is allowed to be kept. + required: true + - !ruby/object:Api::Type::Enum + name: 'onSourceDiskDelete' + description: | + Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. + default_value: :KEEP_AUTO_SNAPSHOTS + values: + - :KEEP_AUTO_SNAPSHOTS + - :APPLY_RETENTION_POLICY + - !ruby/object:Api::Type::NestedObject + name: 'snapshotProperties' + description: | + Properties with which the snapshots are created, such as labels. + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + at_least_one_of: + - snapshot_schedule_policy.0.snapshot_properties.0.labels + - snapshot_schedule_policy.0.snapshot_properties.0.storage_locations + - snapshot_schedule_policy.0.snapshot_properties.0.guest_flush + description: | + A set of key-value pairs. + - !ruby/object:Api::Type::Array + name: 'storageLocations' + at_least_one_of: + - snapshot_schedule_policy.0.snapshot_properties.0.labels + - snapshot_schedule_policy.0.snapshot_properties.0.storage_locations + - snapshot_schedule_policy.0.snapshot_properties.0.guest_flush + max_size: 1 + description: | + Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional) + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'guestFlush' + send_empty_value: true + at_least_one_of: + - snapshot_schedule_policy.0.snapshot_properties.0.labels + - snapshot_schedule_policy.0.snapshot_properties.0.storage_locations + - snapshot_schedule_policy.0.snapshot_properties.0.guest_flush + description: | + Whether to perform a 'guest aware' snapshot. + - !ruby/object:Api::Type::String + name: 'chainName' + description: | + Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and comply + with RFC1035. + - !ruby/object:Api::Type::NestedObject + name: 'groupPlacementPolicy' + conflicts: + - 'instance_schedule_policy' + - 'snapshot_schedule_policy' + description: | + Resource policy for instances used for placement configuration. + properties: + - !ruby/object:Api::Type::Integer + name: 'vmCount' + description: | + Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + - !ruby/object:Api::Type::Integer + name: 'availabilityDomainCount' + description: | + The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network + - !ruby/object:Api::Type::Enum + name: 'collocation' + description: | + Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify `COLLOCATED` to enable collocation. Can only be specified with `vm_count`. If compute instances are created + with a COLLOCATED policy, then exactly `vm_count` instances must be created at the same time with the resource policy + attached. + values: + - :COLLOCATED + - !ruby/object:Api::Type::Integer + name: 'maxDistance' + min_version: 'beta' + description: | + Specifies the number of max logical switches. + - !ruby/object:Api::Type::NestedObject + name: 'instanceSchedulePolicy' + conflicts: + - 'snapshot_schedule_policy' + - 'group_placement_policy' + description: | + Resource policy for scheduling instance operations. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'vmStartSchedule' + at_least_one_of: + - instance_schedule_policy.0.vm_start_schedule + - instance_schedule_policy.0.vm_stop_schedule + description: | + Specifies the schedule for starting instances. + properties: + - !ruby/object:Api::Type::String + name: 'schedule' + description: | + Specifies the frequency for the operation, using the unix-cron format. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'vmStopSchedule' + at_least_one_of: + - instance_schedule_policy.0.vm_start_schedule + - instance_schedule_policy.0.vm_stop_schedule + description: | + Specifies the schedule for stopping instances. + properties: + - !ruby/object:Api::Type::String + name: 'schedule' + description: | + Specifies the frequency for the operation, using the unix-cron format. + required: true + - !ruby/object:Api::Type::String + name: 'timeZone' + description: | + Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + required: true + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + The start time of the schedule. The timestamp is an RFC3339 string. + - !ruby/object:Api::Type::String + name: 'expirationTime' + description: | + The expiration time of the schedule. The timestamp is an RFC3339 string. diff --git a/mmv1/products/compute/Route.yaml b/mmv1/products/compute/Route.yaml new file mode 100644 index 000000000000..4a7f19e65c19 --- /dev/null +++ b/mmv1/products/compute/Route.yaml @@ -0,0 +1,205 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Route' +kind: 'compute#route' +base_url: projects/{{project}}/global/routes +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a Route resource. + + A route is a rule that specifies how certain packets should be handled by + the virtual network. Routes are associated with virtual machines by tag, + and the set of routes for a particular virtual machine is called its + routing table. For each packet leaving a virtual machine, the system + searches that virtual machine's routing table for a single best matching + route. + + Routes match packets by destination IP address, preferring smaller or more + specific ranges over larger ones. If there is a tie, the system selects + the route with the smallest priority value. If there is still a tie, it + uses the layer three and four packet headers to select just one of the + remaining matching routes. The packet is then forwarded as specified by + the next_hop field of the winning route -- either to another virtual + machine destination, a virtual machine gateway or a Compute + Engine-operated gateway. Packets that do not match any route in the + sending virtual machine's routing table will be dropped. + + A Route resource must have exactly one specification of either + nextHopGateway, nextHopInstance, nextHopIp, nextHopVpnTunnel, or + nextHopIlb. + +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Routes': 'https://cloud.google.com/vpc/docs/using-routes' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routes' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: 'destRange' + description: | + The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property + when you create the resource. + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the + last character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: 'The network that this route applies to.' + immutable: true + required: true + - !ruby/object:Api::Type::Integer + name: 'priority' + description: | + The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + immutable: true + - !ruby/object:Api::Type::Array + name: 'tags' + description: 'A list of instance tags to which this route applies.' + item_type: Api::Type::String + immutable: true + - !ruby/object:Api::Type::String + name: 'nextHopGateway' + immutable: true + exactly_one_of: + - next_hop_gateway + - next_hop_instance + - next_hop_ip + - next_hop_vpn_tunnel + - next_hop_ilb + description: | + URL to a gateway that should handle matching packets. + + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + + * https://www.googleapis.com/compute/v1/projects/project/ + global/gateways/default-internet-gateway + * projects/project/global/gateways/default-internet-gateway + * global/gateways/default-internet-gateway + - !ruby/object:Api::Type::ResourceRef + name: 'nextHopInstance' + resource: 'Instance' + imports: 'selfLink' + immutable: true + exactly_one_of: + - next_hop_gateway + - next_hop_instance + - next_hop_ip + - next_hop_vpn_tunnel + - next_hop_ilb + description: | + URL to an instance that should handle matching packets. + You can specify this as a full or partial URL. For example: + + * https://www.googleapis.com/compute/v1/projects/project/zones/zone/ + instances/instance + * projects/project/zones/zone/instances/instance + * zones/zone/instances/instance + - !ruby/object:Api::Type::String + name: 'nextHopIp' + description: | + Network IP address of an instance that should handle matching packets. + immutable: true + exactly_one_of: + - next_hop_gateway + - next_hop_instance + - next_hop_ip + - next_hop_vpn_tunnel + - next_hop_ilb + - !ruby/object:Api::Type::ResourceRef + name: 'nextHopVpnTunnel' + resource: 'VpnTunnel' + imports: 'selfLink' + immutable: true + exactly_one_of: + - next_hop_gateway + - next_hop_instance + - next_hop_ip + - next_hop_vpn_tunnel + - next_hop_ilb + description: | + URL to a VpnTunnel that should handle matching packets. + - !ruby/object:Api::Type::String + name: 'nextHopNetwork' + output: true + description: | + URL to a Network that should handle matching packets. + - !ruby/object:Api::Type::String + name: 'nextHopIlb' + description: | + The IP address or URL to a forwarding rule of type + loadBalancingScheme=INTERNAL that should handle matching + packets. + + With the GA provider you can only specify the forwarding + rule as a partial or full URL. For example, the following + are all valid values: + * 10.128.0.56 + * https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule + * regions/region/forwardingRules/forwardingRule + + When the beta provider, you can also specify the IP address + of a forwarding rule from the same VPC or any peered VPC. + + Note that this can only be used when the destinationRange is + a public (non-RFC 1918) IP CIDR range. + immutable: true + exactly_one_of: + - next_hop_gateway + - next_hop_instance + - next_hop_ip + - next_hop_vpn_tunnel + - next_hop_ilb diff --git a/mmv1/products/compute/Router.yaml b/mmv1/products/compute/Router.yaml new file mode 100644 index 000000000000..da66357e9189 --- /dev/null +++ b/mmv1/products/compute/Router.yaml @@ -0,0 +1,172 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Router' +kind: 'compute#router' +base_url: projects/{{project}}/regions/{{region}}/routers +collection_url_key: 'items' +# Since Terraform has separate resources for router, router interface, and +# router peer, calling PUT on the router will delete the interface and peer. +# Use patch instead. +update_verb: :PATCH +has_self_link: true +description: | + Represents a Router resource. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: region + resource: Region + imports: name + description: Region where the router resides. + immutable: true + required: true +properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: name + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: description + description: | + An optional description of this resource. + send_empty_value: true + - !ruby/object:Api::Type::ResourceRef + name: network + resource: Network + imports: 'selfLink' + description: | + A reference to the network to which this router belongs. + required: true + immutable: true + # TODO: Figure out the story for interfaces/bgpPeers. Right + # now in Terraform we have three separate resources: router, + # router_interface, and router_peer. Decide whether we want to keep that + # pattern for the other providers, keep it unique for Terraform, or add + # these fields to the Terraform resource (and then within that, decide + # whether to deprecate router_interface and router_peer or leave them + # alone). + - !ruby/object:Api::Type::NestedObject + name: bgp + description: | + BGP information specific to this router. + send_empty_value: true + properties: + - !ruby/object:Api::Type::Integer + name: asn + description: | + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + required: true + - !ruby/object:Api::Type::Enum + name: advertiseMode + description: | + User-specified flag to indicate which mode to use for advertisement. + values: + - :DEFAULT + - :CUSTOM + default_value: :DEFAULT + - !ruby/object:Api::Type::Array + name: advertisedGroups + description: | + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS + item_type: Api::Type::String # TODO(#324): enum? + send_empty_value: true + - !ruby/object:Api::Type::Array + name: advertisedIpRanges + description: | + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + send_empty_value: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: range + required: true + description: | + The IP range to advertise. The value must be a + CIDR-formatted string. + send_empty_value: true + - !ruby/object:Api::Type::String + name: description + description: | + User-specified description for the IP range. + send_empty_value: true + - !ruby/object:Api::Type::Integer + name: keepaliveInterval + description: | + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + default_value: 20 + - !ruby/object:Api::Type::Boolean + name: encryptedInterconnectRouter + immutable: true + description: | + Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). diff --git a/mmv1/products/compute/RouterBgpPeer.yaml b/mmv1/products/compute/RouterBgpPeer.yaml new file mode 100644 index 000000000000..6da17f354331 --- /dev/null +++ b/mmv1/products/compute/RouterBgpPeer.yaml @@ -0,0 +1,235 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RouterBgpPeer' +base_url: projects/{{project}}/regions/{{region}}/routers/{{router}} +self_link: projects/{{project}}/regions/{{region}}/routers/{{router}} +create_verb: :PATCH +update_verb: :PATCH +delete_verb: :PATCH +identity: + - name +nested_query: !ruby/object:Api::Resource::NestedQuery + modify_by_patch: true + keys: + - bgpPeers +description: | + BGP information that must be configured into the routing stack to + establish BGP peering. This information must specify the peer ASN + and either the interface name, IP address, or peer IP address. + Please refer to RFC4273. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'router' + resource: 'Router' + imports: 'name' + description: | + The name of the Cloud Router in which this BgpPeer will be configured. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: region + resource: Region + imports: name + description: Region where the router and BgpPeer reside. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of this BGP peer. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'interfaceName' + description: | + Name of the interface the BGP peer is associated with. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: | + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + - !ruby/object:Api::Type::String + name: 'peerIpAddress' + description: | + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + required: true + - !ruby/object:Api::Type::Integer + name: 'peerAsn' + description: | + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + required: true + - !ruby/object:Api::Type::Integer + name: 'advertisedRoutePriority' + description: | + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + send_empty_value: true + - !ruby/object:Api::Type::Enum + name: advertiseMode + description: | + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: `DEFAULT`, `CUSTOM` + values: + - :DEFAULT + - :CUSTOM + default_value: :DEFAULT + - !ruby/object:Api::Type::Array + name: advertisedGroups + description: | + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * `ALL_SUBNETS`: Advertises all available subnets, including peer VPC subnets. + * `ALL_VPC_SUBNETS`: Advertises the router's own VPC subnets. + * `ALL_PEER_VPC_SUBNETS`: Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is `CUSTOM` + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + send_empty_value: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: advertisedIpRanges + description: | + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is `CUSTOM` and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + send_empty_value: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: range + required: true + description: | + The IP range to advertise. The value must be a + CIDR-formatted string. + - !ruby/object:Api::Type::String + name: description + description: | + User-specified description for the IP range. + send_empty_value: true + - !ruby/object:Api::Type::String + name: 'managementType' + description: | + The resource that configures and manages this BGP peer. + + * `MANAGED_BY_USER` is the default value and can be managed by + you or other users + * `MANAGED_BY_ATTACHMENT` is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + output: true + - !ruby/object:Api::Type::NestedObject + name: bfd + description: | + BFD configuration for the BGP peering. + properties: + - !ruby/object:Api::Type::Enum + name: sessionInitializationMode + description: | + The BFD session initialization mode for this BGP peer. + If set to `ACTIVE`, the Cloud Router will initiate the BFD session + for this BGP peer. If set to `PASSIVE`, the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to `DISABLED`, BFD is disabled for this BGP peer. + values: + - :ACTIVE + - :DISABLED + - :PASSIVE + required: true + - !ruby/object:Api::Type::Integer + name: minTransmitInterval + description: | + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + default_value: 1000 + - !ruby/object:Api::Type::Integer + name: minReceiveInterval + description: | + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + default_value: 1000 + - !ruby/object:Api::Type::Integer + name: multiplier + description: | + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + default_value: 5 + - !ruby/object:Api::Type::Boolean + name: 'enable' + description: | + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + default_value: true + - !ruby/object:Api::Type::ResourceRef + name: 'routerApplianceInstance' + resource: 'Instance' + imports: 'selfLink' + description: | + The URI of the VM instance that is used as third-party router appliances + such as Next Gen Firewalls, Virtual Routers, or Router Appliances. + The VM instance must be located in zones contained in the same region as + this Cloud Router. The VM instance is the peer side of the BGP session. diff --git a/mmv1/products/compute/RouterNat.yaml b/mmv1/products/compute/RouterNat.yaml new file mode 100644 index 000000000000..7a56206f5154 --- /dev/null +++ b/mmv1/products/compute/RouterNat.yaml @@ -0,0 +1,296 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'RouterNat' +base_url: projects/{{project}}/regions/{{region}}/routers/{{router}} +self_link: projects/{{project}}/regions/{{region}}/routers/{{router}} +create_url: projects/{{project}}/regions/{{region}}/routers/{{router}} +update_url: projects/{{project}}/regions/{{region}}/routers/{{router}} +delete_url: projects/{{project}}/regions/{{region}}/routers/{{router}} +create_verb: :PATCH +update_verb: :PATCH +delete_verb: :PATCH +identity: + - name +collection_url_key: nats +nested_query: !ruby/object:Api::Resource::NestedQuery + modify_by_patch: true + keys: + - nats +description: | + A NAT service created in a router. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Google Cloud Router': 'https://cloud.google.com/router/docs/' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'router' + resource: 'Router' + imports: 'name' + description: | + The name of the Cloud Router in which this NAT will be configured. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::ResourceRef + name: region + resource: Region + imports: name + description: Region where the router and NAT reside. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the NAT service. The name must be 1-63 characters long and + comply with RFC1035. + required: true + immutable: true + - !ruby/object:Api::Type::Enum + name: 'natIpAllocateOption' + required: true + description: | + How external IPs should be allocated for this NAT. Valid values are + `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud + Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. + values: + - :MANUAL_ONLY + - :AUTO_ONLY + - !ruby/object:Api::Type::Array + name: 'natIps' + description: | + Self-links of NAT IPs. Only valid if natIpAllocateOption + is set to MANUAL_ONLY. + send_empty_value: true + item_type: !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: 'A reference to an address associated with this NAT' + - !ruby/object:Api::Type::Array + name: 'drainNatIps' + description: | + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. + send_empty_value: true + item_type: !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: 'A reference to an address associated with this NAT' + - !ruby/object:Api::Type::Enum + name: 'sourceSubnetworkIpRangesToNat' + required: true + description: | + How NAT should be configured per Subnetwork. + If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the + IP ranges in every Subnetwork are allowed to Nat. + If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP + ranges in every Subnetwork are allowed to Nat. + `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. + values: + - :ALL_SUBNETWORKS_ALL_IP_RANGES + - :ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES + - :LIST_OF_SUBNETWORKS + - !ruby/object:Api::Type::Array + name: subnetwork + api_name: 'subnetworks' + send_empty_value: true + description: | + One or more subnetwork NAT configurations. Only used if + `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS` + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'name' + resource: 'Subnetwork' + imports: 'selfLink' + description: 'Self-link of subnetwork to NAT' + required: true + - !ruby/object:Api::Type::Array + name: 'sourceIpRangesToNat' + description: | + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + `ALL_IP_RANGES`, `LIST_OF_SECONDARY_IP_RANGES`, + `PRIMARY_IP_RANGE`. + required: true + min_size: 1 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'secondaryIpRangeNames' + description: | + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + `LIST_OF_SECONDARY_IP_RANGES` is one of the values in + sourceIpRangesToNat + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: minPortsPerVm + description: | + Minimum number of ports allocated to a VM from this NAT. + - !ruby/object:Api::Type::Integer + name: maxPortsPerVm + description: | + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + - !ruby/object:Api::Type::Boolean + name: enableDynamicPortAllocation + description: | + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + - !ruby/object:Api::Type::Integer + name: udpIdleTimeoutSec + description: | + Timeout (in seconds) for UDP connections. Defaults to 30s if not set. + default_value: 30 + - !ruby/object:Api::Type::Integer + name: icmpIdleTimeoutSec + description: | + Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. + default_value: 30 + - !ruby/object:Api::Type::Integer + name: tcpEstablishedIdleTimeoutSec + description: | + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + default_value: 1200 + - !ruby/object:Api::Type::Integer + name: tcpTransitoryIdleTimeoutSec + description: | + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + default_value: 30 + - !ruby/object:Api::Type::Integer + name: tcpTimeWaitTimeoutSec + description: | + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + default_value: 120 + - !ruby/object:Api::Type::NestedObject + name: logConfig + description: | + Configuration for logging on NAT + send_empty_value: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + description: | + Indicates whether or not to export logs. + required: true + - !ruby/object:Api::Type::Enum + name: 'filter' + description: | + Specifies the desired filtering of logs on this NAT. + required: true + values: + - :ERRORS_ONLY + - :TRANSLATIONS_ONLY + - :ALL + - !ruby/object:Api::Type::Array + name: rules + description: 'A list of rules associated with this NAT.' + send_empty_value: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'ruleNumber' + description: | + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + required: true + send_empty_value: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this rule.' + - !ruby/object:Api::Type::String + name: 'match' + description: | + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'" + required: true + - !ruby/object:Api::Type::NestedObject + name: 'action' + description: 'The action to be enforced for traffic that matches this rule.' + properties: + - !ruby/object:Api::Type::Array + name: 'sourceNatActiveIps' + description: | + A list of URLs of the IP resources used for this NAT rule. + These IP addresses must be valid static external IP addresses assigned to the project. + This field is used for public NAT. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: 'A reference to an address associated with this NAT' + - !ruby/object:Api::Type::Array + name: 'sourceNatDrainIps' + description: | + A list of URLs of the IP resources to be drained. + These IPs must be valid static external IPs that have been assigned to the NAT. + These IPs should be used for updating/patching a NAT rule only. + This field is used for public NAT. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'address' + resource: 'Address' + imports: 'selfLink' + description: 'A reference to an address associated with this NAT' + - !ruby/object:Api::Type::Boolean + name: enableEndpointIndependentMapping + description: | + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + default_value: true + send_empty_value: true diff --git a/mmv1/products/compute/SecurityPolicy.yaml b/mmv1/products/compute/SecurityPolicy.yaml new file mode 100644 index 000000000000..bc1b051314cb --- /dev/null +++ b/mmv1/products/compute/SecurityPolicy.yaml @@ -0,0 +1,113 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SecurityPolicy' +kind: 'compute#securityPolicy' +base_url: projects/{{project}}/global/securityPolicies +collection_url_key: 'items' +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/armor/docs/security-policy-concepts' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies' +description: | + Represents a Cloud Armor Security Policy resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the security policy.' + required: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Array + name: 'rules' + description: | + A list of rules that belong to this policy. + There must always be a default rule (rule with priority 2147483647 and match "*"). + If no rules are provided when creating a security policy, a default rule with action "allow" will be added. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the rule. + - !ruby/object:Api::Type::Integer + name: 'priority' + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest prority. + - !ruby/object:Api::Type::String + name: 'action' + description: | + The Action to preform when the client connection triggers the rule. Can currently be either + "allow" or "deny()" where valid values for status are 403, 404, and 502. + - !ruby/object:Api::Type::Boolean + name: 'preview' + description: | + If set to true, the specified action is not enforced. + - !ruby/object:Api::Type::NestedObject + name: 'match' + description: + A match condition that incoming traffic is evaluated against. If it evaluates to true, + the corresponding 'action' is enforced. + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the rule. + - !ruby/object:Api::Type::NestedObject + name: 'expr' + description: + User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, + source.region_code and contents in the request header. + properties: + - !ruby/object:Api::Type::String + name: 'expression' + description: | + Textual representation of an expression in Common Expression Language syntax. + - !ruby/object:Api::Type::String + name: 'title' + description: | + Optional. Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Optional. Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: 'location' + description: | + Optional. String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + - !ruby/object:Api::Type::String + name: 'versionedExpr' + description: | + Preconfigured versioned expression. If this field is specified, config must also be specified. + Available preconfigured expressions along with their requirements are: `SRC_IPS_V1` - must specify + the corresponding srcIpRange field in config. + - !ruby/object:Api::Type::NestedObject + name: 'config' + description: + The configuration options available when specifying versionedExpr. This field must be specified + if versionedExpr is specified and cannot be specified if versionedExpr is not specified. + properties: + - !ruby/object:Api::Type::Array + name: 'srcIpRanges' + description: | + CIDR IP address range. + item_type: Api::Type::String diff --git a/mmv1/products/compute/ServiceAttachment.yaml b/mmv1/products/compute/ServiceAttachment.yaml new file mode 100644 index 000000000000..16e11fd3998d --- /dev/null +++ b/mmv1/products/compute/ServiceAttachment.yaml @@ -0,0 +1,162 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ServiceAttachment' +kind: 'compute#ServiceAttachment' +base_url: projects/{{project}}/regions/{{region}}/serviceAttachments +has_self_link: true +update_verb: :PATCH +description: | + Represents a ServiceAttachment resource. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configuring Private Service Connect to access services': 'https://cloud.google.com/vpc/docs/configure-private-service-connect-services' + api: 'https://cloud.google.com/compute/docs/reference/beta/serviceAttachments' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + URL of the region where the resource resides. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` + which means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + immutable: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + Fingerprint of this resource. This field is used internally during + updates of this resource. + - !ruby/object:Api::Type::String + name: 'connectionPreference' + required: true + description: | + The connection preference to use for this service attachment. Valid + values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL". + - !ruby/object:Api::Type::Array + name: 'connectedEndpoints' + output: true + description: | + An array of the consumer forwarding rules connected to this service + attachment. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'endpoint' + output: true + description: | + The URL of the consumer forwarding rule. + - !ruby/object:Api::Type::String + name: 'status' + output: true + description: | + The status of the connection from the consumer forwarding rule to + this service attachment. + - !ruby/object:Api::Type::ResourceRef + name: targetService + required: true + immutable: true + resource: 'ForwardingRule' + imports: 'selfLink' + description: | + The URL of a forwarding rule that represents the service identified by + this service attachment. + - !ruby/object:Api::Type::Array + name: 'natSubnets' + required: true + send_empty_value: true + description: | + An array of subnets that is provided for NAT in this service attachment. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'subnet' + resource: 'Subnetwork' + imports: 'selfLink' + description: | + A subnet that is provided for NAT in this service attachment. + - !ruby/object:Api::Type::Boolean + name: 'enableProxyProtocol' + required: true + immutable: true + description: | + If true, enable the proxy protocol which is for supplying client TCP/IP + address data in TCP connections that traverse proxies on their way to + destination servers. + - !ruby/object:Api::Type::Array + name: 'domainNames' + immutable: true + item_type: Api::Type::String + description: | + If specified, the domain name will be used during the integration between + the PSC connected endpoints and the Cloud DNS. For example, this is a + valid domain name: "p.mycompany.com.". Current max number of domain names + supported is 1. + - !ruby/object:Api::Type::Array + name: 'consumerRejectLists' + item_type: Api::Type::String + send_empty_value: true + description: | + An array of projects that are not allowed to connect to this service + attachment. + - !ruby/object:Api::Type::Array + name: 'consumerAcceptLists' + description: | + An array of projects that are allowed to connect to this service + attachment. + send_empty_value: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'projectIdOrNum' + required: true + description: | + A project that is allowed to connect to this service attachment. + - !ruby/object:Api::Type::Integer + name: 'connectionLimit' + required: true + description: | + The number of consumer forwarding rules the consumer project can + create. diff --git a/mmv1/products/compute/Snapshot.yaml b/mmv1/products/compute/Snapshot.yaml new file mode 100644 index 000000000000..5725e57943ca --- /dev/null +++ b/mmv1/products/compute/Snapshot.yaml @@ -0,0 +1,225 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Snapshot' +kind: 'compute#snapshot' +immutable: true +base_url: projects/{{project}}/global/snapshots +create_url: projects/{{project}}/zones/{{zone}}/disks/{{sourceDisk}}/createSnapshot +collection_url_key: 'items' +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/disks/create-snapshots' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/snapshots' +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: false + parent_resource_attribute: 'name' + import_format: ["projects/{{project}}/global/snapshots/{{name}}", "{{name}}"] +description: | + Represents a Persistent Disk Snapshot resource. + + Use snapshots to back up data from your persistent disks. Snapshots are + different from public images and custom images, which are used primarily + to create instances or configure instance templates. Snapshots are useful + for periodic backup of the data on your persistent disks. You can create + snapshots from persistent disks even while they are attached to running + instances. + + Snapshots are incremental, so you can create regular snapshots on a + persistent disk faster and at a much lower cost than if you regularly + created a full image of the disk. +# 'createSnapshot' is a zonal operation while 'snapshot.delete' is a global +# operation. we'll leave the object as global operation and use the disk's +# zonal operation for the create action. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + full_url: 'selfLink' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'sourceDisk' + resource: 'Disk' + imports: 'name' + description: 'A reference to the disk used to create this snapshot.' + immutable: true + required: true + # ignore_read in providers - this is only used in Create + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: 'A reference to the zone where the disk is hosted.' + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'snapshotEncryptionKey' + description: | + Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + - !ruby/object:Api::Type::String + name: 'sha256' + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + output: true + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + - !ruby/object:Api::Type::NestedObject + # ignore_read in providers - this is only used in Create + name: 'sourceDiskEncryptionKey' + description: | + The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + - !ruby/object:Api::Type::String + name: 'rawKey' + description: | + Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + # The docs list this field but it is never returned. + - !ruby/object:Api::Type::String + name: 'sha256' + exclude: true + output: true + description: | + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + - !ruby/object:Api::Type::String + # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules + name: 'kmsKeyName' + description: | + The name of the encryption key that is stored in Google Cloud KMS. + - !ruby/object:Api::Type::String + name: 'kmsKeyServiceAccount' + description: | + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + # 'status' not useful for object convergence. + - !ruby/object:Api::Type::Integer + name: 'diskSizeGb' + description: 'Size of the snapshot, specified in GB.' + output: true + - !ruby/object:Api::Type::String + name: 'chainName' + description: | + Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and + comply with RFC1035. This is an uncommon option only for advanced + service owners who needs to create separate snapshot chains, for + example, for chargeback tracking. When you describe your snapshot + resource, this field is visible only if it has a non-empty value. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource; provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::String + name: 'description' + immutable: true + description: 'An optional description of this resource.' + # 'sourceDiskId' not useful for object convergence. + - !ruby/object:Api::Type::Integer + name: 'storageBytes' + description: | + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + output: true + # 'storageBytesStatus' not useful for object convergence. + - !ruby/object:Api::Type::Array + name: 'storageLocations' + description: | + Cloud Storage bucket storage location of the snapshot (regional or multi-regional). + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'licenses' + output: true + description: | + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'license' + resource: 'License' + imports: 'selfLink' + description: 'A reference to a license associated with this snapshot' + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels to apply to this Snapshot. + update_verb: :POST + update_url: 'projects/{{project}}/global/snapshots/{{name}}/setLabels' + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/global/snapshots/{{name}}/setLabels' + update_verb: :POST diff --git a/mmv1/products/compute/SslCertificate.yaml b/mmv1/products/compute/SslCertificate.yaml new file mode 100644 index 000000000000..991dd9e198e7 --- /dev/null +++ b/mmv1/products/compute/SslCertificate.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SslCertificate' +kind: 'compute#sslCertificate' +base_url: projects/{{project}}/global/sslCertificates +collection_url_key: 'items' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates' +immutable: true +has_self_link: true +description: | + An SslCertificate resource, used for HTTPS load balancing. This resource + provides a mechanism to upload an SSL key and certificate to + the load balancer to serve secure connections from the user. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: 'certificate' + description: | + The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + required: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::String + name: 'expireTime' + output: true + description: 'Expire time of the certificate in RFC3339 text format.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + - !ruby/object:Api::Type::String + name: 'privateKey' + description: 'The write-only private key in PEM format.' + required: true + immutable: true diff --git a/mmv1/products/compute/SslPolicy.yaml b/mmv1/products/compute/SslPolicy.yaml new file mode 100644 index 000000000000..63e06e8376af --- /dev/null +++ b/mmv1/products/compute/SslPolicy.yaml @@ -0,0 +1,126 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SslPolicy' +kind: 'compute#sslPolicy' +base_url: projects/{{project}}/global/sslPolicies +collection_url_key: 'items' +update_verb: :PATCH +has_self_link: true +description: | + Represents a SSL policy. SSL policies give you the ability to control the + features of SSL that your SSL proxy or HTTPS load balancer negotiates. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + # TODO: profile, minTlsVersion, enabledFeatures, customFeatures, fingerprint, warnings, kind + - !ruby/object:Api::Type::Enum + name: 'profile' + description: | + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using `CUSTOM`, + the set of SSL features to enable must be specified in the + `customFeatures` field. + values: + - :COMPATIBLE + - :MODERN + - :RESTRICTED + - :CUSTOM + - !ruby/object:Api::Type::Enum + name: 'minTlsVersion' + description: | + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. + values: + - :TLS_1_0 + - :TLS_1_1 + - :TLS_1_2 + - !ruby/object:Api::Type::Array + name: 'enabledFeatures' + description: 'The list of features enabled in the SSL policy.' + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'customFeatures' + description: | + A list of features enabled when the selected profile is CUSTOM. The + method returns the set of features that can be specified in this + list. This field must be empty if the profile is not CUSTOM. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'fingerprint' + description: | + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + output: true + - !ruby/object:Api::Type::Array + name: 'warnings' + description: | + If potential misconfigurations are detected for this SSL policy, this + field will be populated with warning messages. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'code' + description: 'A warning code, if applicable.' + output: true + - !ruby/object:Api::Type::String + name: 'message' + description: 'A human-readable description of the warning code.' + output: true diff --git a/mmv1/products/compute/Subnetwork.yaml b/mmv1/products/compute/Subnetwork.yaml new file mode 100644 index 000000000000..620082a8212d --- /dev/null +++ b/mmv1/products/compute/Subnetwork.yaml @@ -0,0 +1,308 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Subnetwork' +kind: 'compute#subnetwork' +base_url: projects/{{project}}/regions/{{region}}/subnetworks +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + A VPC network is a virtual version of the traditional physical networks + that exist within and between physical data centers. A VPC network + provides connectivity for your Compute Engine virtual machine (VM) + instances, Container Engine containers, App Engine Flex services, and + other network-related resources. + + Each GCP project contains one or more VPC networks. Each VPC network is a + global entity spanning all GCP regions. This global VPC network allows VM + instances and other resources to communicate with each other via internal, + private IP addresses. + + Each VPC network is subdivided into subnets, and each subnet is contained + within a single region. You can have more than one subnet in a region for + a given VPC network. Each subnet has a contiguous private RFC1918 IP + space. You create instances, containers, and the like in these subnets. + When you create an instance, you must create it in a subnet, and the + instance draws its internal IP address from that subnet. + + Virtual machine (VM) instances in a VPC network can communicate with + instances in all other subnets of the same VPC network, regardless of + region, using their RFC1918 private IP addresses. You can isolate portions + of the network, even entire subnets, using firewall rules. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + - !ruby/object:Api::Type::String + name: 'gatewayAddress' + description: | + The gateway address for default routes to reach destination addresses + outside this subnetwork. + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'ipCidrRange' + description: | + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/expandIpCidrRange' + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the resource, provided by the client when initially + creating the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The network this subnet belongs to. + Only networks that are in the distributed mode can have subnetworks. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'purpose' + immutable: true + description: | + The purpose of the resource. A subnetwork with purpose set to + INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is + reserved for Internal HTTP(S) Load Balancing. + + If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the `role` field. + - !ruby/object:Api::Type::Enum + name: 'role' + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} + update_id: 'role' + fingerprint_name: 'fingerprint' + values: + - :ACTIVE + - :BACKUP + description: | + The role of subnetwork. Currently, this field is only used when + purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE + or BACKUP. An ACTIVE subnetwork is one that is currently being used + for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that + is ready to be promoted to ACTIVE or is currently draining. + - !ruby/object:Api::Type::Array + name: 'secondaryIpRanges' + description: | + An array of configurations for secondary IP ranges for VM instances + contained in this subnetwork. The primary IP of such VM must belong + to the primary ipCidrRange of the subnetwork. The alias IPs may belong + to either primary or secondary ranges. + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} + update_id: 'secondaryIpRanges' + fingerprint_name: 'fingerprint' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'rangeName' + required: true + description: | + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + - !ruby/object:Api::Type::String + name: 'ipCidrRange' + required: true + description: | + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + - !ruby/object:Api::Type::Boolean + name: 'privateIpGoogleAccess' + description: | + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/setPrivateIpGoogleAccess' + - !ruby/object:Api::Type::String + name: 'privateIpv6GoogleAccess' + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} + description: The private IPv6 google access type for the VMs in this subnet. + fingerprint_name: 'fingerprint' + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + The GCP region for this subnetwork. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} + fingerprint_name: 'fingerprint' + update_id: 'logConfig' + description: | + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the `purpose` of this + subnetwork is `INTERNAL_HTTPS_LOAD_BALANCER` + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' + description: If logging is enabled for this subnetwork + - !ruby/object:Api::Type::Enum + name: 'aggregationInterval' + at_least_one_of: + - log_config.0.aggregation_interval + - log_config.0.flow_sampling + - log_config.0.metadata + - log_config.0.filterExpr + description: | + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. + values: + - :INTERVAL_5_SEC + - :INTERVAL_30_SEC + - :INTERVAL_1_MIN + - :INTERVAL_5_MIN + - :INTERVAL_10_MIN + - :INTERVAL_15_MIN + default_value: :INTERVAL_5_SEC + - !ruby/object:Api::Type::Double + name: 'flowSampling' + at_least_one_of: + - log_config.0.aggregation_interval + - log_config.0.flow_sampling + - log_config.0.metadata + - log_config.0.filterExpr + description: | + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + default_value: 0.5 + - !ruby/object:Api::Type::Enum + name: 'metadata' + at_least_one_of: + - log_config.0.aggregation_interval + - log_config.0.flow_sampling + - log_config.0.metadata + - log_config.0.filterExpr + description: | + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. + values: + - :EXCLUDE_ALL_METADATA + - :INCLUDE_ALL_METADATA + - :CUSTOM_METADATA + default_value: :INCLUDE_ALL_METADATA + - !ruby/object:Api::Type::Array + name: 'metadataFields' + description: | + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'filterExpr' + at_least_one_of: + - log_config.0.aggregation_interval + - log_config.0.flow_sampling + - log_config.0.metadata + - log_config.0.filterExpr + description: | + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + default_value: "true" + - !ruby/object:Api::Type::Enum + name: 'stackType' + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} + fingerprint_name: 'fingerprint' + values: + - :IPV4_ONLY + - :IPV4_IPV6 + description: | + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. + - !ruby/object:Api::Type::Enum + name: 'ipv6AccessType' + update_verb: :PATCH + update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} + fingerprint_name: 'fingerprint' + values: + - :EXTERNAL + - :INTERNAL + description: | + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. + - !ruby/object:Api::Type::String + name: 'ipv6CidrRange' + output: true + description: | + The range of internal IPv6 addresses that are owned by this subnetwork. + - !ruby/object:Api::Type::String + name: 'externalIpv6Prefix' + output: true + description: | + The range of external IPv6 addresses that are owned by this subnetwork. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Private Google Access': + 'https://cloud.google.com/vpc/docs/configure-private-google-access' + 'Cloud Networking': + 'https://cloud.google.com/vpc/docs/using-vpc' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks' diff --git a/mmv1/products/compute/TargetGrpcProxy.yaml b/mmv1/products/compute/TargetGrpcProxy.yaml new file mode 100644 index 000000000000..890a5c99b8d0 --- /dev/null +++ b/mmv1/products/compute/TargetGrpcProxy.yaml @@ -0,0 +1,105 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetGrpcProxy' +kind: 'compute#targetGrpcProxy' +base_url: projects/{{project}}/global/targetGrpcProxies +collection_url_key: 'items' +update_verb: :PATCH +has_self_link: true +description: | + Represents a Target gRPC Proxy resource. A target gRPC proxy is a component + of load balancers intended for load balancing gRPC traffic. Global forwarding + rules reference a target gRPC proxy. The Target gRPC Proxy references + a URL map which specifies how traffic routes to gRPC backend services. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Target gRPC Proxies': 'https://cloud.google.com/traffic-director/docs/proxyless-overview' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/targetGrpcProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource + is created. The name must be 1-63 characters long, and comply + with RFC1035. Specifically, the name must be 1-63 characters long + and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which + means the first character must be a lowercase letter, and all + following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::String + name: 'selfLinkWithId' + description: 'Server-defined URL with id for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'urlMap' + description: | + URL to the UrlMap resource that defines the mapping from URL to + the BackendService. The protocol field in the BackendService + must be set to GRPC. + immutable: true + update_id: 'urlMap' + fingerprint_name: 'fingerprint' + - !ruby/object:Api::Type::Boolean + name: 'validateForProxyless' + immutable: true + description: | + If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + diff --git a/mmv1/products/compute/TargetHttpProxy.yaml b/mmv1/products/compute/TargetHttpProxy.yaml new file mode 100644 index 000000000000..1227539b2d3e --- /dev/null +++ b/mmv1/products/compute/TargetHttpProxy.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetHttpProxy' +kind: 'compute#targetHttpProxy' +base_url: projects/{{project}}/global/targetHttpProxies +collection_url_key: 'items' +has_self_link: true +immutable: true +description: | + Represents a TargetHttpProxy resource, which is used by one or more global + forwarding rule to route incoming HTTP requests to a URL map. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetHttpProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'urlMap' + resource: 'UrlMap' + imports: 'selfLink' + description: | + A reference to the UrlMap resource that defines the mapping from URL + to the BackendService. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/targetHttpProxies/{{name}}/setUrlMap' + - !ruby/object:Api::Type::Boolean + name: 'proxyBind' + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. diff --git a/mmv1/products/compute/TargetHttpsProxy.yaml b/mmv1/products/compute/TargetHttpsProxy.yaml new file mode 100644 index 000000000000..eb7f2c324dc2 --- /dev/null +++ b/mmv1/products/compute/TargetHttpsProxy.yaml @@ -0,0 +1,134 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetHttpsProxy' +kind: 'compute#targetHttpsProxy' +base_url: projects/{{project}}/global/targetHttpsProxies +collection_url_key: 'items' +has_self_link: true +immutable: true +description: | + Represents a TargetHttpsProxy resource, which is used by one or more + global forwarding rule to route incoming HTTPS requests to a URL map. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'quicOverride' + description: | + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. + values: + - :NONE + - :ENABLE + - :DISABLE + update_verb: :POST + update_url: + 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setQuicOverride' + - !ruby/object:Api::Type::Array + name: 'sslCertificates' + description: | + A list of SslCertificate resources that are used to authenticate + connections between users and the load balancer. At least one SSL + certificate must be specified. + update_verb: :POST + update_url: + 'projects/{{project}}/targetHttpsProxies/{{name}}/setSslCertificates' + item_type: !ruby/object:Api::Type::ResourceRef + name: 'sslCertificate' + resource: 'SslCertificate' + imports: 'selfLink' + description: 'The SSL certificates used by this TargetHttpsProxy' + - !ruby/object:Api::Type::String + name: 'certificateMap' + description: | + A reference to the CertificateMap resource uri that identifies a certificate map + associated with the given target proxy. This field can only be set for global target proxies. + Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. + update_verb: :POST + update_url: + 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setCertificateMap' + - !ruby/object:Api::Type::ResourceRef + name: 'sslPolicy' + resource: 'SslPolicy' + imports: 'selfLink' + description: | + A reference to the SslPolicy resource that will be associated with + the TargetHttpsProxy resource. If not set, the TargetHttpsProxy + resource will not have any SSL policy configured. + update_verb: :POST + update_url: + 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setSslPolicy' + - !ruby/object:Api::Type::ResourceRef + name: 'urlMap' + resource: 'UrlMap' + imports: 'selfLink' + description: | + A reference to the UrlMap resource that defines the mapping from URL + to the BackendService. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/targetHttpsProxies/{{name}}/setUrlMap' + - !ruby/object:Api::Type::Boolean + name: 'proxyBind' + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. diff --git a/mmv1/products/compute/TargetInstance.yaml b/mmv1/products/compute/TargetInstance.yaml new file mode 100644 index 000000000000..b084022ad48a --- /dev/null +++ b/mmv1/products/compute/TargetInstance.yaml @@ -0,0 +1,102 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetInstance' +kind: 'compute#targetInstance' +base_url: projects/{{project}}/zones/{{zone}}/targetInstances +collection_url_key: 'items' +has_self_link: true +immutable: true +description: | + Represents a TargetInstance resource which defines an endpoint instance + that terminates traffic of certain protocols. In particular, they are used + in Protocol Forwarding, where forwarding rules can send packets to a + non-NAT'ed target instance. Each target instance contains a single + virtual machine instance that receives and handles traffic from the + corresponding forwarding rules. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Protocol Forwarding': 'https://cloud.google.com/compute/docs/protocol-forwarding' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetInstances' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'zone' + resource: 'Zone' + imports: 'name' + description: | + URL of the zone where the target instance resides. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'network' + description: 'The URL of the network this target instance uses to forward traffic. If not specified, the traffic will be forwarded to the network that the default network interface belongs to.' + immutable: true + min_version: beta + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::ResourceRef + name: 'instance' + resource: 'Instance' + imports: 'selfLink' + description: | + A URL to the virtual machine instance that handles traffic for this + target instance. Accepts self-links or the partial paths with format + `projects/project/zones/zone/instances/instance' or + `zones/zone/instances/instance` + required: true + immutable: true + - !ruby/object:Api::Type::Enum + name: 'natPolicy' + description: | + NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. + immutable: true + default_value: :NO_NAT + values: + - :NO_NAT diff --git a/mmv1/products/compute/TargetPool.yaml b/mmv1/products/compute/TargetPool.yaml new file mode 100644 index 000000000000..a94f4b88f412 --- /dev/null +++ b/mmv1/products/compute/TargetPool.yaml @@ -0,0 +1,150 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetPool' +kind: 'compute#targetPool' +base_url: projects/{{project}}/regions/{{region}}/targetPools +collection_url_key: 'items' +description: 'Represents a TargetPool resource, used for Load Balancing.' +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/load-balancing/network/target-pools' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/targetPools' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'The region where the target pool resides.' + required: true +properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backupPool' + resource: 'TargetPool' + imports: 'selfLink' + immutable: true + description: | + This field is applicable only when the containing target pool is + serving a forwarding rule as the primary pool, and its failoverRatio + field is properly set to a value between [0, 1]. + + backupPool and failoverRatio together define the fallback behavior of + the primary target pool: if the ratio of the healthy instances in the + primary pool is at or below failoverRatio, traffic arriving at the + load-balanced IP will be directed to the backup pool. + + In case where failoverRatio and backupPool are not set, or all the + instances in the backup pool are unhealthy, the traffic will be + directed back to the primary pool in the "force" mode, where traffic + will be spread to the healthy instances with the best effort, or to + all instances when no instance is healthy. + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + - !ruby/object:Api::Type::Double + name: 'failoverRatio' + description: | + This field is applicable only when the containing target pool is + serving a forwarding rule as the primary pool (i.e., not as a backup + pool to some other target pool). The value of the field must be in + [0, 1]. + + If set, backupPool must also be set. They together define the fallback + behavior of the primary target pool: if the ratio of the healthy + instances in the primary pool is at or below this number, traffic + arriving at the load-balanced IP will be directed to the backup pool. + + In case where failoverRatio is not set or all the instances in the + backup pool are unhealthy, the traffic will be directed back to the + primary pool in the "force" mode, where traffic will be spread to the + healthy instances with the best effort, or to all instances when no + instance is healthy. + - !ruby/object:Api::Type::ResourceRef + name: 'healthCheck' + resource: 'HttpHealthCheck' + imports: 'selfLink' + description: | + A reference to a HttpHealthCheck resource. + + A member instance in this pool is considered healthy if and only if + the health checks pass. If not specified it means all member instances + will be considered healthy at all times. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Array + name: 'instances' + description: | + A list of virtual machine instances serving this pool. + + They must live in zones contained in the same region as this pool. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'instance' + description: 'The instance being served by this pool.' + resource: 'Instance' + imports: 'selfLink' + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'sessionAffinity' + description: | + Session affinity option. Must be one of these values: + + * NONE: Connections from the same client IP may go to any instance in + the pool. + * CLIENT_IP: Connections from the same client IP will go to the same + instance in the pool while that instance remains healthy. + * CLIENT_IP_PROTO: Connections from the same client IP with the same + IP protocol will go to the same instance in the pool while that + instance remains healthy. + immutable: true + values: + - :NONE + - :CLIENT_IP + - :CLIENT_IP_PROTO diff --git a/mmv1/products/compute/TargetSslProxy.yaml b/mmv1/products/compute/TargetSslProxy.yaml new file mode 100644 index 000000000000..5bc394b890e4 --- /dev/null +++ b/mmv1/products/compute/TargetSslProxy.yaml @@ -0,0 +1,129 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetSslProxy' +kind: 'compute#targetSslProxy' +base_url: projects/{{project}}/global/targetSslProxies +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a TargetSslProxy resource, which is used by one or more + global forwarding rule to route incoming SSL requests to a backend + service. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Setting Up SSL proxy for Google Cloud Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetSslProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + description: | + Specifies the type of proxy header to append before sending data to + the backend. + values: + - :NONE + - :PROXY_V1 + update_verb: :POST + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setProxyHeader' + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'BackendService' + imports: 'selfLink' + description: | + A reference to the BackendService resource. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setBackendService' + - !ruby/object:Api::Type::Array + name: 'sslCertificates' + description: | + A list of SslCertificate resources that are used to authenticate + connections between users and the load balancer. At least one + SSL certificate must be specified. + exactly_one_of: + - sslCertificates + - certificateMap + update_verb: :POST + update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setSslCertificates' + item_type: !ruby/object:Api::Type::ResourceRef + name: 'sslCertificate' + resource: 'SslCertificate' + imports: 'selfLink' + description: 'The SSL certificates used by this TargetSslProxy' + - !ruby/object:Api::Type::String + name: 'certificateMap' + description: | + A reference to the CertificateMap resource uri that identifies a certificate map + associated with the given target proxy. This field can only be set for global target proxies. + Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. + exactly_one_of: + - sslCertificates + - certificateMap + update_verb: :POST + update_url: + 'projects/{{project}}/global/targetSslProxies/{{name}}/setCertificateMap' + - !ruby/object:Api::Type::ResourceRef + name: 'sslPolicy' + resource: 'SslPolicy' + imports: 'selfLink' + description: | + A reference to the SslPolicy resource that will be associated with + the TargetSslProxy resource. If not set, the TargetSslProxy + resource will not have any SSL policy configured. + update_verb: :POST + update_url: + 'projects/{{project}}/global/targetSslProxies/{{name}}/setSslPolicy' diff --git a/mmv1/products/compute/TargetTcpProxy.yaml b/mmv1/products/compute/TargetTcpProxy.yaml new file mode 100644 index 000000000000..f7dcd27dcbeb --- /dev/null +++ b/mmv1/products/compute/TargetTcpProxy.yaml @@ -0,0 +1,96 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetTcpProxy' +kind: 'compute#targetTcpProxy' +base_url: projects/{{project}}/global/targetTcpProxies +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a TargetTcpProxy resource, which is used by one or more + global forwarding rule to route incoming TCP requests to a Backend + service. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Setting Up TCP proxy for Google Cloud Load Balancing': + 'https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/tcp-proxy' + api: 'https://cloud.google.com/compute/docs/reference/v1/targetTcpProxies' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'proxyHeader' + description: | + Specifies the type of proxy header to append before sending data to + the backend. + values: + - :NONE + - :PROXY_V1 + update_verb: :POST + update_url: 'projects/{{project}}/global/targetTcpProxies/{{name}}/setProxyHeader' + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'BackendService' + imports: 'selfLink' + description: | + A reference to the BackendService resource. + required: true + update_verb: :POST + update_url: 'projects/{{project}}/global/targetTcpProxies/{{name}}/setBackendService' + - !ruby/object:Api::Type::Boolean + name: 'proxyBind' + description: | + This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. diff --git a/mmv1/products/compute/TargetVpnGateway.yaml b/mmv1/products/compute/TargetVpnGateway.yaml new file mode 100644 index 000000000000..4d5eaabdb567 --- /dev/null +++ b/mmv1/products/compute/TargetVpnGateway.yaml @@ -0,0 +1,108 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TargetVpnGateway' +kind: 'compute#targetVpnGateway' +base_url: projects/{{project}}/regions/{{region}}/targetVpnGateways +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a VPN gateway running in GCP. This virtual device is managed + by Google, but used only by you. +references: !ruby/object:Api::Resource::ReferenceLinks + api: https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + The region this gateway should sit in. + required: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The network this VPN gateway is accepting traffic for. + required: true + immutable: true + - !ruby/object:Api::Type::Array + name: 'tunnels' + description: | + A list of references to VpnTunnel resources associated with this VPN gateway. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'tunnel' + resource: 'VpnTunnel' + imports: 'selfLink' + description: | + A VpnTunnel resource associated with this VPN gateway. + output: true + - !ruby/object:Api::Type::Array + name: 'forwardingRules' + description: | + A list of references to the ForwardingRule resources associated with this VPN + gateway. + item_type: !ruby/object:Api::Type::ResourceRef + name: 'forwardingRule' + resource: 'ForwardingRule' + imports: 'selfLink' + description: | + A ForwardingRule resource associated with this VPN gateway. + output: true + # status is not useful for state convergence diff --git a/mmv1/products/compute/UrlMap.yaml b/mmv1/products/compute/UrlMap.yaml new file mode 100644 index 000000000000..0cc6d8b73eb3 --- /dev/null +++ b/mmv1/products/compute/UrlMap.yaml @@ -0,0 +1,2392 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'UrlMap' +kind: 'compute#urlMap' +base_url: projects/{{project}}/global/urlMaps +collection_url_key: 'items' +has_self_link: true +description: | + UrlMaps are used to route requests to a backend service based on rules + that you define for the host and path of an incoming URL. +references: !ruby/object:Api::Resource::ReferenceLinks + api: https://cloud.google.com/compute/docs/reference/rest/v1/urlMaps +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/global/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'defaultService' + exactly_one_of: + - default_service + - default_url_redirect + - default_route_action.0.weighted_backend_services + resource: 'BackendService' + imports: 'selfLink' + description: | + The full or partial URL of the defaultService resource to which traffic is directed if + none of the hostRules match. If defaultRouteAction is additionally specified, advanced + routing actions like URL Rewrites, etc. take effect prior to sending the request to the + backend. However, if defaultService is specified, defaultRouteAction cannot contain any + weightedBackendServices. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when you create + the resource. + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::Fingerprint + name: 'fingerprint' + description: | + Fingerprint of this resource. A hash of the contents stored in this object. This + field is used in optimistic locking. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + at_least_one_of: + - header_action.0.request_headers_to_add + - header_action.0.request_headers_to_remove + - header_action.0.response_headers_to_add + - header_action.0.response_headers_to_remove + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + at_least_one_of: + - header_action.0.request_headers_to_add + - header_action.0.request_headers_to_remove + - header_action.0.response_headers_to_add + - header_action.0.response_headers_to_remove + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + at_least_one_of: + - header_action.0.request_headers_to_add + - header_action.0.request_headers_to_remove + - header_action.0.response_headers_to_add + - header_action.0.response_headers_to_remove + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + at_least_one_of: + - header_action.0.request_headers_to_add + - header_action.0.request_headers_to_remove + - header_action.0.response_headers_to_add + - header_action.0.response_headers_to_remove + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Array + name: 'hostRules' + description: | + The list of HostRules to use against the URL. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when you create + the resource. + - !ruby/object:Api::Type::Array + name: 'hosts' + required: true + item_type: Api::Type::String + description: | + The list of host patterns to match. They must be valid hostnames, except * will + match any string of ([a-z0-9-.]*). In that case, * must be the first character + and must be followed in the pattern by either - or .. + - !ruby/object:Api::Type::String + name: 'pathMatcher' + required: true + description: | + The name of the PathMatcher to use to match the path portion of the URL if the + hostRule matches the URL's host portion. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Name of the resource. Provided by the client when the resource is created. The + name must be 1-63 characters long, and comply with RFC1035. Specifically, the + name must be 1-63 characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase + letter, and all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + - !ruby/object:Api::Type::Array + name: 'pathMatchers' + description: | + The list of named PathMatchers to use against the URL. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'defaultService' + # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # exactly_one_of: + # - path_matchers.0.default_service + # - path_matchers.0.default_url_redirect + # - path_matchers.0.default_route_action.0.weighted_backend_services + resource: 'BackendService' + imports: 'selfLink' + description: | + The full or partial URL to the BackendService resource. This will be used if none + of the pathRules or routeRules defined by this PathMatcher are matched. For example, + the following are all valid URLs to a BackendService resource: + - https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backendService + - compute/v1/projects/project/global/backendServices/backendService + - global/backendServices/backendService + If defaultRouteAction is additionally specified, advanced routing actions like URL + Rewrites, etc. take effect prior to sending the request to the backend. However, if + defaultService is specified, defaultRouteAction cannot contain any + weightedBackendServices. Conversely, if defaultRouteAction specifies any + weightedBackendServices, defaultService must not be specified. + Only one of defaultService, defaultUrlRedirect or + defaultRouteAction.weightedBackendService must be set. Authorization requires one + or more of the following Google IAM permissions on the + specified resource defaultService: + - compute.backendBuckets.use + - compute.backendServices.use + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. Provide this property when you create + the resource. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name to which this PathMatcher is referred by the HostRule. + - !ruby/object:Api::Type::Array + name: 'pathRules' + description: | + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'BackendService' + imports: 'selfLink' + description: | + The backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + - !ruby/object:Api::Type::Array + name: 'paths' + required: true + item_type: Api::Type::String + description: | + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + - !ruby/object:Api::Type::NestedObject + name: 'routeAction' + description: | + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + default_value: false + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Headers header. + - !ruby/object:Api::Type::Array + name: 'allowMethods' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Methods header. + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + item_type: Api::Type::String + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + item_type: Api::Type::String + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Boolean + name: 'disabled' + required: true + description: | + If true, specifies the CORS policy is disabled. + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Expose-Headers header. + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + required: true + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + required: true + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + required: true + description: | + Specifies the value of the fixed delay interval. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + required: true + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'BackendService' + imports: 'selfLink' + description: | + The BackendService resource being mirrored to. + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + Specifies the retry policy associated with this route. + properties: + - !ruby/object:Api::Type::Integer + name: 'numRetries' + description: | + Specifies the allowed number retries. This number must be > 0. + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Array + name: 'retryConditions' + item_type: Api::Type::String + description: | + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'BackendService' + imports: 'selfLink' + description: | + The default BackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Integer + name: 'weight' + required: true + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + - !ruby/object:Api::Type::NestedObject + name: 'urlRedirect' + description: | + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + description: | + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. + - !ruby/object:Api::Type::Array + name: 'routeRules' + description: | + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'priority' + required: true + description: | + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'BackendService' + imports: 'selfLink' + description: | + The backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Array + name: 'matchRules' + description: | + The rules for determining a match. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'fullPathMatch' + description: | + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + - !ruby/object:Api::Type::Array + name: 'headerMatches' + description: | + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'exactMatch' + description: | + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + - !ruby/object:Api::Type::Boolean + name: 'invertMatch' + default_value: false + description: | + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + - !ruby/object:Api::Type::String + name: 'prefixMatch' + description: | + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - !ruby/object:Api::Type::Boolean + name: 'presentMatch' + description: | + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + - !ruby/object:Api::Type::NestedObject + name: 'rangeMatch' + description: | + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] - -3 will match. - 0 will + not match. - 0.25 will not match. - -3someString will not match. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + properties: + - !ruby/object:Api::Type::Integer + name: 'rangeEnd' + required: true + description: | + The end of the range (exclusive). + - !ruby/object:Api::Type::Integer + name: 'rangeStart' + required: true + description: | + The start of the range (inclusive). + - !ruby/object:Api::Type::String + name: 'regexMatch' + description: | + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + - !ruby/object:Api::Type::String + name: 'suffixMatch' + description: | + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + - !ruby/object:Api::Type::Boolean + name: 'ignoreCase' + default_value: false + description: | + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + - !ruby/object:Api::Type::Array + name: 'metadataFilters' + description: | + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'filterLabels' + min_size: 1 + max_size: 64 + required: true + description: | + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + - !ruby/object:Api::Type::String + name: 'value' + required: true + description: | + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'filterMatchCriteria' + required: true + description: | + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + - MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + - MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. + values: + - :MATCH_ALL + - :MATCH_ANY + - !ruby/object:Api::Type::String + name: 'prefixMatch' + description: | + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + - !ruby/object:Api::Type::Array + name: 'queryParameterMatches' + description: | + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'exactMatch' + description: | + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + - !ruby/object:Api::Type::Boolean + name: 'presentMatch' + description: | + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + - !ruby/object:Api::Type::String + name: 'regexMatch' + description: | + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + - !ruby/object:Api::Type::String + name: 'regexMatch' + description: | + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + - !ruby/object:Api::Type::NestedObject + name: 'routeAction' + description: | + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing + properties: + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + default_value: false + description: | + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Headers header. + - !ruby/object:Api::Type::Array + name: 'allowMethods' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Allow-Methods header. + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + item_type: Api::Type::String + description: | + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + item_type: Api::Type::String + description: | + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + - !ruby/object:Api::Type::Boolean + name: 'disabled' + default_value: false + description: | + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + item_type: Api::Type::String + description: | + Specifies the content for the Access-Control-Expose-Headers header. + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault + injection. + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + description: | + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + description: | + Specifies the value of the fixed delay interval. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'BackendService' + imports: 'selfLink' + description: | + The BackendService resource being mirrored to. + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + Specifies the retry policy associated with this route. + properties: + - !ruby/object:Api::Type::Integer + name: 'numRetries' + required: true + description: | + Specifies the allowed number retries. This number must be > 0. + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction + is not set, will use the largest timeout among all backend services associated with the route. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::Array + name: 'retryConditions' + item_type: Api::Type::String + description: | + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 `seconds` field and a positive + `nanos` field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::String + name: 'seconds' + required: true + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The spec to modify the URL of the request, prior to forwarding the request to + the matched service + properties: + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + description: | + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + required: true + resource: 'BackendService' + imports: 'selfLink' + description: | + The default BackendService resource. Before + forwarding the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the + backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + required: true + description: | + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + item_type: Api::Type::String + description: | + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + - !ruby/object:Api::Type::Integer + name: 'weight' + required: true + description: | + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000 + - !ruby/object:Api::Type::NestedObject + name: 'urlRedirect' + description: | + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. If set + to false, the URL scheme of the redirected request will remain the same as that + of the request. This must only be set for UrlMaps used in TargetHttpProxys. + Setting this true for TargetHttpsProxy is not permitted. Defaults to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. Only one of pathRedirect or prefixRedirect must be + specified. The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + default_value: false + description: | + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. Defaults to false. + - !ruby/object:Api::Type::NestedObject + name: 'defaultUrlRedirect' + # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # exactly_one_of: + # - path_matchers.0.default_service + # - path_matchers.0.default_url_redirect + # - path_matchers.0.default_route_action.0.weighted_backend_services + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + - !ruby/object:Api::Type::NestedObject + name: 'defaultRouteAction' + # TODO: (mbang) conflicts also won't work for array path matchers yet, uncomment here once supported. + # conflicts: + # - path_matcher.path_matcher.default_url_redirect + description: | + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. + # (github.com/hashicorp/terraform-plugin-sdk/issues/470) + # exactly_one_of: + # - path_matchers.0.default_service + # - path_matchers.0.default_url_redirect + # - path_matchers.0.default_route_action.0.weighted_backend_services + description: | + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'BackendService' + imports: 'selfLink' + description: | + The full or partial URL to the default BackendService resource. Before forwarding the + request to backendService, the loadbalancer applies any relevant headerActions + specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::Integer + name: 'weight' + description: | + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000 + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + description: | + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: 'headerValue' + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + description: | + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: 'headerValue' + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The spec to modify the URL of the request, prior to forwarding the request to the matched service. + properties: + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + Specifies the retry policy associated with this route. + properties: + - !ruby/object:Api::Type::Array + name: 'retryConditions' + description: | + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'numRetries' + description: | + Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. + default_value: 1 + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'BackendService' + imports: 'selfLink' + description: | + The full or partial URL to the BackendService resource being mirrored to. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + properties: + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + description: | + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + description: | + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowMethods' + description: | + Specifies the content for the Access-Control-Allow-Methods header. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + description: | + Specifies the content for the Access-Control-Allow-Headers header. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + description: | + Specifies the content for the Access-Control-Expose-Headers header. + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + default_value: false + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. + default_value: false + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + description: | + Specifies the value of the fixed delay interval. + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault injection. + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + description: | + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + - !ruby/object:Api::Type::Array + name: 'tests' + description: | + The list of expected URL mapping tests. Request to update this UrlMap will + succeed only if all of the test cases pass. You can specify a maximum of 100 + tests per UrlMap. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of this test case. + - !ruby/object:Api::Type::String + name: 'host' + required: true + description: | + Host portion of the URL. + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + Path portion of the URL. + - !ruby/object:Api::Type::ResourceRef + name: 'service' + resource: 'BackendService' + imports: 'selfLink' + required: true + description: | + Expected BackendService resource the given URL should be mapped to. + - !ruby/object:Api::Type::NestedObject + name: 'defaultUrlRedirect' + exactly_one_of: + - default_service + - default_url_redirect + - default_route_action.0.weighted_backend_services + conflicts: + - default_route_action + description: | + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + - !ruby/object:Api::Type::String + name: 'hostRedirect' + description: | + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' + default_value: false + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + - !ruby/object:Api::Type::String + name: 'pathRedirect' + description: | + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + - !ruby/object:Api::Type::String + name: 'prefixRedirect' + description: | + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' + description: | + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. + skip_docs_values: true + values: + - :FOUND + - :MOVED_PERMANENTLY_DEFAULT + - :PERMANENT_REDIRECT + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' + description: | + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. The default is set to false. + - !ruby/object:Api::Type::NestedObject + name: 'defaultRouteAction' + conflicts: + - default_url_redirect + description: | + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions + like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. + If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService + is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + - !ruby/object:Api::Type::Array + name: 'weightedBackendServices' + exactly_one_of: + - default_service + - default_url_redirect + - default_route_action.0.weighted_backend_services + description: | + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'BackendService' + imports: 'selfLink' + description: | + The full or partial URL to the default BackendService resource. Before forwarding the + request to backendService, the loadbalancer applies any relevant headerActions + specified as part of this backendServiceWeight. + - !ruby/object:Api::Type::Integer + name: 'weight' + description: | + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000 + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + - !ruby/object:Api::Type::Array + name: 'requestHeadersToRemove' + description: | + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'requestHeadersToAdd' + description: | + Headers to add to a matching request prior to forwarding the request to the backendService. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: 'headerValue' + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - !ruby/object:Api::Type::Array + name: 'responseHeadersToRemove' + description: | + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'responseHeadersToAdd' + description: | + Headers to add the response prior to sending the response back to the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: 'headerValue' + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + default_value: false + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The spec to modify the URL of the request, prior to forwarding the request to the matched service. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + at_least_one_of: + - default_route_action.0.url_rewrite.0.path_prefix_rewrite + - default_route_action.0.url_rewrite.0.host_rewrite + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + at_least_one_of: + - default_route_action.0.url_rewrite.0.path_prefix_rewrite + - default_route_action.0.url_rewrite.0.host_rewrite + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - default_route_action.0.timeout.0.seconds + - default_route_action.0.timeout.0.nanos + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - default_route_action.0.timeout.0.seconds + - default_route_action.0.timeout.0.nanos + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + Specifies the retry policy associated with this route. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::Array + name: 'retryConditions' + description: | + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable + at_least_one_of: + - default_route_action.0.retry_policy.0.retry_conditions + - default_route_action.0.retry_policy.0.num_retries + - default_route_action.0.retry_policy.0.per_try_timeout + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'numRetries' + description: | + Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. + at_least_one_of: + - default_route_action.0.retry_policy.0.retry_conditions + - default_route_action.0.retry_policy.0.num_retries + - default_route_action.0.retry_policy.0.per_try_timeout + default_value: 1 + - !ruby/object:Api::Type::NestedObject + name: 'perTryTimeout' + description: | + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + at_least_one_of: + - default_route_action.0.retry_policy.0.retry_conditions + - default_route_action.0.retry_policy.0.num_retries + - default_route_action.0.retry_policy.0.per_try_timeout + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds + - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds + - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos + - !ruby/object:Api::Type::NestedObject + name: 'requestMirrorPolicy' + description: | + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'backendService' + resource: 'BackendService' + imports: 'selfLink' + description: | + The full or partial URL to the BackendService resource being mirrored to. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'corsPolicy' + description: | + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::Array + name: 'allowOrigins' + description: | + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowOriginRegexes' + description: | + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowMethods' + description: | + Specifies the content for the Access-Control-Allow-Methods header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowHeaders' + description: | + Specifies the content for the Access-Control-Allow-Headers header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exposeHeaders' + description: | + Specifies the content for the Access-Control-Expose-Headers header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: 'maxAge' + description: | + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + default_value: false + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. + default_value: false + at_least_one_of: + - default_route_action.0.cors_policy.0.allow_origins + - default_route_action.0.cors_policy.0.allow_origin_regexes + - default_route_action.0.cors_policy.0.allow_methods + - default_route_action.0.cors_policy.0.allow_headers + - default_route_action.0.cors_policy.0.expose_headers + - default_route_action.0.cors_policy.0.max_age + - default_route_action.0.cors_policy.0.allow_credentials + - default_route_action.0.cors_policy.0.disabled + - !ruby/object:Api::Type::NestedObject + name: 'faultInjectionPolicy' + description: | + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + at_least_one_of: + - default_route_action.0.weighted_backend_services + - default_route_action.0.url_rewrite + - default_route_action.0.timeout + - default_route_action.0.retry_policy + - default_route_action.0.request_mirror_policy + - default_route_action.0.cors_policy + - default_route_action.0.fault_injection_policy + properties: + - !ruby/object:Api::Type::NestedObject + name: 'delay' + description: | + The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay + - default_route_action.0.fault_injection_policy.0.abort + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fixedDelay' + description: | + Specifies the value of the fixed delay interval. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay + - default_route_action.0.fault_injection_policy.0.delay.0.percentage + properties: + - !ruby/object:Api::Type::String + name: 'seconds' + description: | + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay + - default_route_action.0.fault_injection_policy.0.delay.0.percentage + - !ruby/object:Api::Type::NestedObject + name: 'abort' + description: | + The specification for how client requests are aborted as part of fault injection. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.delay + - default_route_action.0.fault_injection_policy.0.abort + properties: + - !ruby/object:Api::Type::Integer + name: 'httpStatus' + description: | + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.abort.0.http_status + - default_route_action.0.fault_injection_policy.0.abort.0.percentage + - !ruby/object:Api::Type::Double + name: 'percentage' + description: | + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + at_least_one_of: + - default_route_action.0.fault_injection_policy.0.abort.0.http_status + - default_route_action.0.fault_injection_policy.0.abort.0.percentage diff --git a/mmv1/products/compute/VpnGateway.yaml b/mmv1/products/compute/VpnGateway.yaml new file mode 100644 index 000000000000..29dcceecb883 --- /dev/null +++ b/mmv1/products/compute/VpnGateway.yaml @@ -0,0 +1,114 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'VpnGateway' +kind: 'compute#vpnGateway' +base_url: projects/{{project}}/regions/{{region}}/vpnGateways +collection_url_key: 'items' +immutable: true +has_self_link: true +description: | + Represents a VPN gateway running in GCP. This virtual device is managed + by Google, but used only by you. This type of VPN Gateway allows for the creation + of VPN solutions with higher availability than classic Target VPN Gateways. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Choosing a VPN': https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn + 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' + api: https://cloud.google.com/compute/docs/reference/rest/v1/vpnGateways +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: | + The region this gateway should sit in. + required: true +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional description of this resource.' + immutable: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. Provided by the client when the resource is + created. The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and + match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means + the first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'network' + resource: 'Network' + imports: 'selfLink' + description: | + The network this VPN gateway is accepting traffic for. + required: true + immutable: true + - !ruby/object:Api::Type::Array + name: 'vpnInterfaces' + description: | + A list of interfaces on this VPN gateway. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The numeric ID of this VPN gateway interface.' + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: 'The external IP address for this VPN gateway interface.' + output: true + - !ruby/object:Api::Type::ResourceRef + name: 'interconnectAttachment' + resource: 'InterconnectAttachment' + imports: 'selfLink' + description: | + URL of the interconnect attachment resource. When the value + of this field is present, the VPN Gateway will be used for + IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the + specified interconnect attachment resource. + + Not currently available publicly. + immutable: true diff --git a/mmv1/products/compute/VpnTunnel.yaml b/mmv1/products/compute/VpnTunnel.yaml new file mode 100644 index 000000000000..ba59c2f6d8d6 --- /dev/null +++ b/mmv1/products/compute/VpnTunnel.yaml @@ -0,0 +1,186 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'VpnTunnel' +kind: 'compute#vpnTunnel' +description: 'VPN tunnel resource.' +immutable: true +base_url: projects/{{project}}/regions/{{region}}/vpnTunnels +collection_url_key: 'items' +has_self_link: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' + 'Networks and Tunnel Routing': 'https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing' + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'compute#operation' + path: 'name' + base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'name' + description: 'The region where the tunnel is located.' + required: true +properties: + - !ruby/object:Api::Type::String + name: 'id' + description: 'The unique identifier for the resource. This identifier is defined by the server.' + output: true + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the resource. The name must be 1-63 characters long, and + comply with RFC1035. Specifically, the name must be 1-63 + characters long and match the regular expression + `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character + must be a lowercase letter, and all following characters must + be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of this resource. + immutable: true + - !ruby/object:Api::Type::ResourceRef + name: 'targetVpnGateway' + description: | + URL of the Target VPN gateway with which this VPN tunnel is + associated. + resource: 'TargetVpnGateway' + imports: 'selfLink' + immutable: true + - !ruby/object:Api::Type::ResourceRef + name: 'vpnGateway' + description: | + URL of the VPN gateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is created. + resource: 'VpnGateway' + imports: 'selfLink' + immutable: true + - !ruby/object:Api::Type::Integer + name: 'vpnGatewayInterface' + description: | + The interface ID of the VPN gateway with which this VPN tunnel is associated. + immutable: true + send_empty_value: true + - !ruby/object:Api::Type::ResourceRef + name: 'peerExternalGateway' + resource: 'ExternalVpnGateway' + imports: 'selfLink' + immutable: true + conflicts: + - peer_gcp_gateway + description: | + URL of the peer side external VPN gateway to which this VPN tunnel is connected. + - !ruby/object:Api::Type::Integer + name: 'peerExternalGatewayInterface' + description: | + The interface ID of the external VPN gateway to which this VPN tunnel is connected. + send_empty_value: true + - !ruby/object:Api::Type::ResourceRef + name: 'peerGcpGateway' + conflicts: + - peer_external_gateway + description: | + URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. + If provided, the VPN tunnel will automatically use the same vpn_gateway_interface + ID in the peer GCP VPN gateway. + resource: 'VpnGateway' + imports: 'selfLink' + - !ruby/object:Api::Type::ResourceRef + name: 'router' + description: | + URL of router resource to be used for dynamic routing. + resource: 'Router' + imports: 'selfLink' + immutable: true + - !ruby/object:Api::Type::String + name: 'peerIp' + description: | + IP address of the peer VPN gateway. Only IPv4 is supported. + - !ruby/object:Api::Type::String + name: 'sharedSecret' + description: | + Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + required: true + - !ruby/object:Api::Type::String + name: 'sharedSecretHash' + description: | + Hash of the shared secret. + output: true + - !ruby/object:Api::Type::Integer + name: 'ikeVersion' + description: | + IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + default_value: 2 + - !ruby/object:Api::Type::Array + name: 'localTrafficSelector' + description: | + Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example `192.168.0.0/16`. The ranges should be disjoint. + Only IPv4 is supported. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'remoteTrafficSelector' + description: | + Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example `192.168.0.0/16`. The ranges should be disjoint. + Only IPv4 is supported. + item_type: Api::Type::String + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels to apply to this VpnTunnel. + update_verb: :POST + update_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}/setLabels' + min_version: beta + - !ruby/object:Api::Type::Fingerprint + name: 'labelFingerprint' + description: | + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + update_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}/setLabels' + update_verb: :POST + min_version: beta + - !ruby/object:Api::Type::String + exclude: true + name: 'detailedStatus' + output: true + description: 'Detailed status message for the VPN tunnel.' diff --git a/mmv1/products/compute/Zone.yaml b/mmv1/products/compute/Zone.yaml new file mode 100644 index 000000000000..c9f2fc402511 --- /dev/null +++ b/mmv1/products/compute/Zone.yaml @@ -0,0 +1,105 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Zone' +kind: 'compute#zone' +base_url: projects/{{project}}/zones +collection_url_key: 'items' +has_self_link: true +readonly: true +description: 'Represents a Zone resource.' +properties: + - !ruby/object:Api::Type::Time + name: 'creationTimestamp' + description: 'Creation timestamp in RFC3339 text format.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'deprecated' + description: 'The deprecation status associated with this machine type.' + properties: + - !ruby/object:Api::Type::Time + name: 'deleted' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DELETED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - !ruby/object:Api::Type::Time + name: 'deprecated' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to DEPRECATED. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - !ruby/object:Api::Type::Time + name: 'obsolete' + description: | + An optional RFC3339 timestamp on or after which the state of this + resource is intended to change to OBSOLETE. This is only + informational and the status will not change unless the client + explicitly changes it. + output: true + - !ruby/object:Api::Type::String + name: 'replacement' + description: | + The URL of the suggested replacement for a deprecated resource. + The suggested replacement resource must be the same kind of + resource as the deprecated resource. + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The deprecation state of this resource. This can be DEPRECATED, + OBSOLETE, or DELETED. Operations which create a new resource + using a DEPRECATED resource will return successfully, but with a + warning indicating the deprecated resource and recommending its + replacement. Operations which use OBSOLETE or DELETED resources + will be rejected and result in an error. + values: + - :DEPRECATED + - :OBSOLETE + - :DELETED + output: true + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: 'An optional textual description of the resource.' + output: true + - !ruby/object:Api::Type::Integer + name: 'id' + description: 'The unique identifier for the resource.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the resource.' + - !ruby/object:Api::Type::ResourceRef + name: 'region' + resource: 'Region' + imports: 'selfLink' + description: 'The region where the zone is located.' + output: true + - !ruby/object:Api::Type::Enum + name: 'status' + description: 'The status of the zone.' + values: + - :UP + - :DOWN + output: true + - !ruby/object:Api::Type::Array + name: 'availableCpuPlatforms' + description: 'The available CPU platforms in this zone' + item_type: Api::Type::String + output: true diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml deleted file mode 100644 index 110aa02f8fb0..000000000000 --- a/mmv1/products/compute/api.yaml +++ /dev/null @@ -1,20028 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# TODO(nelsonjr): Make all Zone and Region resource ref - ---- !ruby/object:Api::Product -name: Compute -display_name: Compute Engine -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://compute.googleapis.com/compute/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://compute.googleapis.com/compute/beta/ -scopes: - - https://www.googleapis.com/auth/compute -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Compute Engine API - url: https://console.cloud.google.com/apis/library/compute.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Address' - kind: 'compute#address' - base_url: projects/{{project}}/regions/{{region}}/addresses - collection_url_key: 'items' - has_self_link: true - input: true - description: | - Represents an Address resource. - - Each virtual machine instance has an ephemeral internal IP address and, - optionally, an external IP address. To communicate between instances on - the same network, you can use an instance's internal IP address. To - communicate with the Internet and instances outside of the same network, - you must specify the instance's external IP address. - - Internal IP addresses are ephemeral and only belong to an instance for - the lifetime of the instance; if the instance is deleted and recreated, - the instance is assigned a new internal IP address, either by Compute - Engine or by you. External IP addresses can be either ephemeral or - static. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Reserving a Static External IP Address': 'https://cloud.google.com/compute/docs/instances-and-network' - 'Reserving a Static Internal IP Address': 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-internal-ip-address' - api: 'https://cloud.google.com/compute/docs/reference/beta/addresses' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - URL of the region where the regional address resides. - This field is not applicable to global addresses. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'address' - description: | - The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - - !ruby/object:Api::Type::Enum - name: 'addressType' - description: | - The type of address to reserve. - values: - - :INTERNAL - - :EXTERNAL - default_value: :EXTERNAL - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. The name must be 1-63 characters long, and - comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` - which means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::String - name: purpose - description: | - The purpose of this resource, which can be one of the following values: - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, internal load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range - that are reserved for a VLAN attachment in an IPsec-encrypted Cloud - Interconnect configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used - to configure Private Service Connect. Only global internal addresses - can use this purpose. - - This should only be set when using an Internal address. - - !ruby/object:Api::Type::Enum - name: 'networkTier' - description: | - The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. - values: - - :PREMIUM - - :STANDARD - # TODO(alexstephen): Add in status with exclude attribute. What does this - # mean? - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - The URL of the subnetwork in which to reserve the address. If an IP - address is specified, it must be within the subnetwork's IP range. - This field can only be used with INTERNAL type with - GCE_ENDPOINT/DNS_RESOLVER purposes. - - !ruby/object:Api::Type::Array - name: 'users' - description: 'The URLs of the resources that are using this address.' - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this address. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/addresses/{{name}}/setLabels' - min_version: beta - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/regions/{{region}}/addresses/{{name}}/setLabels' - update_verb: :POST - min_version: beta - - !ruby/object:Api::Type::Enum - name: 'status' - output: true - description: | - The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. - An address that is RESERVING is currently in the process of being reserved. - A RESERVED address is currently reserved and available to use. An IN_USE address - is currently being used by another resource and is not available. - values: - - :RESERVING - - :RESERVED - - :IN_USE - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The URL of the network in which to reserve the address. This field - can only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. - - !ruby/object:Api::Type::Integer - name: prefixLength - description: | - The prefix length if the resource represents an IP range. - - !ruby/object:Api::Resource - name: 'Autoscaler' - kind: 'compute#autoscaler' - base_url: projects/{{project}}/zones/{{zone}}/autoscalers - update_url: projects/{{project}}/zones/{{zone}}/autoscalers?autoscaler={{name}} - collection_url_key: 'items' - has_self_link: true - description: | - Represents an Autoscaler resource. - - Autoscalers allow you to automatically scale virtual machine instances in - managed instance groups according to an autoscaling policy that you - define. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Autoscaling Groups of Instances': 'https://cloud.google.com/compute/docs/autoscaler/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/autoscalers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: | - URL of the zone where the instance group resides. - required: true - input: true - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'Unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. The name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::NestedObject - name: 'autoscalingPolicy' - description: | - The configuration parameters for the autoscaling algorithm. You can - define one or more of the policies for an autoscaler: cpuUtilization, - customMetricUtilizations, and loadBalancingUtilization. - - If none of these are specified, the default will be to autoscale based - on cpuUtilization to 0.6 or 60%. - required: true - properties: - - !ruby/object:Api::Type::Integer - name: 'minNumReplicas' - description: | - The minimum number of replicas that the autoscaler can scale down - to. This cannot be less than 0. If not provided, autoscaler will - choose a default value depending on maximum number of instances - allowed. - send_empty_value: true - - !ruby/object:Api::Type::Integer - name: 'maxNumReplicas' - description: | - The maximum number of instances that the autoscaler can scale up - to. This is required when creating or updating an autoscaler. The - maximum number of replicas should not be lower than minimal number - of replicas. - required: true - - !ruby/object:Api::Type::Integer - name: 'coolDownPeriodSec' - description: | - The number of seconds that the autoscaler should wait before it - starts collecting information from a new instance. This prevents - the autoscaler from collecting information when the instance is - initializing, during which the collected usage would not be - reliable. The default time autoscaler waits is 60 seconds. - - Virtual machine initialization times might vary because of - numerous factors. We recommend that you test how long an - instance may take to initialize. To do this, create an instance - and time the startup process. - default_value: 60 - - !ruby/object:Api::Type::Enum - name: 'mode' - default_value: :ON - description: | - Defines operating mode for this policy. - values: - - :OFF - - :ONLY_UP - - :ON - - !ruby/object:Api::Type::NestedObject - name: 'scaleDownControl' - min_version: beta - description: | - Defines scale down controls to reduce the risk of response latency - and outages due to abrupt scale-in events - properties: - - !ruby/object:Api::Type::NestedObject - name: 'maxScaledDownReplicas' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas - - autoscaling_policy.0.scale_down_control.0.time_window_sec - properties: - - !ruby/object:Api::Type::Integer - name: 'fixed' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent - description: | - Specifies a fixed number of VM instances. This must be a positive - integer. - - !ruby/object:Api::Type::Integer - name: 'percent' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent - description: | - Specifies a percentage of instances between 0 to 100%, inclusive. - For example, specify 80 for 80%. - - !ruby/object:Api::Type::Integer - name: 'timeWindowSec' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas - - autoscaling_policy.0.scale_down_control.0.time_window_sec - description: | - How long back autoscaling should look when computing recommendations - to include directives regarding slower scale down, as described above. - - !ruby/object:Api::Type::NestedObject - name: 'scaleInControl' - description: | - Defines scale in controls to reduce the risk of response latency - and outages due to abrupt scale-in events - properties: - - !ruby/object:Api::Type::NestedObject - name: 'maxScaledInReplicas' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas - - autoscaling_policy.0.scale_in_control.0.time_window_sec - properties: - - !ruby/object:Api::Type::Integer - name: 'fixed' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent - description: | - Specifies a fixed number of VM instances. This must be a positive - integer. - - !ruby/object:Api::Type::Integer - name: 'percent' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent - description: | - Specifies a percentage of instances between 0 to 100%, inclusive. - For example, specify 80 for 80%. - - !ruby/object:Api::Type::Integer - name: 'timeWindowSec' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas - - autoscaling_policy.0.scale_in_control.0.time_window_sec - description: | - How long back autoscaling should look when computing recommendations - to include directives regarding slower scale down, as described above. - - !ruby/object:Api::Type::NestedObject - name: 'cpuUtilization' - description: | - Defines the CPU utilization policy that allows the autoscaler to - scale based on the average CPU utilization of a managed instance - group. - properties: - - !ruby/object:Api::Type::Double - name: 'utilizationTarget' - description: | - The target CPU utilization that the autoscaler should maintain. - Must be a float value in the range (0, 1]. If not specified, the - default is 0.6. - - If the CPU level is below the target utilization, the autoscaler - scales down the number of instances until it reaches the minimum - number of instances you specified or until the average CPU of - your instances reaches the target utilization. - - If the average CPU is above the target utilization, the autoscaler - scales up until it reaches the maximum number of instances you - specified or until the average utilization reaches the target - utilization. - - !ruby/object:Api::Type::String - name: 'predictiveMethod' - default_value: NONE - description: | - Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: - - - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. - - - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. - - !ruby/object:Api::Type::Array - name: 'customMetricUtilizations' - description: | - Configuration parameters of autoscaling based on a custom metric. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'metric' - description: | - The identifier (type) of the Stackdriver Monitoring metric. - The metric cannot have negative values. - - The metric must have a value type of INT64 or DOUBLE. - required: true - - !ruby/object:Api::Type::Double - name: 'singleInstanceAssignment' - min_version: beta - description: | - If scaling is based on a per-group metric value that represents the - total amount of work to be done or resource usage, set this value to - an amount assigned for a single instance of the scaled group. - The autoscaler will keep the number of instances proportional to the - value of this metric, the metric itself should not change value due - to group resizing. - - For example, a good metric to use with the target is - `pubsub.googleapis.com/subscription/num_undelivered_messages` - or a custom metric exporting the total number of requests coming to - your instances. - - A bad example would be a metric exporting an average or median - latency, since this value can't include a chunk assignable to a - single instance, it could be better used with utilization_target - instead. - - !ruby/object:Api::Type::Double - name: 'utilizationTarget' - description: | - The target value of the metric that autoscaler should - maintain. This must be a positive value. A utilization - metric scales number of virtual machines handling requests - to increase or decrease proportionally to the metric. - - For example, a good metric to use as a utilizationTarget is - www.googleapis.com/compute/instance/network/received_bytes_count. - The autoscaler will work to keep this value constant for each - of the instances. - - !ruby/object:Api::Type::Enum - name: 'utilizationTargetType' - description: | - Defines how target utilization value is expressed for a - Stackdriver Monitoring metric. - values: - - :GAUGE - - :DELTA_PER_SECOND - - :DELTA_PER_MINUTE - - !ruby/object:Api::Type::String - name: 'filter' - description: | - A filter string to be used as the filter string for - a Stackdriver Monitoring TimeSeries.list API call. - This filter is used to select a specific TimeSeries for - the purpose of autoscaling and to determine whether the metric - is exporting per-instance or per-group data. - - You can only use the AND operator for joining selectors. - You can only use direct equality comparison operator (=) without - any functions for each selector. - You can specify the metric in both the filter string and in the - metric field. However, if specified in both places, the metric must - be identical. - - The monitored resource type determines what kind of values are - expected for the metric. If it is a gce_instance, the autoscaler - expects the metric to include a separate TimeSeries for each - instance in a group. In such a case, you cannot filter on resource - labels. - - If the resource type is any other value, the autoscaler expects - this metric to contain values that apply to the entire autoscaled - instance group and resource label filtering can be performed to - point autoscaler at the correct TimeSeries to scale upon. - This is called a per-group metric for the purpose of autoscaling. - - If not specified, the type defaults to gce_instance. - - You should provide a filter that is selective enough to pick just - one TimeSeries for the autoscaled group or for each of the instances - (if you are using gce_instance resource type). If multiple - TimeSeries are returned upon the query execution, the autoscaler - will sum their respective values to obtain its scaling value. - min_version: beta - - !ruby/object:Api::Type::NestedObject - name: 'loadBalancingUtilization' - description: | - Configuration parameters of autoscaling based on a load balancer. - properties: - - !ruby/object:Api::Type::Double - name: 'utilizationTarget' - description: | - Fraction of backend capacity utilization (set in HTTP(s) load - balancing configuration) that autoscaler should maintain. Must - be a positive float value. If not defined, the default is 0.8. - - !ruby/object:Api::Type::Map - name: 'scalingSchedules' - description: | - Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. - key_name: name - key_description: | - A name for the schedule. - value_type: !ruby/object:Api::Type::NestedObject - name: scalingSchedule - properties: - - !ruby/object:Api::Type::Integer - name: 'minRequiredReplicas' - description: | - Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. - required: true - send_empty_value: true - - !ruby/object:Api::Type::String - name: 'schedule' - description: | - The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). - required: true - - !ruby/object:Api::Type::String - name: 'timeZone' - default_value: UTC - description: | - The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. - - !ruby/object:Api::Type::Integer - name: 'durationSec' - description: | - The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. - required: true - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. - default_value: false - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of a scaling schedule. - - !ruby/object:Api::Type::ResourceRef - name: 'target' - resource: 'InstanceGroupManager' - imports: 'selfLink' - description: | - URL of the managed instance group that this autoscaler will scale. - required: true - - !ruby/object:Api::Resource - name: 'BackendBucket' - kind: 'compute#backendBucket' - base_url: projects/{{project}}/global/backendBuckets - collection_url_key: 'items' - has_self_link: true - description: | - Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) - load balancing. - - An HTTP(S) load balancer can direct traffic to specified URLs to a - backend bucket rather than a backend service. It can send requests for - static content to a Cloud Storage bucket and requests for dynamic content - to a virtual machine instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using a Cloud Storage bucket as a load balancer backend': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-bucket' - api: 'https://cloud.google.com/compute/docs/reference/v1/backendBuckets' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - iam_policy: !ruby/object:Api::Resource::IamPolicy - min_version: beta - exclude: false - parent_resource_attribute: 'name' - import_format: ["projects/{{project}}/global/backendBuckets/{{name}}", "{{name}}"] - properties: - - !ruby/object:Api::Type::String - name: 'bucketName' - description: 'Cloud Storage bucket name.' - required: true - - !ruby/object:Api::Type::NestedObject - name: 'cdnPolicy' - description: 'Cloud CDN configuration for this Backend Bucket.' - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cacheKeyPolicy' - description: 'The CacheKeyPolicy for this CdnPolicy.' - properties: - - !ruby/object:Api::Type::Array - send_empty_value: true - name: 'queryStringWhitelist' - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - description: | - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - send_empty_value: true - name: 'includeHttpHeaders' - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - description: | - Allows HTTP request headers (by name) to be used in the - cache key. - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'signedUrlCacheMaxAgeSec' - description: | - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - - !ruby/object:Api::Type::Integer - name: 'defaultTtl' - description: | - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - - !ruby/object:Api::Type::Integer - name: 'maxTtl' - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - !ruby/object:Api::Type::Integer - name: 'clientTtl' - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - !ruby/object:Api::Type::Boolean - name: 'negativeCaching' - send_empty_value: true - description: | - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. - - !ruby/object:Api::Type::Array - name: 'negativeCachingPolicy' - description: | - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'code' - description: | - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - - !ruby/object:Api::Type::Integer - name: 'ttl' - description: | - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - - !ruby/object:Api::Type::Enum - name: 'cacheMode' - description: | - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC - values: - - :USE_ORIGIN_HEADERS - - :FORCE_CACHE_ALL - - :CACHE_ALL_STATIC - - !ruby/object:Api::Type::Integer - name: 'serveWhileStale' - send_empty_value: true - description: | - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. - - !ruby/object:Api::Type::Boolean - name: 'requestCoalescing' - send_empty_value: true - description: | - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin. - - !ruby/object:Api::Type::Array - name: 'bypassCacheOnRequestHeaders' - description: | - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. - max_size: 5 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: | - The header field name to match on when bypassing cache. Values are case-insensitive. - - !ruby/object:Api::Type::Enum - name: 'compressionMode' - description: | - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. - values: - - :AUTOMATIC - - :DISABLED - - !ruby/object:Api::Type::String - name: 'edgeSecurityPolicy' - description: | - The security policy associated with this backend bucket. - - !ruby/object:Api::Type::Array - name: 'customResponseHeaders' - description: | - Headers that the HTTP/S load balancer should add to proxied responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional textual description of the resource; provided by the - client when the resource is created. - - !ruby/object:Api::Type::Boolean - name: 'enableCdn' - description: 'If true, enable Cloud CDN for this BackendBucket.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'Unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Resource - name: 'BackendBucketSignedUrlKey' - kind: 'compute#BackendBucketSignedUrlKey' - input: true - base_url: projects/{{project}}/global/backendBuckets/{{backend_bucket}} - create_url: projects/{{project}}/global/backendBuckets/{{backend_bucket}}/addSignedUrlKey - create_verb: :POST - delete_url: projects/{{project}}/global/backendBuckets/{{backend_bucket}}/deleteSignedUrlKey?keyName={{name}} - delete_verb: :POST - self_link: projects/{{project}}/global/backendBuckets/{{backend_bucket}} - identity: - - name - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - cdnPolicy - - signedUrlKeyNames - is_list_of_ids: true - description: | - A key for signing Cloud CDN signed URLs for BackendBuckets. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Signed URLs': 'https://cloud.google.com/cdn/docs/using-signed-urls/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/backendBuckets' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'backendBucket' - resource: 'BackendBucket' - imports: 'name' - description: | - The backend bucket this signed URL key belongs. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - api_name: 'keyName' - description: | - Name of the signed URL key. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'keyValue' - description: | - 128-bit key value used for signing the URL. The key value must be a - valid RFC 4648 Section 5 base64url encoded string. - required: true - input: true - - !ruby/object:Api::Resource - name: 'BackendService' - kind: 'compute#backendService' - base_url: projects/{{project}}/global/backendServices - collection_url_key: 'items' - has_self_link: true - description: | - A Backend Service defines a group of virtual machines that will serve - traffic for load balancing. This resource is a global backend service, - appropriate for external load balancing or self-managed internal load balancing. - For managed internal load balancing, use a regional backend service instead. - - Currently self-managed internal load balancing is only available in beta. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/backend-service' - api: 'https://cloud.google.com/compute/docs/reference/v1/backendServices' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Integer - name: 'affinityCookieTtlSec' - description: | - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - - !ruby/object:Api::Type::Array - name: 'backends' - description: | - The set of backends that serve this BackendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'balancingMode' - default_value: :UTILIZATION - values: - - :UTILIZATION - - :RATE - - :CONNECTION - description: | - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. - - !ruby/object:Api::Type::Double - name: 'capacityScaler' - send_empty_value: true - default_value: 1.0 - description: | - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - Provide this property when you create the resource. - - !ruby/object:Api::Type::String - name: 'group' - description: | - The fully-qualified URL of an Instance Group or Network Endpoint - Group resource. In case of instance group this defines the list - of instances that serve traffic. Member virtual machine - instances from each instance group must live in the same zone as - the instance group itself. No two backends in a backend service - are allowed to use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and - Network Endpoint Group backends. - - Note that you must specify an Instance Group or Network Endpoint - Group resource using the fully-qualified URL, rather than a - partial URL. - required: true - - !ruby/object:Api::Type::Integer - name: 'maxConnections' - description: | - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - - !ruby/object:Api::Type::Integer - name: 'maxConnectionsPerInstance' - description: | - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - - !ruby/object:Api::Type::Integer - name: 'maxConnectionsPerEndpoint' - description: | - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - - !ruby/object:Api::Type::Integer - name: 'maxRate' - description: | - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - - !ruby/object:Api::Type::Double - name: 'maxRatePerInstance' - description: | - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - - !ruby/object:Api::Type::Double - name: 'maxRatePerEndpoint' - description: | - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - - !ruby/object:Api::Type::Double - name: 'maxUtilization' - description: | - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - - !ruby/object:Api::Type::NestedObject - name: 'circuitBreakers' - description: | - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'connectTimeout' - min_version: beta - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The timeout for new network connections to hosts. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Integer - name: 'maxRequestsPerConnection' - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - - !ruby/object:Api::Type::Integer - name: 'maxConnections' - default_value: 1024 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of connections to the backend cluster. - Defaults to 1024. - - !ruby/object:Api::Type::Integer - name: 'maxPendingRequests' - default_value: 1024 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - - !ruby/object:Api::Type::Integer - name: 'maxRequests' - default_value: 1024 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - - !ruby/object:Api::Type::Integer - name: 'maxRetries' - default_value: 3 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - - !ruby/object:Api::Type::Enum - name: 'compressionMode' - description: | - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. - values: - - :AUTOMATIC - - :DISABLED - - !ruby/object:Api::Type::NestedObject - name: 'consistentHash' - description: | - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'httpCookie' - at_least_one_of: - - consistent_hash.0.http_cookie - - consistent_hash.0.http_header_name - - consistent_hash.0.minimum_ring_size - description: | - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'ttl' - at_least_one_of: - - consistent_hash.0.http_cookie.0.ttl - - consistent_hash.0.http_cookie.0.name - - consistent_hash.0.http_cookie.0.path - description: | - Lifetime of the cookie. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'name' - at_least_one_of: - - consistent_hash.0.http_cookie.0.ttl - - consistent_hash.0.http_cookie.0.name - - consistent_hash.0.http_cookie.0.path - description: | - Name of the cookie. - - !ruby/object:Api::Type::String - name: 'path' - at_least_one_of: - - consistent_hash.0.http_cookie.0.ttl - - consistent_hash.0.http_cookie.0.name - - consistent_hash.0.http_cookie.0.path - description: | - Path to set for the cookie. - - !ruby/object:Api::Type::String - name: 'httpHeaderName' - at_least_one_of: - - consistent_hash.0.http_cookie - - consistent_hash.0.http_header_name - - consistent_hash.0.minimum_ring_size - description: | - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. - - !ruby/object:Api::Type::Integer - name: 'minimumRingSize' - default_value: 1024 - at_least_one_of: - - consistent_hash.0.http_cookie - - consistent_hash.0.http_header_name - - consistent_hash.0.minimum_ring_size - description: | - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - - !ruby/object:Api::Type::NestedObject - name: 'cdnPolicy' - description: 'Cloud CDN configuration for this BackendService.' - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cacheKeyPolicy' - description: 'The CacheKeyPolicy for this CdnPolicy.' - at_least_one_of: - - cdn_policy.0.cache_key_policy - - cdn_policy.0.signed_url_cache_max_age_sec - properties: - - !ruby/object:Api::Type::Boolean - name: 'includeHost' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - If true requests to different hosts will be cached separately. - - !ruby/object:Api::Type::Boolean - name: 'includeProtocol' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - If true, http and https requests will be cached separately. - - !ruby/object:Api::Type::Boolean - name: 'includeQueryString' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - - !ruby/object:Api::Type::Array - name: 'queryStringBlacklist' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - send_empty_value: true - name: 'queryStringWhitelist' - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'includeHttpHeaders' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Allows HTTP request headers (by name) to be used in the - cache key. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'includeNamedCookies' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_http_headers - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Names of cookies to include in cache keys. - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'signedUrlCacheMaxAgeSec' - default_value: 3600 - at_least_one_of: - - cdn_policy.0.cache_key_policy - - cdn_policy.0.signed_url_cache_max_age_sec - description: | - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - - !ruby/object:Api::Type::Integer - name: 'defaultTtl' - description: | - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - - !ruby/object:Api::Type::Integer - name: 'maxTtl' - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - !ruby/object:Api::Type::Integer - name: 'clientTtl' - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - !ruby/object:Api::Type::Boolean - name: 'negativeCaching' - send_empty_value: true - description: | - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. - - !ruby/object:Api::Type::Array - name: 'negativeCachingPolicy' - description: | - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'code' - description: | - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - - !ruby/object:Api::Type::Integer - name: 'ttl' - description: | - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - - !ruby/object:Api::Type::Enum - name: 'cacheMode' - description: | - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC - values: - - :USE_ORIGIN_HEADERS - - :FORCE_CACHE_ALL - - :CACHE_ALL_STATIC - - !ruby/object:Api::Type::Integer - name: 'serveWhileStale' - send_empty_value: true - description: | - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. - - !ruby/object:Api::Type::NestedObject - name: 'connectionDraining' - description: | - Settings for connection draining - properties: - - !ruby/object:Api::Type::Integer - name: 'drainingTimeoutSec' - default_value: 300 - description: | - Time for which instance will be drained (not accept new - connections, but still work to finish started). - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::Array - name: 'customRequestHeaders' - item_type: Api::Type::String - description: | - Headers that the HTTP/S load balancer should add to proxied - requests. - - !ruby/object:Api::Type::Array - name: 'customResponseHeaders' - item_type: Api::Type::String - description: | - Headers that the HTTP/S load balancer should add to proxied - responses. - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - output: true - description: | - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::Boolean - name: 'enableCDN' - description: | - If true, enable Cloud CDN for this BackendService. - - !ruby/object:Api::Type::Array - name: 'healthChecks' - item_type: Api::Type::String - min_size: 1 - max_size: 1 - description: | - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource - for health checking this BackendService. Currently at most one health - check can be specified. - - A health check must be specified unless the backend service uses an internet - or serverless NEG as a backend. - - For internal load balancing, a URL to a HealthCheck resource must be specified instead. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource. This identifier is defined by the server.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'iap' - description: Settings for enabling Cloud Identity Aware Proxy - properties: - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: Enables IAP. - - !ruby/object:Api::Type::String - name: 'oauth2ClientId' - required: true - description: | - OAuth2 Client ID for IAP - - !ruby/object:Api::Type::String - name: 'oauth2ClientSecret' - required: true - description: | - OAuth2 Client Secret for IAP - - !ruby/object:Api::Type::String - name: 'oauth2ClientSecretSha256' - output: true - description: | - OAuth2 Client Secret SHA-256 for IAP - - !ruby/object:Api::Type::Enum - name: 'loadBalancingScheme' - input: true - description: | - Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). - default_value: :EXTERNAL - # If you're modifying this value, it probably means Global ILB is now - # an option. If that's the case, all of the documentation is based on - # this resource supporting external load balancing only. - values: - - :EXTERNAL - - :INTERNAL_SELF_MANAGED - - :EXTERNAL_MANAGED - - !ruby/object:Api::Type::Enum - name: 'localityLbPolicy' - values: - - :ROUND_ROBIN - - :LEAST_REQUEST - - :RING_HASH - - :RANDOM - - :ORIGINAL_DESTINATION - - :MAGLEV - description: | - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * `ROUND_ROBIN`: This is a simple policy in which each healthy backend - is selected in round robin order. - - * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * `RING_HASH`: The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * `RANDOM`: The load balancer selects a random healthy host. - - * `ORIGINAL_DESTINATION`: Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. - - !ruby/object:Api::Type::Array - name: 'localityLbPolicies' - description: | - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - item_type: !ruby/object:Api::Type::NestedObject - name: 'localityLbPolicyConfig' - description: | - Container for either a built-in LB policy supported by gRPC or Envoy or - a custom one implemented by the end user. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'policy' - exactly_one_of: - - policy - - customPolicy - description: | - The configuration for a built-in load balancing policy. - properties: - - !ruby/object:Api::Type::Enum - name: 'name' - required: true - values: - - :ROUND_ROBIN - - :LEAST_REQUEST - - :RING_HASH - - :RANDOM - - :ORIGINAL_DESTINATION - - :MAGLEV - description: | - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * `ROUND_ROBIN`: This is a simple policy in which each healthy backend - is selected in round robin order. - - * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * `RING_HASH`: The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * `RANDOM`: The load balancer selects a random healthy host. - - * `ORIGINAL_DESTINATION`: Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - !ruby/object:Api::Type::NestedObject - name: 'customPolicy' - exactly_one_of: - - policy - - customPolicy - description: | - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - - !ruby/object:Api::Type::String - name: 'data' - description: | - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::NestedObject - name: 'outlierDetection' - description: | - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseEjectionTime' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Integer - name: 'consecutiveErrors' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 5 - description: | - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - - !ruby/object:Api::Type::Integer - name: 'consecutiveGatewayFailure' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 5 - description: | - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - - !ruby/object:Api::Type::Integer - name: 'enforcingConsecutiveErrors' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 100 - description: | - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - - !ruby/object:Api::Type::Integer - name: 'enforcingConsecutiveGatewayFailure' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 0 - description: | - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - - !ruby/object:Api::Type::Integer - name: 'enforcingSuccessRate' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 100 - description: | - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - - !ruby/object:Api::Type::NestedObject - name: 'interval' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Integer - name: 'maxEjectionPercent' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 10 - description: | - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - - !ruby/object:Api::Type::Integer - name: 'successRateMinimumHosts' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 5 - description: | - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - - !ruby/object:Api::Type::Integer - name: 'successRateRequestVolume' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 100 - description: | - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - - !ruby/object:Api::Type::Integer - name: 'successRateStdevFactor' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - default_value: 1900 - description: | - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - # 'port' is deprecated - - !ruby/object:Api::Type::String - name: 'portName' - description: | - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. - - !ruby/object:Api::Type::Enum - name: 'protocol' - description: | - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - values: - - :HTTP - - :HTTPS - - :HTTP2 - - :TCP - - :SSL - - :GRPC - # TODO: make a ResourceRef to Security Policy - - !ruby/object:Api::Type::String - name: 'securityPolicy' - description: | - The security policy associated with this backend service. - - !ruby/object:Api::Type::String - name: 'edgeSecurityPolicy' - description: | - The resource URL for the edge security policy associated with this backend service. - - !ruby/object:Api::Type::NestedObject - name: 'securitySettings' - description: | - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'clientTlsPolicy' - resource: 'Region' # TODO: 'Region' is incorrect and should be 'ClientTlsPolicy' - imports: 'name' - description: | - ClientTlsPolicy is a resource that specifies how a client should authenticate - connections to backends of a service. This resource itself does not affect - configuration unless it is attached to a backend service resource. - required: true - - !ruby/object:Api::Type::Array - name: 'subjectAltNames' - description: | - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - required: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: 'sessionAffinity' - description: | - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. - values: - - :NONE - - :CLIENT_IP - - :CLIENT_IP_PORT_PROTO - - :CLIENT_IP_PROTO - - :GENERATED_COOKIE - - :HEADER_FIELD - - :HTTP_COOKIE - - !ruby/object:Api::Type::Integer - name: 'timeoutSec' - description: | - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - description: | - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - at_least_one_of: - - log_config.0.enable - - log_config.0.sample_rate - description: | - Whether to enable logging for the load balancer traffic served by this backend service. - - !ruby/object:Api::Type::Double - name: 'sampleRate' - at_least_one_of: - - log_config.0.enable - - log_config.0.sample_rate - description: | - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - - !ruby/object:Api::Resource - name: 'RegionBackendService' - kind: 'compute#backendService' - base_url: projects/{{project}}/regions/{{region}}/backendServices - collection_url_key: 'items' - has_self_link: true - description: | - A Region Backend Service defines a regionally-scoped group of virtual - machines that will serve traffic for load balancing. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Internal TCP/UDP Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/internal/' - api: 'https://cloud.google.com/compute/docs/reference/latest/regionBackendServices' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - A reference to the region where the regional backend service resides. - required: true - properties: - - !ruby/object:Api::Type::Integer - name: 'affinityCookieTtlSec' - description: | - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - - !ruby/object:Api::Type::Array - name: 'backends' - description: | - The set of backends that serve this RegionBackendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'balancingMode' - default_value: :CONNECTION - values: - - :UTILIZATION - - :RATE - - :CONNECTION - description: | - Specifies the balancing mode for this backend. - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. - - !ruby/object:Api::Type::Double - name: 'capacityScaler' - description: | - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - ~>**NOTE**: This field cannot be set for - INTERNAL region backend services (default loadBalancingScheme), - but is required for non-INTERNAL backend service. The total - capacity_scaler for all backends must be non-zero. - - A setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - send_empty_value: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - Provide this property when you create the resource. - - !ruby/object:Api::Type::Boolean - name: 'failover' - description: | - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - - !ruby/object:Api::Type::String - name: 'group' - required: true - description: | - The fully-qualified URL of an Instance Group or Network Endpoint - Group resource. In case of instance group this defines the list - of instances that serve traffic. Member virtual machine - instances from each instance group must live in the same zone as - the instance group itself. No two backends in a backend service - are allowed to use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and - Network Endpoint Group backends. - - When the `load_balancing_scheme` is INTERNAL, only instance groups - are supported. - - Note that you must specify an Instance Group or Network Endpoint - Group resource using the fully-qualified URL, rather than a - partial URL. - - !ruby/object:Api::Type::Integer - name: 'maxConnections' - description: | - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - Cannot be set for INTERNAL backend services. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - - !ruby/object:Api::Type::Integer - name: 'maxConnectionsPerInstance' - description: | - The max number of simultaneous connections that a single - backend instance can handle. Cannot be set for INTERNAL backend - services. - - This is used to calculate the capacity of the group. - Can be used in either CONNECTION or UTILIZATION balancing modes. - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - - !ruby/object:Api::Type::Integer - name: 'maxConnectionsPerEndpoint' - description: | - The max number of simultaneous connections that a single backend - network endpoint can handle. Cannot be set - for INTERNAL backend services. - - This is used to calculate the capacity of the group. Can be - used in either CONNECTION or UTILIZATION balancing modes. For - CONNECTION mode, either maxConnections or - maxConnectionsPerEndpoint must be set. - - !ruby/object:Api::Type::Integer - name: 'maxRate' - description: | - The max requests per second (RPS) of the group. Cannot be set - for INTERNAL backend services. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. Either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - - !ruby/object:Api::Type::Double - name: 'maxRatePerInstance' - description: | - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. Cannot be set - for INTERNAL backend services. - - !ruby/object:Api::Type::Double - name: 'maxRatePerEndpoint' - description: | - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. Cannot be set - for INTERNAL backend services. - - !ruby/object:Api::Type::Double - name: 'maxUtilization' - description: | - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - Cannot be set for INTERNAL backend services. - - !ruby/object:Api::Type::NestedObject - name: 'circuitBreakers' - description: | - Settings controlling the volume of connections to a backend service. This field - is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED - and the `protocol` is set to HTTP, HTTPS, or HTTP2. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'connectTimeout' - min_version: beta - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The timeout for new network connections to hosts. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Integer - name: 'maxRequestsPerConnection' - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - - !ruby/object:Api::Type::Integer - name: 'maxConnections' - default_value: 1024 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of connections to the backend cluster. - Defaults to 1024. - - !ruby/object:Api::Type::Integer - name: 'maxPendingRequests' - default_value: 1024 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - - !ruby/object:Api::Type::Integer - name: 'maxRequests' - default_value: 1024 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - - !ruby/object:Api::Type::Integer - name: 'maxRetries' - default_value: 3 - at_least_one_of: - - circuit_breakers.0.connect_timeout - - circuit_breakers.0.max_requests_per_connection - - circuit_breakers.0.max_connections - - circuit_breakers.0.max_pending_requests - - circuit_breakers.0.max_requests - - circuit_breakers.0.max_retries - description: | - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - - !ruby/object:Api::Type::NestedObject - name: 'consistentHash' - description: | - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. - This field only applies when all of the following are true - - * `load_balancing_scheme` is set to INTERNAL_MANAGED - * `protocol` is set to HTTP, HTTPS, or HTTP2 - * `locality_lb_policy` is set to MAGLEV or RING_HASH - properties: - - !ruby/object:Api::Type::NestedObject - name: 'httpCookie' - at_least_one_of: - - consistent_hash.0.http_cookie - - consistent_hash.0.http_header_name - - consistent_hash.0.minimum_ring_size - description: | - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'ttl' - at_least_one_of: - - consistent_hash.0.http_cookie.0.ttl - - consistent_hash.0.http_cookie.0.name - - consistent_hash.0.http_cookie.0.path - description: | - Lifetime of the cookie. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'name' - at_least_one_of: - - consistent_hash.0.http_cookie.0.ttl - - consistent_hash.0.http_cookie.0.name - - consistent_hash.0.http_cookie.0.path - description: | - Name of the cookie. - - !ruby/object:Api::Type::String - name: 'path' - at_least_one_of: - - consistent_hash.0.http_cookie.0.ttl - - consistent_hash.0.http_cookie.0.name - - consistent_hash.0.http_cookie.0.path - description: | - Path to set for the cookie. - - !ruby/object:Api::Type::String - name: 'httpHeaderName' - at_least_one_of: - - consistent_hash.0.http_cookie - - consistent_hash.0.http_header_name - - consistent_hash.0.minimum_ring_size - description: | - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. - - !ruby/object:Api::Type::Integer - name: 'minimumRingSize' - default_value: 1024 - at_least_one_of: - - consistent_hash.0.http_cookie - - consistent_hash.0.http_header_name - - consistent_hash.0.minimum_ring_size - description: | - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - - !ruby/object:Api::Type::NestedObject - name: 'cdnPolicy' - description: 'Cloud CDN configuration for this BackendService.' - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cacheKeyPolicy' - description: 'The CacheKeyPolicy for this CdnPolicy.' - at_least_one_of: - - cdn_policy.0.cache_key_policy - - cdn_policy.0.signed_url_cache_max_age_sec - properties: - - !ruby/object:Api::Type::Boolean - name: 'includeHost' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - If true requests to different hosts will be cached separately. - - !ruby/object:Api::Type::Boolean - name: 'includeProtocol' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - If true, http and https requests will be cached separately. - - !ruby/object:Api::Type::Boolean - name: 'includeQueryString' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - - !ruby/object:Api::Type::Array - name: 'queryStringBlacklist' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - send_empty_value: true - name: 'queryStringWhitelist' - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'includeNamedCookies' - send_empty_value: true - at_least_one_of: - - cdn_policy.0.cache_key_policy.0.include_host - - cdn_policy.0.cache_key_policy.0.include_protocol - - cdn_policy.0.cache_key_policy.0.include_query_string - - cdn_policy.0.cache_key_policy.0.query_string_blacklist - - cdn_policy.0.cache_key_policy.0.query_string_whitelist - - cdn_policy.0.cache_key_policy.0.include_named_cookies - description: | - Names of cookies to include in cache keys. - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'signedUrlCacheMaxAgeSec' - default_value: 3600 - at_least_one_of: - - cdn_policy.0.cache_key_policy - - cdn_policy.0.signed_url_cache_max_age_sec - description: | - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - - !ruby/object:Api::Type::Integer - name: 'defaultTtl' - description: | - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - - !ruby/object:Api::Type::Integer - name: 'maxTtl' - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - !ruby/object:Api::Type::Integer - name: 'clientTtl' - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - !ruby/object:Api::Type::Boolean - name: 'negativeCaching' - send_empty_value: true - description: | - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. - - !ruby/object:Api::Type::Array - name: 'negativeCachingPolicy' - description: | - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'code' - description: | - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - - !ruby/object:Api::Type::Integer - name: 'ttl' - min_version: beta - description: | - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - - !ruby/object:Api::Type::Enum - name: 'cacheMode' - description: | - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC - values: - - :USE_ORIGIN_HEADERS - - :FORCE_CACHE_ALL - - :CACHE_ALL_STATIC - - !ruby/object:Api::Type::Integer - name: 'serveWhileStale' - send_empty_value: true - description: | - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. - - - !ruby/object:Api::Type::NestedObject - name: 'connectionDraining' - description: | - Settings for connection draining - properties: - - !ruby/object:Api::Type::Integer - name: 'drainingTimeoutSec' - default_value: 300 - description: | - Time for which instance will be drained (not accept new - connections, but still work to finish started). - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - Creation timestamp in RFC3339 text format. - output: true - # customRequestHeaders only supported for EXTERNAL load balancing - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::NestedObject - name: 'failoverPolicy' - description: | - Policy for failovers. - properties: - - !ruby/object:Api::Type::Boolean - name: 'disableConnectionDrainOnFailover' - at_least_one_of: - - failover_policy.0.disable_connection_drain_on_failover - - failover_policy.0.drop_traffic_if_unhealthy - - failover_policy.0.failover_ratio - description: | - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - - !ruby/object:Api::Type::Boolean - name: 'dropTrafficIfUnhealthy' - at_least_one_of: - - failover_policy.0.disable_connection_drain_on_failover - - failover_policy.0.drop_traffic_if_unhealthy - - failover_policy.0.failover_ratio - description: | - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - - !ruby/object:Api::Type::Double - name: 'failoverRatio' - at_least_one_of: - - failover_policy.0.disable_connection_drain_on_failover - - failover_policy.0.drop_traffic_if_unhealthy - - failover_policy.0.failover_ratio - description: | - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - - !ruby/object:Api::Type::Boolean - name: 'enableCDN' - description: | - If true, enable Cloud CDN for this RegionBackendService. - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - output: true - description: | - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - - !ruby/object:Api::Type::Array - name: 'healthChecks' - item_type: Api::Type::String - min_size: 1 - max_size: 1 - description: | - The set of URLs to HealthCheck resources for health checking - this RegionBackendService. Currently at most one health - check can be specified. - - A health check must be specified unless the backend service uses an internet - or serverless NEG as a backend. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'iap' - description: Settings for enabling Cloud Identity Aware Proxy - properties: - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: Enables IAP. - - !ruby/object:Api::Type::String - name: 'oauth2ClientId' - required: true - description: | - OAuth2 Client ID for IAP - - !ruby/object:Api::Type::String - name: 'oauth2ClientSecret' - required: true - description: | - OAuth2 Client Secret for IAP - - !ruby/object:Api::Type::String - name: 'oauth2ClientSecretSha256' - output: true - description: | - OAuth2 Client Secret SHA-256 for IAP - - !ruby/object:Api::Type::Enum - name: 'loadBalancingScheme' - input: true - description: | - Indicates what kind of load balancing this regional backend service - will be used for. A backend service created for one type of load - balancing cannot be used with the other(s). For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). - default_value: :INTERNAL - values: - - :EXTERNAL - - :EXTERNAL_MANAGED - - :INTERNAL - - :INTERNAL_MANAGED - - !ruby/object:Api::Type::Enum - name: 'localityLbPolicy' - values: - - :ROUND_ROBIN - - :LEAST_REQUEST - - :RING_HASH - - :RANDOM - - :ORIGINAL_DESTINATION - - :MAGLEV - description: | - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * `ROUND_ROBIN`: This is a simple policy in which each healthy backend - is selected in round robin order. - - * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * `RING_HASH`: The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * `RANDOM`: The load balancer selects a random healthy host. - - * `ORIGINAL_DESTINATION`: Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::NestedObject - name: 'outlierDetection' - description: | - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the `load_balancing_scheme` is set - to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseEjectionTime' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Integer - name: 'consecutiveErrors' - default_value: 5 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - - !ruby/object:Api::Type::Integer - name: 'consecutiveGatewayFailure' - default_value: 5 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - - !ruby/object:Api::Type::Integer - name: 'enforcingConsecutiveErrors' - default_value: 100 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - - !ruby/object:Api::Type::Integer - name: 'enforcingConsecutiveGatewayFailure' - default_value: 0 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - - !ruby/object:Api::Type::Integer - name: 'enforcingSuccessRate' - default_value: 100 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - - !ruby/object:Api::Type::NestedObject - name: 'interval' - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - - !ruby/object:Api::Type::Integer - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Integer - name: 'maxEjectionPercent' - default_value: 10 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - - !ruby/object:Api::Type::Integer - name: 'successRateMinimumHosts' - default_value: 5 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - - !ruby/object:Api::Type::Integer - name: 'successRateRequestVolume' - default_value: 100 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - - !ruby/object:Api::Type::Integer - name: 'successRateStdevFactor' - default_value: 1900 - at_least_one_of: - - outlier_detection.0.base_ejection_time - - outlier_detection.0.consecutive_errors - - outlier_detection.0.consecutive_gateway_failure - - outlier_detection.0.enforcing_consecutive_errors - - outlier_detection.0.enforcing_consecutive_gateway_failure - - outlier_detection.0.enforcing_success_rate - - outlier_detection.0.interval - - outlier_detection.0.max_ejection_percent - - outlier_detection.0.success_rate_minimum_hosts - - outlier_detection.0.success_rate_request_volume - - outlier_detection.0.success_rate_stdev_factor - description: | - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - - !ruby/object:Api::Type::String - name: 'portName' - description: | - A named port on a backend instance group representing the port for - communication to the backend VMs in that group. Required when the - loadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED - and the backends are instance groups. The named port must be defined on each - backend instance group. This parameter has no meaning if the backends are NEGs. API sets a - default of "http" if not given. - Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing). - - !ruby/object:Api::Type::Enum - name: 'protocol' - description: | - The protocol this RegionBackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. - # This is removed to avoid breaking terraform, as default values cannot be - # unspecified. Providers should include this as needed via overrides - # default_value: :TCP - values: - - :HTTP - - :HTTPS - - :HTTP2 - - :SSL - - :TCP - - :UDP - - :GRPC - - :UNSPECIFIED - - !ruby/object:Api::Type::Enum - name: 'sessionAffinity' - description: | - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. - values: - - :NONE - - :CLIENT_IP - - :CLIENT_IP_PORT_PROTO - - :CLIENT_IP_PROTO - - :GENERATED_COOKIE - - :HEADER_FIELD - - :HTTP_COOKIE - - :CLIENT_IP_NO_DESTINATION - - !ruby/object:Api::Type::NestedObject - name: 'connectionTrackingPolicy' - min_version: 'beta' - description: | - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. - properties: - - !ruby/object:Api::Type::Integer - name: 'idleTimeoutSec' - description: | - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - - !ruby/object:Api::Type::Enum - name: 'trackingMode' - description: | - Specifies the key used for connection tracking. There are two options: - `PER_CONNECTION`: The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - `PER_SESSION`: The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. - default_value: :PER_CONNECTION - values: - - :PER_CONNECTION - - :PER_SESSION - - !ruby/object:Api::Type::Enum - name: 'connectionPersistenceOnUnhealthyBackends' - description: | - Specifies connection persistence when backends are unhealthy. - - If set to `DEFAULT_FOR_PROTOCOL`, the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to `NEVER_PERSIST`, after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to `ALWAYS_PERSIST`, existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. - default_value: :DEFAULT_FOR_PROTOCOL - values: - - :DEFAULT_FOR_PROTOCOL - - :NEVER_PERSIST - - :ALWAYS_PERSIST - - !ruby/object:Api::Type::Integer - name: 'timeoutSec' - description: | - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - description: | - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - at_least_one_of: - - log_config.0.enable - - log_config.0.sample_rate - description: | - Whether to enable logging for the load balancer traffic served by this backend service. - - !ruby/object:Api::Type::Double - name: 'sampleRate' - at_least_one_of: - - log_config.0.enable - - log_config.0.sample_rate - description: | - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - - !ruby/object:Api::Type::ResourceRef - resource: 'Network' - name: 'network' - imports: 'selfLink' - description: | - The URL of the network to which this backend service belongs. - This field can only be specified when the load balancing scheme is set to INTERNAL. - - !ruby/object:Api::Type::NestedObject - name: 'subsetting' - min_version: beta - description: | - Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing and Internal HTTP(S) load balancing. - properties: - - !ruby/object:Api::Type::Enum - name: 'policy' - values: - - :CONSISTENT_HASH_SUBSETTING - required: true - description: | - The algorithm used for subsetting. - - !ruby/object:Api::Resource - name: 'BackendServiceSignedUrlKey' - kind: 'compute#BackendServiceSignedUrlKey' - input: true - base_url: projects/{{project}}/global/backendServices/{{backend_service}} - create_url: projects/{{project}}/global/backendServices/{{backend_service}}/addSignedUrlKey - create_verb: :POST - delete_url: projects/{{project}}/global/backendServices/{{backend_service}}/deleteSignedUrlKey?keyName={{name}} - delete_verb: :POST - self_link: projects/{{project}}/global/backendServices/{{backend_service}} - identity: - - name - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - cdnPolicy - - signedUrlKeyNames - is_list_of_ids: true - description: | - A key for signing Cloud CDN signed URLs for Backend Services. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Signed URLs': 'https://cloud.google.com/cdn/docs/using-signed-urls/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/backendServices' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'BackendService' - imports: 'name' - description: | - The backend service this signed URL key belongs. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - api_name: 'keyName' - description: | - Name of the signed URL key. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'keyValue' - description: | - 128-bit key value used for signing the URL. The key value must be a - valid RFC 4648 Section 5 base64url encoded string. - required: true - input: true - - !ruby/object:Api::Resource - name: 'DiskType' - kind: 'compute#diskType' - base_url: projects/{{project}}/zones/{{zone}}/diskTypes - collection_url_key: 'items' - # TODO(nelsonjr): Search all documentation for references of using URL (like - # the description below) and replace with the proper reference to the - # corresponding type. - description: | - Represents a DiskType resource. A DiskType resource represents the type - of disk to use, such as a pd-ssd, pd-balanced or pd-standard. To reference a disk - type, use the disk type's full or partial URL. - # TODO(nelsonjr): Temporarily make DiskType virtual so no tests gets - # triggered for create. Implement support for read only objects, and delete - # the virtual tag - # | readonly: true - readonly: true - has_self_link: true - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'A reference to the zone where the disk type resides.' - required: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Integer - name: 'defaultDiskSizeGb' - description: 'Server-defined default disk size in GB.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'deprecated' - description: 'The deprecation status associated with this disk type.' - output: true - properties: - - !ruby/object:Api::Type::Time - name: 'deleted' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to DELETED. - output: true - - !ruby/object:Api::Type::Time - name: 'deprecated' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to DEPRECATED. - output: true - - !ruby/object:Api::Type::Time - name: 'obsolete' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to OBSOLETE. - output: true - - !ruby/object:Api::Type::String - name: 'replacement' - description: | - The URL of the suggested replacement for a deprecated resource. The - suggested replacement resource must be the same kind of resource as - the deprecated resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The deprecation state of this resource. This can be DEPRECATED, - OBSOLETE, or DELETED. Operations which create a new resource using a - DEPRECATED resource will return successfully, but with a warning - indicating the deprecated resource and recommending its replacement. - Operations which use OBSOLETE or DELETED resources will be rejected - and result in an error. - values: - - :DEPRECATED - - :OBSOLETE - - :DELETED - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the resource.' - - !ruby/object:Api::Type::String - name: 'validDiskSize' - description: | - An optional textual description of the valid disk size, such as - "10GB-10TB". - output: true - - !ruby/object:Api::Resource - name: 'RegionDiskResourcePolicyAttachment' - input: true - base_url: projects/{{project}}/regions/{{region}}/disks/{{disk}} - create_verb: :POST - create_url: projects/{{project}}/regions/{{region}}/disks/{{disk}}/addResourcePolicies - delete_verb: :POST - delete_url: projects/{{project}}/regions/{{region}}/disks/{{disk}}/removeResourcePolicies - self_link: projects/{{project}}/regions/{{region}}/disks/{{disk}} - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - resourcePolicies - is_list_of_ids: true - identity: - - name - description: | - Disk resource policies define a schedule for taking snapshots and a - retention period for these snapshots. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'disk' - resource: 'Disk' - imports: 'name' - description: | - The name of the regional disk in which the resource policies are attached to. - required: true - url_param_only: true - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'A reference to the region where the disk resides.' - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource policy to be attached to the disk for scheduling snapshot - creation. Do not specify the self link. - required: true - - !ruby/object:Api::Resource - name: 'DiskResourcePolicyAttachment' - input: true - base_url: projects/{{project}}/zones/{{zone}}/disks/{{disk}} - create_verb: :POST - create_url: projects/{{project}}/zones/{{zone}}/disks/{{disk}}/addResourcePolicies - delete_verb: :POST - delete_url: projects/{{project}}/zones/{{zone}}/disks/{{disk}}/removeResourcePolicies - self_link: projects/{{project}}/zones/{{zone}}/disks/{{disk}} - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - resourcePolicies - is_list_of_ids: true - identity: - - name - description: | - Disk resource policies define a schedule for taking snapshots and a - retention period for these snapshots. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'disk' - resource: 'Disk' - imports: 'name' - description: | - The name of the disk in which the resource policies are attached to. - required: true - url_param_only: true - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'A reference to the zone where the disk resides.' - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource policy to be attached to the disk for scheduling snapshot - creation. Do not specify the self link. - required: true - - !ruby/object:Api::Resource - name: 'Disk' - kind: 'compute#disk' - input: true - base_url: projects/{{project}}/zones/{{zone}}/disks - collection_url_key: 'items' - has_self_link: true - description: | - Persistent disks are durable storage devices that function similarly to - the physical disks in a desktop or a server. Compute Engine manages the - hardware behind these devices to ensure data redundancy and optimize - performance for you. Persistent disks are available as either standard - hard disk drives (HDD) or solid-state drives (SSD). - - Persistent disks are located independently from your virtual machine - instances, so you can detach or move persistent disks to keep your data - even after you delete your instances. Persistent disk performance scales - automatically with size, so you can resize your existing persistent disks - or add more persistent disks to an instance to meet your performance and - storage space requirements. - - Add a persistent disk to your instance when you need reliable and - affordable storage with consistent performance characteristics. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Adding a persistent disk': - 'https://cloud.google.com/compute/docs/disks/add-persistent-disk' - api: 'https://cloud.google.com/compute/docs/reference/v1/disks' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'A reference to the zone where the disk resides.' - required: true - - !ruby/object:Api::Type::NestedObject - name: 'sourceImageEncryptionKey' - description: | - The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - input: true - - !ruby/object:Api::Type::String - name: 'sourceImageId' - description: | - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'diskEncryptionKey' - description: | - Encrypts the disk using a customer-supplied encryption key. - - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - - Customer-supplied encryption keys do not protect access to metadata of - the disk. - - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'rsaEncryptedKey' - description: | - Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit - customer-supplied encryption key to either encrypt or decrypt - this resource. You can provide either the rawKey or the rsaEncryptedKey. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - Your project's Compute Engine System service account - (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have - `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - input: true - - !ruby/object:Api::Type::ResourceRef - name: 'sourceSnapshot' - resource: 'Snapshot' - imports: 'selfLink' - description: | - The source snapshot used to create this disk. You can provide this as - a partial or full URL to the resource. If the snapshot is in another - project than this disk, you must supply a full URL. For example, the - following are valid values: - - * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` - * `projects/project/global/snapshots/snapshot` - * `global/snapshots/snapshot` - - !ruby/object:Api::Type::NestedObject - name: 'sourceSnapshotEncryptionKey' - description: | - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - input: true - - !ruby/object:Api::Type::String - name: 'sourceSnapshotId' - description: | - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - output: true - properties: - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/setLabels' - update_verb: :POST - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Time - name: 'lastAttachTimestamp' - description: 'Last attach timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Time - name: 'lastDetachTimestamp' - description: 'Last detach timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this disk. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/setLabels' - - !ruby/object:Api::Type::Array - name: 'licenses' - description: 'Any applicable publicly visible licenses.' - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Integer - name: 'sizeGb' - description: | - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the sourceImage or - sourceSnapshot parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with sourceImage or sourceSnapshot, - the value of sizeGb must not be less than the size of the sourceImage - or the size of the snapshot. - update_verb: :POST - update_url: 'projects/{{project}}/zones/{{zone}}/disks/{{name}}/resize' - - !ruby/object:Api::Type::Array - name: 'users' - description: | - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance - item_type: !ruby/object:Api::Type::ResourceRef - name: 'user' - resource: 'Instance' - imports: 'selfLink' - description: 'A reference to a user of this disk' - output: true - - !ruby/object:Api::Type::Integer - name: 'physicalBlockSizeBytes' - description: | - Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - - !ruby/object:Api::Type::String - name: 'interface' - min_version: 'beta' - # interface is removed using url_param_only to preserve schema definition - # and prevent sending or reading in API requests - url_param_only: true - default_value: 'SCSI' - deprecation_message: This field is no longer in use, disk interfaces will be automatically determined on attachment. To resolve this issue, remove this field from your config. - description: | - Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. - - !ruby/object:Api::Type::String - name: 'sourceDisk' - description: | - The source disk used to create this disk. You can provide this as a partial or full URL to the resource. - For example, the following are valid values: - - * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk} - * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk} - * projects/{project}/zones/{zone}/disks/{disk} - * projects/{project}/regions/{region}/disks/{disk} - * zones/{zone}/disks/{disk} - * regions/{region}/disks/{disk} - - !ruby/object:Api::Type::String - name: 'sourceDiskId' - description: | - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'type' - resource: 'DiskType' - imports: 'selfLink' - description: | - URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - - !ruby/object:Api::Type::String - name: 'sourceImage' - description: | - The source image used to create this disk. If the source image is - deleted, this field will not be set. - - To create a disk with one of the public operating system images, - specify the image by its family name. For example, specify - family/debian-11 to use the latest Debian 11 image: - - projects/debian-cloud/global/images/family/debian-11 - - Alternatively, use a specific version of a public operating system - image: - - projects/debian-cloud/global/images/debian-11-bullseye-vYYYYMMDD - - To create a disk with a private image that you created, specify the - image name in the following format: - - global/images/my-private-image - - You can also specify a private image by its image family, which - returns the latest version of the image in that family. Replace the - image name with family/family-name: - - global/images/family/my-private-family - input: true - - !ruby/object:Api::Type::Array - name: 'resourcePolicies' - min_version: beta - description: 'Resource policies applied to this disk for automatic snapshot creations.' - item_type: !ruby/object:Api::Type::ResourceRef - name: 'resourcePolicy' - resource: 'ResourcePolicy' - imports: 'selfLink' - description: 'A resource policy applied to this disk for automatic snapshot creations.' - - !ruby/object:Api::Type::Boolean - name: 'multiWriter' - description: | - Indicates whether or not the disk can be read/write attached to more than one instance. - min_version: beta - - !ruby/object:Api::Type::Integer - name: 'provisionedIops' - description: | - Indicates how many IOPS must be provisioned for the disk. - - !ruby/object:Api::Resource - name: 'Firewall' - kind: 'compute#firewall' - base_url: projects/{{project}}/global/firewalls - collection_url_key: 'items' - update_verb: :PATCH - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/vpc/docs/firewalls' - api: 'https://cloud.google.com/compute/docs/reference/v1/firewalls' - description: | - Each network has its own firewall controlling access to and from the - instances. - - All traffic to instances, even from other instances, is blocked by the - firewall unless firewall rules are created to allow it. - - The default network has automatically created firewall rules that are - shown in default firewall rules. No manually created network has - automatically created firewall rules except for a default "allow" rule for - outgoing traffic and a default "deny" for incoming traffic. For all - networks except the default network, you must create any firewall rules - you need. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - # TODO(nelsonjr): [nice to have] Make the format here simpler to use, in - # the form of # 22/tcp, [12345-23456]/tcp. It requires a conversion - # function to the # final JSON format expected by the API for this - # proposal to work. - - !ruby/object:Api::Type::Array - name: 'allowed' - description: | - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - exactly_one_of: - - allow - - deny - item_type: !ruby/object:Api::Type::NestedObject - properties: - # IPProtocol has to be string, instead of Enum because user can - # specify the protocol by number as well. - - !ruby/object:Api::Type::String - name: 'ip_protocol' - description: | - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - api_name: 'IPProtocol' - required: true - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'ports' - description: | - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Array - name: 'denied' - exactly_one_of: - - allow - - deny - description: | - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - item_type: !ruby/object:Api::Type::NestedObject - properties: - # IPProtocol has to be string, instead of Enum because user can - # specify the protocol by number as well. - - !ruby/object:Api::Type::String - name: 'ip_protocol' - description: | - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - api_name: 'IPProtocol' - required: true - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'ports' - description: | - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Array - name: 'destinationRanges' - description: | - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: 'direction' - description: | - Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - `source_ranges` OR `source_tags`. For INGRESS traffic, one of `source_ranges`, - `source_tags` or `source_service_accounts` is required. - values: - - :INGRESS - - :EGRESS - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - description: | - This field denotes the logging options for a particular firewall rule. - If logging is enabled, logs will be exported to Cloud Logging. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - description: | - This field denotes whether to enable logging for a particular - firewall rule. If logging is enabled, logs will be exported to - Stackdriver. - - !ruby/object:Api::Type::Enum - name: 'metadata' - description: | - This field denotes whether to include or exclude metadata for firewall logs. - values: - - :EXCLUDE_ALL_METADATA - - :INCLUDE_ALL_METADATA - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - required: true - description: | - URL of the network resource for this firewall rule. If not specified - when creating a firewall rule, the default network is used: - - global/networks/default - - If you choose to specify this property, you can specify the network as - a full or partial URL. For example, the following are all valid URLs: - - https://www.googleapis.com/compute/v1/projects/myproject/global/ - networks/my-network - projects/myproject/global/networks/my-network - global/networks/default - - !ruby/object:Api::Type::Integer - name: 'priority' - description: | - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - default_value: 1000 - send_empty_value: true - - !ruby/object:Api::Type::Array - name: 'sourceRanges' - description: | - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of `source_ranges`, - `source_tags` or `source_service_accounts` is required. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'sourceServiceAccounts' - description: | - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. For INGRESS traffic, - one of `source_ranges`, `source_tags` or `source_service_accounts` is required. - item_type: Api::Type::String - max_size: 10 - conflicts: - - source_tags - - target_tags - - !ruby/object:Api::Type::Array - name: 'sourceTags' - description: | - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of `source_ranges`, `source_tags` or `source_service_accounts` is required. - item_type: Api::Type::String - conflicts: - - source_service_accounts - - target_service_accounts - - !ruby/object:Api::Type::Array - name: 'targetServiceAccounts' - description: | - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - item_type: Api::Type::String - max_size: 10 - conflicts: - - source_tags - - target_tags - - !ruby/object:Api::Type::Array - name: 'targetTags' - description: | - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. - item_type: Api::Type::String - conflicts: - - source_service_accounts - - target_service_accounts - - !ruby/object:Api::Resource - name: 'ForwardingRule' - kind: 'compute#forwardingRule' - base_url: projects/{{project}}/regions/{{region}}/forwardingRules - collection_url_key: 'items' - has_self_link: true - description: | - A ForwardingRule resource. A ForwardingRule resource specifies which pool - of target virtual machines to forward a packet to if it matches the given - [IPAddress, IPProtocol, portRange] tuple. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules' - api: 'https://cloud.google.com/compute/docs/reference/v1/forwardingRules' - input: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - A reference to the region where the regional forwarding rule resides. - This field is not applicable to global forwarding rules. - required: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Boolean - name: 'isMirroringCollector' - description: | - Indicates whether or not this load balancer can be used - as a collector for packet mirroring. To prevent mirroring loops, - instances behind this load balancer will not have their traffic - mirrored even if a PacketMirroring rule applies to them. This - can only be set to true for load balancers that have their - loadBalancingScheme set to INTERNAL. - - !ruby/object:Api::Type::String - name: 'pscConnectionId' - description: 'The PSC connection id of the PSC Forwarding Rule.' - output: true - - !ruby/object:Api::Type::String - name: 'pscConnectionStatus' - description: 'The PSC connection status of the PSC Forwarding Rule. Possible - values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - # This is a multi-resource resource reference (Address, GlobalAddress) - - !ruby/object:Api::Type::String - name: 'IPAddress' - description: | - The IP address that this forwarding rule serves. When a client sends - traffic to this IP address, the forwarding rule directs the traffic to - the target that you specify in the forwarding rule. The - loadBalancingScheme and the forwarding rule's target determine the - type of IP address that you can use. For detailed information, refer - to [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). - - An address can be specified either by a literal IP address or a - reference to an existing Address resource. If you don't specify a - reserved IP address, an ephemeral IP address is assigned. - - The value must be set to 0.0.0.0 when the target is a targetGrpcProxy - that has validateForProxyless field set to true. - - For Private Service Connect forwarding rules that forward traffic to - Google APIs, IP address must be provided. - - !ruby/object:Api::Type::Enum - name: 'IPProtocol' - description: | - The IP protocol to which this rule applies. - - When the load balancing scheme is INTERNAL, only TCP and UDP are - valid. - values: - - :TCP - - :UDP - - :ESP - - :AH - - :SCTP - - :ICMP - - :L3_DEFAULT - # This is a multi-resource resource reference (BackendService (global), RegionBackendService) - # We have custom expands that manage this. - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'BackendService' - imports: 'selfLink' - description: | - A BackendService to receive the matched traffic. This is used only - for INTERNAL load balancing. - - !ruby/object:Api::Type::Enum - name: 'loadBalancingScheme' - description: | - This signifies what the ForwardingRule will be used for and can be - EXTERNAL, EXTERNAL_MANAGED, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic - Cloud VPN gateways, protocol forwarding to VMs from an external IP address, - and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. - INTERNAL is used for protocol forwarding to VMs from an internal IP address, - and internal TCP/UDP load balancers. - EXTERNAL_MANAGED is used for regional external HTTP(S) load balancers. - INTERNAL_MANAGED is used for internal HTTP(S) load balancers. - - ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set to "" - if the target is an URI of a service attachment. - values: - - :EXTERNAL - - :EXTERNAL_MANAGED - - :INTERNAL - - :INTERNAL_MANAGED - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - For internal load balancing, this field identifies the network that - the load balanced IP should belong to for this Forwarding Rule. If - this field is not specified, the default network will be used. - This field is only used for INTERNAL load balancing. - # TODO(nelsonjr): When implementing new types enable converting the - # manifest input from a single value to a range of form NN-NN. The API - # accepts a single value, e.g. '80', but the API stores and returns - # '80-80'. This causes idempotency false positive. - - !ruby/object:Api::Type::String - name: 'portRange' - description: | - This field is used along with the target field for TargetHttpProxy, - TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, - TargetPool, TargetInstance. - - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets - addressed to ports in the specified range will be forwarded to target. - Forwarding rules with the same [IPAddress, IPProtocol] pair must have - disjoint port ranges. - - Some types of forwarding target have constraints on the acceptable - ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetVpnGateway: 500, 4500 - - !ruby/object:Api::Type::Array - name: 'ports' - max_size: 5 - description: | - This field is used along with internal load balancing and network - load balancer when the forwarding rule references a backend service - and when protocol is not L3_DEFAULT. - - A single port or a comma separated list of ports can be configured. - Only packets addressed to these ports will be forwarded to the backends - configured with this forwarding rule. - - You can only use one of ports and portRange, or allPorts. - The three are mutually exclusive. - - You may specify a maximum of up to 5 ports, which can be non-contiguous. - item_type: Api::Type::String - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - The subnetwork that the load balanced IP should belong to for this - Forwarding Rule. This field is only used for INTERNAL load balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - # This is a multi-resource resource reference (TargetHttp(s)Proxy, - # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, - # TargetInstance) - - !ruby/object:Api::Type::String - name: 'target' - description: | - The URL of the target resource to receive the matched traffic. - The target must live in the same region as the forwarding rule. - The forwarded traffic must be of a type appropriate to the target - object. - update_verb: :POST - update_url: - 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setTarget' - - !ruby/object:Api::Type::Boolean - name: 'allowGlobalAccess' - description: | - If true, clients can access ILB from all regions. - Otherwise only allows from the local region the ILB is located at. - send_empty_value: true - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this forwarding rule. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' - min_version: beta - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}/setLabels' - update_verb: :POST - min_version: beta - # While this field doesn't appear in the resource definition in the docs, - # it's present in Get and Insert, and the resource has no Update/Patch call. - - !ruby/object:Api::Type::Boolean - name: 'allPorts' - description: | - This field can be used with internal load balancer or network load balancer - when the forwarding rule references a backend service, or with the target - field when it references a TargetInstance. Set this to true to - allow packets addressed to any ports to be forwarded to the backends configured - with this forwarding rule. This can be used when the protocol is TCP/UDP, and it - must be set to true when the protocol is set to L3_DEFAULT. - Cannot be set if port or portRange are set. - - !ruby/object:Api::Type::Enum - name: 'networkTier' - description: | - The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. - values: - - :PREMIUM - - :STANDARD - input: true - - !ruby/object:Api::Type::Array - name: 'serviceDirectoryRegistrations' - description: | - Service Directory resources to register this forwarding rule with. Currently, - only supports a single Service Directory resource. - min_size: 0 - max_size: 1 - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'namespace' - description: | - Service Directory namespace to register the forwarding rule under. - input: true - - !ruby/object:Api::Type::String - name: 'service' - description: | - Service Directory service to register the forwarding rule under. - input: true - - !ruby/object:Api::Type::String - name: 'serviceLabel' - description: | - An optional prefix to the service name for this Forwarding Rule. - If specified, will be the first label of the fully qualified service - name. - - The label must be 1-63 characters long, and comply with RFC1035. - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first - character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - This field is only used for INTERNAL load balancing. - - !ruby/object:Api::Type::String - name: 'serviceName' - description: | - The internal fully qualified service name for this Forwarding Rule. - This field is only used for INTERNAL load balancing. - output: true - - !ruby/object:Api::Resource - name: 'GlobalAddress' - kind: 'compute#address' - base_url: projects/{{project}}/global/addresses - collection_url_key: 'items' - has_self_link: true - description: | - Represents a Global Address resource. Global addresses are used for - HTTP(S) load balancing. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Reserving a Static External IP Address': - 'https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address' - api: 'https://cloud.google.com/compute/docs/reference/v1/globalAddresses' - input: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'address' - description: | - The IP address or beginning of the address range represented by this - resource. This can be supplied as an input to reserve a specific - address or omitted to allow GCP to choose a valid one for you. - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier is defined by - the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this address. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' - min_version: beta - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/global/addresses/{{name}}/setLabels' - update_verb: :POST - min_version: beta - - !ruby/object:Api::Type::Enum - name: 'ipVersion' - description: | - The IP Version that will be used by this address. The default value is `IPV4`. - values: - - :IPV4 - - :IPV6 - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - description: | - A reference to the region where the regional address resides. - output: true - - !ruby/object:Api::Type::Integer - name: 'prefixLength' - description: | - The prefix length of the IP range. If not present, it means the - address field is a single IP address. - - This field is not applicable to addresses with addressType=EXTERNAL, - or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT - - !ruby/object:Api::Type::Enum - name: 'addressType' - description: | - The type of the address to reserve. - - * EXTERNAL indicates public/external single IP address. - * INTERNAL indicates internal IP ranges belonging to some network. - values: - - :EXTERNAL - - :INTERNAL - default_value: :EXTERNAL - - !ruby/object:Api::Type::String - name: 'purpose' - description: | - The purpose of the resource. Possible values include: - - * VPC_PEERING - for peer networks - - * PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The URL of the network in which to reserve the IP range. The IP range - must be in RFC1918 space. The network cannot be deleted if there are - any reserved IP ranges referring to it. - - This should only be set when using an Internal address. - # status is not useful for state convergence - # users[] is not useful for state convergence - - !ruby/object:Api::Resource - name: 'GlobalForwardingRule' - kind: 'compute#forwardingRule' - base_url: projects/{{project}}/global/forwardingRules - input: true - has_self_link: true - collection_url_key: 'items' - description: | - Represents a GlobalForwardingRule resource. Global forwarding rules are - used to forward traffic to the correct load balancer for HTTP load - balancing. Global forwarding rules can only be used for HTTP load - balancing. - - For more information, see - https://cloud.google.com/compute/docs/load-balancing/http/ - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - # This is a multi-resource resource reference (Address, GlobalAddress) - - !ruby/object:Api::Type::String - name: 'IPAddress' - description: | - The IP address that this forwarding rule serves. When a client sends - traffic to this IP address, the forwarding rule directs the traffic to - the target that you specify in the forwarding rule. The - loadBalancingScheme and the forwarding rule's target determine the - type of IP address that you can use. For detailed information, refer - to [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). - - An address can be specified either by a literal IP address or a - reference to an existing Address resource. If you don't specify a - reserved IP address, an ephemeral IP address is assigned. - - The value must be set to 0.0.0.0 when the target is a targetGrpcProxy - that has validateForProxyless field set to true. - - For Private Service Connect forwarding rules that forward traffic to - Google APIs, IP address must be provided. - - !ruby/object:Api::Type::Enum - name: 'IPProtocol' - description: | - The IP protocol to which this rule applies. When the load balancing scheme is - INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the - global address is configured as a purpose of PRIVATE_SERVICE_CONNECT - and addressType of INTERNAL - values: - - :TCP - - :UDP - - :ESP - - :AH - - :SCTP - - :ICMP - - !ruby/object:Api::Type::Enum - name: 'ipVersion' - description: | - The IP Version that will be used by this global forwarding rule. - values: - - :IPV4 - - :IPV6 - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this forwarding rule. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' - min_version: beta - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setLabels' - update_verb: :POST - min_version: beta - - !ruby/object:Api::Type::Enum - name: 'loadBalancingScheme' - description: | - This signifies what the GlobalForwardingRule will be used for. - The value of INTERNAL_SELF_MANAGED means that this will be used for - Internal Global HTTP(S) LB. The value of EXTERNAL means that this - will be used for External Global Load Balancing (HTTP(S) LB, - External TCP/UDP LB, SSL Proxy). The value of EXTERNAL_MANAGED means - that this will be used for Global external HTTP(S) load balancers. - - ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is - configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. - default_value: :EXTERNAL - values: - - :EXTERNAL - - :EXTERNAL_MANAGED - - :INTERNAL_SELF_MANAGED - - !ruby/object:Api::Type::Array - name: 'metadataFilters' - description: | - Opaque filter criteria used by Loadbalancer to restrict routing - configuration to a limited set xDS compliant clients. In their xDS - requests to Loadbalancer, xDS clients present node metadata. If a - match takes place, the relevant routing configuration is made available - to those proxies. - - For each metadataFilter in this list, if its filterMatchCriteria is set - to MATCH_ANY, at least one of the filterLabels must match the - corresponding label provided in the metadata. If its filterMatchCriteria - is set to MATCH_ALL, then all of its filterLabels must match with - corresponding labels in the provided metadata. - - metadataFilters specified here can be overridden by those specified in - the UrlMap that this ForwardingRule references. - - metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'filterMatchCriteria' - description: | - Specifies how individual filterLabel matches within the list of - filterLabels contribute towards the overall metadataFilter match. - - MATCH_ANY - At least one of the filterLabels must have a matching - label in the provided metadata. - MATCH_ALL - All filterLabels must have matching labels in the - provided metadata. - required: true - values: - - :MATCH_ANY - - :MATCH_ALL - - !ruby/object:Api::Type::Array - name: 'filterLabels' - description: | - The list of label value pairs that must match labels in the - provided metadata based on filterMatchCriteria - - This list must not be empty and can have at the most 64 entries. - min_size: 1 - max_size: 64 - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the metadata label. The length must be between - 1 and 1024 characters, inclusive. - required: true - - !ruby/object:Api::Type::String - name: 'value' - description: | - The value that the label must match. The value has a maximum - length of 1024 characters. - required: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - This field is not used for external load balancing. - For INTERNAL_SELF_MANAGED load balancing, this field - identifies the network that the load balanced IP should belong to - for this global forwarding rule. If this field is not specified, - the default network will be used. - # TODO(nelsonjr): When implementing new types enable converting the - # manifest input from a single value to a range of form NN-NN. The API - # accepts a single value, e.g. '80', but the API stores and returns - # '80-80'. This causes idempotency false positive. - - !ruby/object:Api::Type::String - name: 'portRange' - description: | - This field is used along with the target field for TargetHttpProxy, - TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, - TargetPool, TargetInstance. - - Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets - addressed to ports in the specified range will be forwarded to target. - Forwarding rules with the same [IPAddress, IPProtocol] pair must have - disjoint port ranges. - - Some types of forwarding target have constraints on the acceptable - ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, - 1883, 5222 - * TargetVpnGateway: 500, 4500 - # This is a multi-resource resource reference (TargetHttp(s)Proxy, - # TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, - # TargetInstance) - - !ruby/object:Api::Type::String - name: 'target' - required: true - description: | - The URL of the target resource to receive the matched traffic. - The forwarded traffic must be of a type appropriate to the target object. - For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - - ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and - addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid. - update_verb: :POST - update_url: 'projects/{{project}}/global/forwardingRules/{{name}}/setTarget' - - !ruby/object:Api::Resource - name: 'HttpHealthCheck' - kind: 'compute#httpHealthCheck' - base_url: projects/{{project}}/global/httpHealthChecks - collection_url_key: 'items' - has_self_link: true - description: | - An HttpHealthCheck resource. This resource defines a template for how - individual VMs should be checked for health, via HTTP. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Adding Health Checks': 'https://cloud.google.com/compute/docs/load-balancing/health-checks#legacy_health_checks' - api: 'https://cloud.google.com/compute/docs/reference/v1/httpHealthChecks' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Integer - name: 'checkIntervalSec' - description: | - How often (in seconds) to send a health check. The default value is 5 - seconds. - default_value: 5 - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'healthyThreshold' - description: | - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - - !ruby/object:Api::Type::String - name: 'host' - description: | - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier is defined by - the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - The TCP port number for the HTTP health check request. - The default value is 80. - - !ruby/object:Api::Type::String - name: 'requestPath' - description: | - The request path of the HTTP health check request. - The default value is /. - - !ruby/object:Api::Type::Integer - name: 'timeoutSec' - description: | - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - - !ruby/object:Api::Type::Integer - name: 'unhealthyThreshold' - description: | - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - - !ruby/object:Api::Resource - name: 'HttpsHealthCheck' - kind: 'compute#httpsHealthCheck' - base_url: projects/{{project}}/global/httpsHealthChecks - collection_url_key: 'items' - has_self_link: true - description: | - An HttpsHealthCheck resource. This resource defines a template for how - individual VMs should be checked for health, via HTTPS. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Adding Health Checks': 'https://cloud.google.com/compute/docs/load-balancing/health-checks#legacy_health_checks' - api: 'https://cloud.google.com/compute/docs/reference/v1/httpsHealthChecks' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Integer - name: 'checkIntervalSec' - description: | - How often (in seconds) to send a health check. The default value is 5 - seconds. - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'healthyThreshold' - description: | - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - - !ruby/object:Api::Type::String - name: 'host' - description: | - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier is defined by - the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - The TCP port number for the HTTPS health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'requestPath' - description: | - The request path of the HTTPS health check request. - The default value is /. - - !ruby/object:Api::Type::Integer - name: 'timeoutSec' - description: | - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - - !ruby/object:Api::Type::Integer - name: 'unhealthyThreshold' - description: | - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - - !ruby/object:Api::Resource - name: 'HealthCheck' - kind: 'compute#healthCheck' - base_url: projects/{{project}}/global/healthChecks - collection_url_key: 'items' - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/health-checks' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/healthChecks' - description: | - Health Checks determine whether instances are responsive and able to do work. - They are an important part of a comprehensive load balancing configuration, - as they enable monitoring instances behind load balancers. - - Health Checks poll instances at a specified interval. Instances that - do not respond successfully to some number of probes in a row are marked - as unhealthy. No new connections are sent to unhealthy instances, - though existing connections will continue. The health check will - continue to poll unhealthy instances. If an instance later responds - successfully to some number of consecutive probes, it is marked - healthy again and can receive new connections. - - ~>**NOTE**: Legacy HTTP(S) health checks must be used for target pool-based network - load balancers. See the [official guide](https://cloud.google.com/load-balancing/docs/health-check-concepts#selecting_hc) - for choosing a type of health check. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Integer - name: 'checkIntervalSec' - description: | - How often (in seconds) to send a health check. The default value is 5 - seconds. - default_value: 5 - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - send_empty_value: true - - !ruby/object:Api::Type::Integer - name: 'healthyThreshold' - description: | - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - default_value: 2 - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier is defined by - the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - - !ruby/object:Api::Type::Integer - name: 'timeoutSec' - description: | - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - default_value: 5 - - !ruby/object:Api::Type::Integer - name: 'unhealthyThreshold' - description: | - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - default_value: 2 - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - Specifies the type of the healthCheck, either TCP, SSL, HTTP or - HTTPS. If not specified, the default is TCP. Exactly one of the - protocol-specific health check field must be specified, which must - match type field. - values: - - :TCP - - :SSL - - :HTTP - - :HTTPS - - :HTTP2 - - !ruby/object:Api::Type::NestedObject - name: 'httpHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'host' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - - !ruby/object:Api::Type::String - name: 'requestPath' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The request path of the HTTP health check request. - The default value is /. - default_value: "/" - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The TCP port number for the HTTP health check request. - The default value is 80. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'httpsHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'host' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - - !ruby/object:Api::Type::String - name: 'requestPath' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The request path of the HTTPS health check request. - The default value is /. - default_value: "/" - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The TCP port number for the HTTPS health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'tcpHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'request' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - The TCP port number for the TCP health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'sslHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'request' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - The TCP port number for the SSL health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'http2HealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'host' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - - !ruby/object:Api::Type::String - name: 'requestPath' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The request path of the HTTP2 health check request. - The default value is /. - default_value: "/" - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The TCP port number for the HTTP2 health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'grpcHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::String - name: 'grpcServiceName' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - description: | - Configure logging on this health check. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - description: | - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - default_value: false - - !ruby/object:Api::Resource - name: 'InstanceTemplate' - kind: 'compute#instanceTemplate' - input: true - base_url: projects/{{project}}/global/instanceTemplates - collection_url_key: 'items' - has_self_link: true - description: | - Defines an Instance Template resource that provides configuration settings - for your virtual machine instances. Instance templates are not tied to the - lifetime of an instance and can be used and reused as to deploy virtual - machines. You can also use different templates to create different virtual - machine configurations. Instance templates are required when you create a - managed instance group. - - Tip: Disks should be set to autoDelete=true - so that leftover disks are not left behind on machine deletion. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier - is defined by the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. The name is 1-63 characters long - and complies with RFC1035. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'properties' - description: 'The instance properties for this instance template.' - properties: - - !ruby/object:Api::Type::Boolean - name: 'canIpForward' - description: | - Enables instances created based on this template to send packets - with source IP addresses other than their own and receive packets - with destination IP addresses other than their own. If these - instances will be used as an IP gateway or it will be set as the - next-hop in a Route resource, specify true. If unsure, leave this - set to false. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional text description for the instances that are created - from this instance template. - - !ruby/object:Api::Type::Array - name: 'disks' - description: | - An array of disks that are associated with the instances that are - created from this template. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'licenses' - description: Any applicable license URI. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::Boolean - name: 'autoDelete' - description: | - Specifies whether the disk will be auto-deleted when the - instance is deleted (but not when the disk is detached from - the instance). - - Tip: Disks should be set to autoDelete=true - so that leftover disks are not left behind on machine - deletion. - - !ruby/object:Api::Type::Boolean - name: 'boot' - description: | - Indicates that this is a boot disk. The virtual machine will - use the first partition of the disk for its root filesystem. - - !ruby/object:Api::Type::String - name: 'deviceName' - description: | - Specifies a unique device name of your choice that is - reflected into the /dev/disk/by-id/google-* tree of a Linux - operating system running within the instance. This name can - be used to reference the device for mounting, resizing, and - so on, from within the instance. - - !ruby/object:Api::Type::NestedObject - name: 'diskEncryptionKey' - description: | - Encrypts or decrypts a disk using a customer-supplied - encryption key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, - encoded in RFC 4648 base64 to either encrypt or decrypt - this resource. - - !ruby/object:Api::Type::String - name: 'rsaEncryptedKey' - description: | - Specifies an RFC 4648 base64 encoded, RSA-wrapped - 2048-bit customer-supplied encryption key to either - encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this - resource. - output: true - - !ruby/object:Api::Type::Integer - name: 'index' - description: | - Assigns a zero-based index to this disk, where 0 is - reserved for the boot disk. For example, if you have many - disks attached to an instance, each disk would have a - unique index number. If not specified, the server will - choose an appropriate value. - - !ruby/object:Api::Type::NestedObject - name: 'initializeParams' - description: | - Specifies the parameters for a new disk that will be - created alongside the new instance. Use initialization - parameters to create boot disks or local SSDs attached to - the new instance. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'diskName' - description: | - Specifies the disk name. If not specified, the default - is to use the name of the instance. - - !ruby/object:Api::Type::Integer - name: 'diskSizeGb' - description: Specifies the size of the disk in base-2 GB. - # diskStorageType - deprecated - - !ruby/object:Api::Type::ResourceRef - name: 'diskType' - description: | - Reference to a disk type. - Specifies the disk type to use to create the instance. - If not specified, the default is pd-standard. - resource: 'DiskType' - imports: 'selfLink' - - !ruby/object:Api::Type::String - name: 'sourceImage' - description: | - The source image to create this disk. When creating a - new instance, one of initializeParams.sourceImage or - disks.source is required. To create a disk with one of - the public operating system images, specify the image - by its family name. - - !ruby/object:Api::Type::NestedObject - name: 'sourceImageEncryptionKey' - description: | - The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to either encrypt - or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this - resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'interface' - description: | - Specifies the disk interface to use for attaching this - disk, which is either SCSI or NVME. The default is SCSI. - Persistent disks must always use SCSI and the request will - fail if you attempt to attach a persistent disk in any - other format than SCSI. - values: - - :SCSI - - :NVME - # Ignoring kind - It's a constant and we don't need it. - # TODO(alexstephen): Place in licenses - it's a Array of - # ResourceRefs - - !ruby/object:Api::Type::Enum - name: 'mode' - description: | - The mode in which to attach this disk, either READ_WRITE or - READ_ONLY. If not specified, the default is to attach the - disk in READ_WRITE mode. - values: - - :READ_WRITE - - :READ_ONLY - # This is the name, not selfLink of a disk. - - !ruby/object:Api::Type::ResourceRef - name: 'source' - resource: 'Disk' - imports: 'name' - description: | - Reference to a disk. When creating a new instance, - one of initializeParams.sourceImage or disks.source is required. - - If desired, you can also attach existing non-root - persistent disks using this property. This field is only - applicable for persistent disks. - - Note that for InstanceTemplate, specify the disk name, not - the URL for the disk. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - Specifies the type of the disk, either SCRATCH or - PERSISTENT. If not specified, the default is PERSISTENT. - values: - - :SCRATCH - - :PERSISTENT - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels to apply to this address. A list of key->value pairs. - # This machineType seems to be the shortname. - # This is because machineType selfLinks are zone specific. - - !ruby/object:Api::Type::ResourceRef - name: 'machineType' - description: | - The machine type to use in the VM instance template. - # InstanceTemplates take a name. Instances take a self-link - required: true - resource: 'MachineType' - imports: 'name' - - !ruby/object:Api::Type::String - name: 'minCpuPlatform' - description: | - Specifies a minimum CPU platform for the VM instance. Applicable - values are the friendly names of CPU platforms - # TODO(nelsonjr): Implement updating metadata *after* resource is created. - - # Expose instance 'metadata' as a simple name/value pair hash. However the API - # defines metadata as a NestedObject with the following layout: - # - # metadata { - # fingerprint: 'hash-of-last-metadata' - # items: [ - # { - # key: 'metadata1-key' - # value: 'metadata1-value' - # }, - # ... - # ] - # } - # - # Fingerprint is an optimistic locking mechanism for updates, which requires - # adding the 'fingerprint' of the last metadata to allow update. - # - # To comply with the API please add an encoder: and decoder: to the provider. - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - The metadata key/value pairs to assign to instances that are - created from this template. These pairs can consist of custom - metadata or predefined keys. - - !ruby/object:Api::Type::Array - name: 'guestAccelerators' - description: | - List of the type and count of accelerator cards attached to the - instance - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'acceleratorCount' - description: | - The number of the guest accelerator cards exposed to this - instance. - # TODO(alexstephen): Change to ResourceRef once AcceleratorType is - # created. - - !ruby/object:Api::Type::String - name: 'acceleratorType' - description: | - Full or partial URL of the accelerator type resource to expose - to this instance. - - !ruby/object:Api::Type::Array - name: 'networkInterfaces' - description: | - An array of configurations for this interface. This specifies - how this interface is configured to interact with other - network services, such as connecting to the internet. Only - one network interface is supported per instance. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'accessConfigs' - description: | - An array of configurations for this interface. Currently, only - one access config, ONE_TO_ONE_NAT, is supported. If there are no - accessConfigs specified, then this instance will have no - external internet access. - item_type: !ruby/object:Api::Type::NestedObject - properties: - # 'kind' is not needed for object convergence - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of this access configuration. The - default and recommended name is External NAT but you can - use any arbitrary string you would like. For example, My - external IP or Network Access. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'natIP' - resource: 'Address' - imports: 'address' - description: | - Reference to an address. - An external IP address associated with this instance. - Specify an unused static external IP address available to - the project or leave this field undefined to use an IP - from a shared ephemeral IP address pool. If you specify a - static external IP address, it must live in the same - region as the zone of the instance. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - The type of configuration. The default and only option is - ONE_TO_ONE_NAT. - values: - - :ONE_TO_ONE_NAT - required: true - - !ruby/object:Api::Type::Boolean - name: 'setPublicPtr' - description: | - Specifies whether a public DNS PTR record should be - created to map the external IP address of the instance - to a DNS domain name. - - !ruby/object:Api::Type::String - name: 'publicPtrDomainName' - description: | - The DNS domain name for the public PTR record. You can - set this field only if the setPublicPtr field is - enabled. - - !ruby/object:Api::Type::Enum - name: 'networkTier' - description: | - This signifies the networking tier used for configuring - this access configuration. If an AccessConfig is - specified without a valid external IP address, an - ephemeral IP will be created with this networkTier. If an - AccessConfig with a valid external IP address is - specified, it must match that of the networkTier - associated with the Address resource owning that IP. - values: - - :PREMIUM - - :STANDARD - - !ruby/object:Api::Type::Array - name: 'aliasIpRanges' - description: | - An array of alias IP ranges for this network interface. Can - only be specified for network interfaces on subnet-mode - networks. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipCidrRange' - description: | - The IP CIDR range represented by this alias IP range. - This IP CIDR range must belong to the specified - subnetwork and cannot contain IP addresses reserved by - system or used by other network interfaces. This range - may be a single IP address (e.g. 10.2.3.4), a netmask - (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). - - !ruby/object:Api::Type::String - name: 'subnetworkRangeName' - description: | - Optional subnetwork secondary range name specifying - the secondary range from which to allocate the IP - CIDR range for this alias IP range. If left - unspecified, the primary range of the subnetwork will - be used. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the network interface, generated by the - server. For network devices, these are eth0, eth1, etc - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - Specifies the title of an existing network. When creating - an instance, if neither the network nor the subnetwork is specified, - the default network global/networks/default is used; if the network - is not specified but the subnetwork is specified, the network is - inferred. - - !ruby/object:Api::Type::String - name: 'networkIP' - description: | - An IPv4 internal network address to assign to the - instance for this network interface. If not specified - by the user, an unused internal IP is assigned by the - system. - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - Reference to a VPC network. - If the network resource is in legacy mode, do not - provide this property. If the network is in auto - subnet mode, providing the subnetwork is optional. If - the network is in custom subnet mode, then this field - should be specified. - # networkInterfaces.kind is not necessary for convergence. - - !ruby/object:Api::Type::NestedObject - name: 'scheduling' - description: Sets the scheduling options for this instance. - properties: - - !ruby/object:Api::Type::Boolean - name: 'automaticRestart' - description: | - Specifies whether the instance should be automatically restarted - if it is terminated by Compute Engine (not terminated by a user). - You can only set the automatic restart option for standard - instances. Preemptible instances cannot be automatically - restarted. - - !ruby/object:Api::Type::String - name: 'onHostMaintenance' - description: | - Defines the maintenance behavior for this instance. For standard - instances, the default behavior is MIGRATE. For preemptible - instances, the default and only possible behavior is TERMINATE. - For more information, see Setting Instance Scheduling Options. - - !ruby/object:Api::Type::Boolean - name: 'preemptible' - description: | - Defines whether the instance is preemptible. This can only be set - during instance creation, it cannot be set or changed after the - instance has been created. - - !ruby/object:Api::Type::Array - name: 'serviceAccounts' - description: | - A list of service accounts, with their specified scopes, authorized - for this instance. Only one service account per VM instance is - supported. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'email' - description: Email address of the service account. - - !ruby/object:Api::Type::Array - name: scopes - description: | - The list of scopes to be made available for this service - account. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'tags' - description: | - A list of tags to apply to this instance. Tags are used to identify - valid sources or targets for network firewalls and are specified by - the client during instance creation. The tags can be later modified - by the setTags method. Each tag within the list must comply with - RFC1035. - properties: - # TODO(alexstephen) Investigate bytes type - - !ruby/object:Api::Type::String - name: 'fingerprint' - description: | - Specifies a fingerprint for this request, which is essentially a - hash of the metadata's contents and used for optimistic locking. - The fingerprint is initially generated by Compute Engine and - changes after every request to modify or update metadata. You - must always provide an up-to-date fingerprint hash in order to - update or change metadata. - - !ruby/object:Api::Type::Array - name: 'items' - description: | - An array of tags. Each tag must be 1-63 characters long, and - comply with RFC1035. - item_type: Api::Type::String - - !ruby/object:Api::Resource - name: 'License' - kind: 'compute#license' - base_url: /projects/{{project}}/global/licenses - collection_url_key: 'items' - readonly: true - has_self_link: true - description: | - A License resource represents a software license. Licenses are used to - track software usage in images, persistent disks, snapshots, and virtual - machine instances. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. The name is 1-63 characters long - and complies with RFC1035. - output: true - - !ruby/object:Api::Type::Boolean - name: 'chargesUseFee' - description: | - If true, the customer will be charged license fee for - running software that contains this license on an instance. - output: true - - !ruby/object:Api::Resource - name: 'Image' - kind: 'compute#image' - base_url: projects/{{project}}/global/images - input: true - has_self_link: true - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/images' - api: 'https://cloud.google.com/compute/docs/reference/v1/images' - description: | - Represents an Image resource. - - Google Compute Engine uses operating system images to create the root - persistent disks for your instances. You specify an image when you create - an instance. Images contain a boot loader, an operating system, and a - root file system. Linux operating system images are also capable of - running containers on Compute Engine. - - Images can be either public or custom. - - Public images are provided and maintained by Google, open-source - communities, and third-party vendors. By default, all projects have - access to these images and can use them to create instances. Custom - images are available only to your project. You can create a custom image - from root persistent disks and other images. Then, use the custom image - to create an instance. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Integer - name: 'archiveSizeBytes' - description: | - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - output: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'deprecated' - description: The deprecation status associated with this image. - output: true - properties: - - !ruby/object:Api::Type::Time - name: 'deleted' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to DELETED. This is only - informational and the status will not change unless the client - explicitly changes it. - - !ruby/object:Api::Type::Time - name: 'deprecated' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to DEPRECATED. This is only - informational and the status will not change unless the client - explicitly changes it. - - !ruby/object:Api::Type::Time - name: 'obsolete' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to OBSOLETE. This is only - informational and the status will not change unless the client - explicitly changes it. - - !ruby/object:Api::Type::String - name: 'replacement' - description: | - The URL of the suggested replacement for a deprecated resource. - The suggested replacement resource must be the same kind of - resource as the deprecated resource. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The deprecation state of this resource. This can be DEPRECATED, - OBSOLETE, or DELETED. Operations which create a new resource - using a DEPRECATED resource will return successfully, but with a - warning indicating the deprecated resource and recommending its - replacement. Operations which use OBSOLETE or DELETED resources - will be rejected and result in an error. - values: - - :DEPRECATED - - :OBSOLETE - - :DELETED - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'diskSizeGb' - description: | - Size of the image when restored onto a persistent disk (in GB). - # TODO(alexstephen): Build family support. - # Families use a different API - - !ruby/object:Api::Type::String - name: 'family' - description: | - The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - - !ruby/object:Api::Type::Array - name: 'guestOsFeatures' - description: | - A list of features to enable on the guest operating system. - Applicable only for bootable images. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'type' - required: true - description: | - The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. - values: - - :MULTI_IP_SUBNET - - :SECURE_BOOT - - :SEV_CAPABLE - - :UEFI_COMPATIBLE - - :VIRTIO_SCSI_MULTIQUEUE - - :WINDOWS - - :GVNIC - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier - is defined by the server. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'imageEncryptionKey' - description: | - Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image) - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service - account is used. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels to apply to this Image. - update_verb: :POST - update_url: 'projects/{{project}}/global/images/{{name}}/setLabels' - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/global/images/{{name}}/setLabels' - update_verb: :POST - - !ruby/object:Api::Type::Array - name: 'licenses' - description: Any applicable license URI. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'license' - description: 'An applicable license URI' - resource: 'License' - imports: 'selfLink' - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'rawDisk' - description: The parameters of the raw disk image. - properties: - - !ruby/object:Api::Type::Enum - name: 'containerType' - description: | - The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. - values: - - :TAR - - !ruby/object:Api::Type::String - name: 'sha1Checksum' - description: | - An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - # TODO(alexstephen): Figure out cross-module ResourceRefs - - !ruby/object:Api::Type::String - name: 'source' - required: true - description: | - The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - - !ruby/object:Api::Type::ResourceRef - name: 'sourceDisk' - description: | - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - resource: 'Disk' - imports: 'selfLink' - - !ruby/object:Api::Type::NestedObject - name: 'sourceDiskEncryptionKey' - description: | - The customer-supplied encryption key of the source disk. Required if - the source disk is protected by a customer-supplied encryption key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - min_version: beta - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'sourceDiskId' - description: | - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - - !ruby/object:Api::Type::ResourceRef - name: 'sourceImage' - description: | - URL of the source image used to create this image. In order to create an image, you must provide the full or partial - URL of one of the following: - - * The selfLink URL - * This property - * The rawDisk.source URL - * The sourceDisk URL - resource: 'Image' - imports: 'selfLink' - - !ruby/object:Api::Type::ResourceRef - name: 'sourceSnapshot' - description: | - URL of the source snapshot used to create this image. - - In order to create an image, you must provide the full or partial URL of one of the following: - - * The selfLink URL - * This property - * The sourceImage URL - * The rawDisk.source URL - * The sourceDisk URL - resource: 'Snapshot' - imports: 'selfLink' - - !ruby/object:Api::Type::Enum - name: 'sourceType' - description: | - The type of the image used to create this disk. The default and - only value is RAW - values: - - :RAW - - !ruby/object:Api::Type::String - name: 'selfLink' - exclude: true - description: | - The self link of the image - - !ruby/object:Api::Type::Enum - name: 'status' - output: true - exclude: true - description: | - The status of the image. Either `READY` `PENDING` or `FAILED`. - values: - - :READY - - :PENDING - - :FAILED - # State is not applicable for state convergence. - - !ruby/object:Api::Resource - name: 'Instance' - kind: 'compute#instance' - base_url: projects/{{project}}/zones/{{zone}}/instances - collection_url_key: 'items' - input: true - has_self_link: true - description: | - An instance is a virtual machine (VM) hosted on Google's infrastructure. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'A reference to the zone where the machine resides.' - required: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'canIpForward' - description: | - Allows this instance to send and receive packets with non-matching - destination or source IPs. This is required if you plan to use this - instance to forward routes. - - !ruby/object:Api::Type::String - name: 'cpuPlatform' - description: The CPU platform used by this instance. - output: true - - !ruby/object:Api::Type::String - name: 'creationTimestamp' - description: Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::Boolean - name: 'deletionProtection' - description: Whether the resource should be protected against deletion. - # The code for this update is custom because MM doesn't support - # sending empty bodies + the new option as a request parameter. - update_verb: :POST - update_url: /projects/{{project}}/zones/{{zone}}/instances/{resourceId}/setDeletionProtection - - !ruby/object:Api::Type::Array - name: 'disks' - description: | - An array of disks that are associated with the instances that are - created from this template. - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Boolean - name: 'autoDelete' - description: | - Specifies whether the disk will be auto-deleted when the - instance is deleted (but not when the disk is detached from - the instance). - - Tip: Disks should be set to autoDelete=true - so that leftover disks are not left behind on machine - deletion. - - !ruby/object:Api::Type::Boolean - name: 'boot' - description: | - Indicates that this is a boot disk. The virtual machine will - use the first partition of the disk for its root filesystem. - - !ruby/object:Api::Type::String - name: 'deviceName' - description: | - Specifies a unique device name of your choice that is - reflected into the /dev/disk/by-id/google-* tree of a Linux - operating system running within the instance. This name can - be used to reference the device for mounting, resizing, and - so on, from within the instance. - - !ruby/object:Api::Type::NestedObject - name: 'diskEncryptionKey' - description: | - Encrypts or decrypts a disk using a customer-supplied - encryption key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, - encoded in RFC 4648 base64 to either encrypt or decrypt - this resource. - - !ruby/object:Api::Type::String - name: 'rsaEncryptedKey' - description: | - Specifies an RFC 4648 base64 encoded, RSA-wrapped - 2048-bit customer-supplied encryption key to either - encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this - resource. - output: true - - !ruby/object:Api::Type::Integer - name: 'index' - description: | - Assigns a zero-based index to this disk, where 0 is - reserved for the boot disk. For example, if you have many - disks attached to an instance, each disk would have a - unique index number. If not specified, the server will - choose an appropriate value. - - !ruby/object:Api::Type::NestedObject - name: 'initializeParams' - description: | - Specifies the parameters for a new disk that will be - created alongside the new instance. Use initialization - parameters to create boot disks or local SSDs attached to - the new instance. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'diskName' - description: | - Specifies the disk name. If not specified, the default - is to use the name of the instance. - - !ruby/object:Api::Type::Integer - name: 'diskSizeGb' - description: Specifies the size of the disk in base-2 GB. - # diskStorageType - deprecated - - !ruby/object:Api::Type::ResourceRef - name: 'diskType' - description: | - Reference to a disk type. - Specifies the disk type to use to create the instance. - If not specified, the default is pd-standard. - resource: 'DiskType' - imports: 'selfLink' - - !ruby/object:Api::Type::String - name: 'sourceImage' - description: | - The source image to create this disk. When creating a - new instance, one of initializeParams.sourceImage or - disks.source is required. To create a disk with one of - the public operating system images, specify the image - by its family name. - - !ruby/object:Api::Type::NestedObject - name: 'sourceImageEncryptionKey' - description: | - The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to either encrypt - or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this - resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'interface' - description: | - Specifies the disk interface to use for attaching this - disk, which is either SCSI or NVME. The default is SCSI. - Persistent disks must always use SCSI and the request will - fail if you attempt to attach a persistent disk in any - other format than SCSI. - values: - - :SCSI - - :NVME - # Ignoring kind - It's a constant and we don't need it. - # TODO(alexstephen): Place in licenses - it's a Array of - # ResourceRefs - - !ruby/object:Api::Type::Enum - name: 'mode' - description: | - The mode in which to attach this disk, either READ_WRITE or - READ_ONLY. If not specified, the default is to attach the - disk in READ_WRITE mode. - values: - - :READ_WRITE - - :READ_ONLY - # This is the name, not selfLink of a disk. - - !ruby/object:Api::Type::ResourceRef - name: 'source' - resource: 'Disk' - imports: 'selfLink' - description: | - Reference to a disk. When creating a new instance, - one of initializeParams.sourceImage or disks.source is required. - - If desired, you can also attach existing non-root - persistent disks using this property. This field is only - applicable for persistent disks. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - Specifies the type of the disk, either SCRATCH or - PERSISTENT. If not specified, the default is PERSISTENT. - values: - - :SCRATCH - - :PERSISTENT - - !ruby/object:Api::Type::Array - name: 'licenses' - description: 'Any applicable publicly visible licenses.' - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::Array - name: 'guestAccelerators' - description: | - List of the type and count of accelerator cards attached to the - instance - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'acceleratorCount' - description: | - The number of the guest accelerator cards exposed to this - instance. - # TODO(alexstephen): Change to ResourceRef once AcceleratorType is - # created. - - !ruby/object:Api::Type::String - name: 'acceleratorType' - description: | - Full or partial URL of the accelerator type resource to expose - to this instance. - - !ruby/object:Api::Type::String - name: 'hostname' - description: | - The hostname of the instance to be created. The specified hostname - must be RFC1035 compliant. If hostname is not specified, the default - hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the - global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when - using zonal DNS. - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier is defined by - the server. - output: true - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setLabels' - update_verb: :POST - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this instance. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/zones/{{zone}}/instances/{{name}}/setLabels' - # TODO(nelsonjr): Implement updating metadata *after* resource is created. - - # Expose instance 'metadata' as a simple name/value pair hash. However the API - # defines metadata as a NestedObject with the following layout: - # - # metadata { - # fingerprint: 'hash-of-last-metadata' - # items: [ - # { - # key: 'metadata1-key' - # value: 'metadata1-value' - # }, - # ... - # ] - # } - # - # Fingerprint is an optimistic locking mechanism for updates, which requires - # adding the 'fingerprint' of the last metadata to allow update. - # - # To comply with the API please add an encoder: and decoder: to the provider. - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - The metadata key/value pairs to assign to instances that are - created from this template. These pairs can consist of custom - metadata or predefined keys. - - !ruby/object:Api::Type::ResourceRef - name: 'machineType' - resource: 'MachineType' - imports: 'selfLink' - description: 'A reference to a machine type which defines VM kind.' - update_url: projects/{{project}}/zones/{{zone}}/instances/{{name}}/setMachineType - update_verb: :POST - # TODO(alexstephen): Add metadata - - !ruby/object:Api::Type::String - name: 'minCpuPlatform' - description: | - Specifies a minimum CPU platform for the VM instance. Applicable - values are the friendly names of CPU platforms - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the resource, provided by the client when initially - creating the resource. The resource name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 - characters long and match the regular expression - `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a - lowercase letter, and all following characters must be a dash, - lowercase letter, or digit, except the last character, which cannot - be a dash. - - !ruby/object:Api::Type::Array - name: 'networkInterfaces' - description: | - An array of configurations for this interface. This specifies - how this interface is configured to interact with other - network services, such as connecting to the internet. Only - one network interface is supported per instance. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'accessConfigs' - description: | - An array of configurations for this interface. Currently, only - one access config, ONE_TO_ONE_NAT, is supported. If there are no - accessConfigs specified, then this instance will have no - external internet access. - item_type: !ruby/object:Api::Type::NestedObject - properties: - # 'kind' is not needed for object convergence - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of this access configuration. The - default and recommended name is External NAT but you can - use any arbitrary string you would like. For example, My - external IP or Network Access. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'natIP' - resource: 'Address' - imports: 'address' - description: | - Reference to an address. - An external IP address associated with this instance. - Specify an unused static external IP address available to - the project or leave this field undefined to use an IP - from a shared ephemeral IP address pool. If you specify a - static external IP address, it must live in the same - region as the zone of the instance. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - The type of configuration. The default and only option is - ONE_TO_ONE_NAT. - values: - - :ONE_TO_ONE_NAT - required: true - - !ruby/object:Api::Type::Boolean - name: 'setPublicPtr' - description: | - Specifies whether a public DNS PTR record should be - created to map the external IP address of the instance - to a DNS domain name. - - !ruby/object:Api::Type::String - name: 'publicPtrDomainName' - description: | - The DNS domain name for the public PTR record. You can - set this field only if the setPublicPtr field is - enabled. - - !ruby/object:Api::Type::Enum - name: 'networkTier' - description: | - This signifies the networking tier used for configuring - this access configuration. If an AccessConfig is - specified without a valid external IP address, an - ephemeral IP will be created with this networkTier. If an - AccessConfig with a valid external IP address is - specified, it must match that of the networkTier - associated with the Address resource owning that IP. - values: - - :PREMIUM - - :STANDARD - - !ruby/object:Api::Type::Array - name: 'aliasIpRanges' - description: | - An array of alias IP ranges for this network interface. Can - only be specified for network interfaces on subnet-mode - networks. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipCidrRange' - description: | - The IP CIDR range represented by this alias IP range. - This IP CIDR range must belong to the specified - subnetwork and cannot contain IP addresses reserved by - system or used by other network interfaces. This range - may be a single IP address (e.g. 10.2.3.4), a netmask - (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24). - - !ruby/object:Api::Type::String - name: 'subnetworkRangeName' - description: | - Optional subnetwork secondary range name specifying - the secondary range from which to allocate the IP - CIDR range for this alias IP range. If left - unspecified, the primary range of the subnetwork will - be used. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the network interface, generated by the - server. For network devices, these are eth0, eth1, etc - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - Specifies the title of an existing network. When creating - an instance, if neither the network nor the subnetwork is specified, - the default network global/networks/default is used; if the network - is not specified but the subnetwork is specified, the network is - inferred. - - !ruby/object:Api::Type::String - name: 'networkIP' - description: | - An IPv4 internal network address to assign to the - instance for this network interface. If not specified - by the user, an unused internal IP is assigned by the - system. - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - Reference to a VPC network. - If the network resource is in legacy mode, do not - provide this property. If the network is in auto - subnet mode, providing the subnetwork is optional. If - the network is in custom subnet mode, then this field - should be specified. - # networkInterfaces.kind is not necessary for convergence. - - !ruby/object:Api::Type::NestedObject - name: 'scheduling' - description: Sets the scheduling options for this instance. - properties: - - !ruby/object:Api::Type::Boolean - name: 'automaticRestart' - description: | - Specifies whether the instance should be automatically restarted - if it is terminated by Compute Engine (not terminated by a user). - You can only set the automatic restart option for standard - instances. Preemptible instances cannot be automatically - restarted. - - !ruby/object:Api::Type::String - name: 'onHostMaintenance' - description: | - Defines the maintenance behavior for this instance. For standard - instances, the default behavior is MIGRATE. For preemptible - instances, the default and only possible behavior is TERMINATE. - For more information, see Setting Instance Scheduling Options. - - !ruby/object:Api::Type::Boolean - name: 'preemptible' - description: | - Defines whether the instance is preemptible. This can only be set - during instance creation, it cannot be set or changed after the - instance has been created. - - !ruby/object:Api::Type::Array - name: 'serviceAccounts' - description: | - A list of service accounts, with their specified scopes, authorized - for this instance. Only one service account per VM instance is - supported. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'email' - description: Email address of the service account. - - !ruby/object:Api::Type::Array - name: scopes - description: | - The list of scopes to be made available for this service - account. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'shieldedInstanceConfig' - description: Configuration for various parameters related to shielded instances. - # The code for this update method is custom because MM does not support - # sending just the nested properties - update_verb: :PATCH - update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig - properties: - - !ruby/object:Api::Type::Boolean - name: 'enableSecureBoot' - description: Defines whether the instance has Secure Boot enabled. - update_verb: :PATCH - update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig - - !ruby/object:Api::Type::Boolean - name: 'enableVtpm' - description: Defines whether the instance has the vTPM enabled - update_verb: :PATCH - update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig - - !ruby/object:Api::Type::Boolean - name: 'enableIntegrityMonitoring' - description: Defines whether the instance has integrity monitoring enabled. - update_verb: :PATCH - update_url: projects/{{project}}/instances/{{name}}/updateShieldedInstanceConfig - - !ruby/object:Api::Type::NestedObject - name: 'confidentialInstanceConfig' - description: 'Configuration for confidential computing (requires setting the machine type to any of the n2d-* types and a boot disk of type pd-ssd).' - properties: - - !ruby/object:Api::Type::Boolean - name: 'enableConfidentialCompute' - description: Enables confidential computing - - !ruby/object:Api::Type::Enum - name: 'status' - description: | - The status of the instance. One of the following values: - PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, - and TERMINATED. - - As a user, use RUNNING to keep a machine "on" and TERMINATED to - turn a machine off - # GCP API shows this as output: true. - # This is incorrect because you can make actions on the Instance (start, stop) - # In an idempotent world, the best way to express these actions is to - # change the status value. - output: false - values: - - :PROVISIONING - - :STAGING - - :RUNNING - - :STOPPING - - :SUSPENDING - - :SUSPENDED - - :TERMINATED - - !ruby/object:Api::Type::String - name: 'statusMessage' - description: An optional, human-readable explanation of the status. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'tags' - description: | - A list of tags to apply to this instance. Tags are used to identify - valid sources or targets for network firewalls and are specified by - the client during instance creation. The tags can be later modified - by the setTags method. Each tag within the list must comply with - RFC1035. - properties: - # TODO(alexstephen) Investigate bytes type - - !ruby/object:Api::Type::String - name: 'fingerprint' - description: | - Specifies a fingerprint for this request, which is essentially a - hash of the metadata's contents and used for optimistic locking. - The fingerprint is initially generated by Compute Engine and - changes after every request to modify or update metadata. You - must always provide an up-to-date fingerprint hash in order to - update or change metadata. - - !ruby/object:Api::Type::Array - name: 'items' - description: | - An array of tags. Each tag must be 1-63 characters long, and - comply with RFC1035. - item_type: Api::Type::String - - !ruby/object:Api::Resource - name: 'InstanceGroup' - kind: 'compute#instanceGroup' - base_url: projects/{{project}}/zones/{{zone}}/instanceGroups - collection_url_key: 'items' - has_self_link: true - description: | - Represents an Instance Group resource. Instance groups are self-managed - and can contain identical or different instances. Instance groups do not - use an instance template. Unlike managed instance groups, you must create - and add instances to an instance group manually. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - input: true - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'A reference to the zone where the instance group resides.' - required: true - - !ruby/object:Api::Type::Array - name: 'instances' - description: | - The list of instances associated with this InstanceGroup. - All instances must be created before being added to an InstanceGroup. - All instances not in this list will be removed from the InstanceGroup - and will not be deleted. - Only the full identifier of the instance will be returned. - exclude: true - item_type: !ruby/object:Api::Type::ResourceRef - name: 'instance' - description: 'An instance being added to the InstanceGroup' - resource: 'Instance' - imports: 'selfLink' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - # 'fingerprint' not applicable to state convergence. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'A unique identifier for this instance group.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the instance group. - The name must be 1-63 characters long, and comply with RFC1035. - - !ruby/object:Api::Type::Array - name: 'namedPorts' - description: | - Assigns a name to a port number. - For example: {name: "http", port: 80}. - - This allows the system to reference ports by the assigned name - instead of a port number. Named ports can also contain multiple - ports. - - For example: [{name: "http", port: 80},{name: "http", port: 8080}] - - Named ports apply to all instances in this instance group. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this named port. - The name must be 1-63 characters long, and comply with RFC1035. - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - The port number, which can be a value between 1 and 65535. - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The network to which all instances in the instance group belong. - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - description: | - The region where the instance group is located - (for regional resources). - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - The subnetwork to which all instances in the instance group belong. - - !ruby/object:Api::Resource - name: 'InstanceGroupManager' - kind: 'compute#instanceGroupManager' - base_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers - collection_url_key: 'items' - has_self_link: true - description: | - Creates a managed instance group using the information that you specify in - the request. After the group is created, it schedules an action to create - instances in the group using the specified instance template. This - operation is marked as DONE when the group is created even if the - instances in the group have not yet been created. You must separately - verify the status of the individual instances. - - A managed instance group can have up to 1000 VM instances per group. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'The zone the managed instance group resides.' - required: true - properties: - - !ruby/object:Api::Type::String - name: 'baseInstanceName' - description: | - The base instance name to use for instances in this group. The value - must be 1-58 characters long. Instances are named by appending a - hyphen and a random four-character string to the base instance name. - The base instance name must comply with RFC1035. - required: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - The creation timestamp for this managed instance group in RFC3339 - text format. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'currentActions' - description: | - The list of instance actions and the number of instances in this - managed instance group that are scheduled for each of those actions. - properties: - - !ruby/object:Api::Type::Integer - name: 'abandoning' - description: | - The total number of instances in the managed instance group that - are scheduled to be abandoned. Abandoning an instance removes it - from the managed instance group without deleting it. - output: true - - !ruby/object:Api::Type::Integer - name: 'creating' - description: | - The number of instances in the managed instance group that are - scheduled to be created or are currently being created. If the - group fails to create any of these instances, it tries again until - it creates the instance successfully. - - If you have disabled creation retries, this field will not be - populated; instead, the creatingWithoutRetries field will be - populated. - output: true - - !ruby/object:Api::Type::Integer - name: 'creatingWithoutRetries' - description: | - The number of instances that the managed instance group will - attempt to create. The group attempts to create each instance only - once. If the group fails to create any of these instances, it - decreases the group's targetSize value accordingly. - output: true - - !ruby/object:Api::Type::Integer - name: 'deleting' - description: | - The number of instances in the managed instance group that are - scheduled to be deleted or are currently being deleted. - output: true - - !ruby/object:Api::Type::Integer - name: 'none' - description: | - The number of instances in the managed instance group that are - running and have no scheduled actions. - output: true - - !ruby/object:Api::Type::Integer - name: 'recreating' - description: | - The number of instances in the managed instance group that are - scheduled to be recreated or are currently being being recreated. - Recreating an instance deletes the existing root persistent disk - and creates a new disk from the image that is defined in the - instance template. - output: true - - !ruby/object:Api::Type::Integer - name: 'refreshing' - description: | - The number of instances in the managed instance group that are - being reconfigured with properties that do not require a restart - or a recreate action. For example, setting or removing target - pools for the instance. - output: true - - !ruby/object:Api::Type::Integer - name: 'restarting' - description: | - The number of instances in the managed instance group that are - scheduled to be restarted or are currently being restarted. - output: true - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - input: true - # fingerprint ignored as it is an internal locking detail - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'A unique identifier for this resource' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'instanceGroup' - resource: 'InstanceGroup' - imports: 'selfLink' - description: 'The instance group being managed' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'instanceTemplate' - resource: 'InstanceTemplate' - imports: 'selfLink' - description: | - The instance template that is specified for this managed instance - group. The group uses this template to create all new instances in the - managed instance group. - required: true - # kind is internal transport detail - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the managed instance group. The name must be 1-63 - characters long, and comply with RFC1035. - required: true - # TODO(nelsonjr): Make namedPorts a NameValue(name[string], port[integer]) - - !ruby/object:Api::Type::Array - name: 'namedPorts' - description: - Named ports configured for the Instance Groups complementary to this - Instance Group Manager. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this named port. The name must be 1-63 characters - long, and comply with RFC1035. - - !ruby/object:Api::Type::Integer - name: 'port' - description: - The port number, which can be a value between 1 and 65535. - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - description: | - The region this managed instance group resides - (for regional resources). - output: true - - !ruby/object:Api::Type::Array - name: 'targetPools' - description: | - TargetPool resources to which instances in the instanceGroup field are - added. The target pools automatically apply to all of the instances in - the managed instance group. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'targetPool' - description: 'The targetPool to receive managed instances.' - resource: 'TargetPool' - imports: 'selfLink' - - !ruby/object:Api::Type::Integer - name: 'targetSize' - description: | - The target number of running instances for this managed instance - group. Deleting or abandoning instances reduces this number. Resizing - the group changes this number. - - !ruby/object:Api::Resource - name: 'InstanceGroupNamedPort' - base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' - self_link: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}' - input: true - description: | - Mange the named ports setting for a managed instance group without - managing the group as whole. This resource is primarily intended for use - with GKE-generated groups that shouldn't otherwise be managed by other - tools. - create_verb: :POST - create_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/setNamedPorts' - delete_verb: :POST - delete_url: 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{group}}/setNamedPorts' - identity: - - port - - name - nested_query: !ruby/object:Api::Resource::NestedQuery - modify_by_patch: true - keys: - - namedPorts - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroup' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'group' - resource: 'InstanceGroup' - imports: 'name' - required: true - url_param_only: true - description: | - The name of the instance group. - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - required: true - url_param_only: true - description: | - The zone of the instance group. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name for this named port. The name must be 1-63 characters - long, and comply with RFC1035. - - !ruby/object:Api::Type::Integer - name: 'port' - required: true - description: - The port number, which can be a value between 1 and 65535. - - !ruby/object:Api::Resource - name: 'RegionInstanceGroupManager' - kind: 'compute#instanceGroupManager' - base_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers - collection_url_key: 'items' - has_self_link: true - description: | - Creates a managed instance group using the information that you specify in - the request. After the group is created, it schedules an action to create - instances in the group using the specified instance template. This - operation is marked as DONE when the group is created even if the - instances in the group have not yet been created. You must separately - verify the status of the individual instances. - - A managed instance group can have up to 1000 VM instances per group. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'The region the managed instance group resides.' - required: true - properties: - - !ruby/object:Api::Type::String - name: 'baseInstanceName' - description: | - The base instance name to use for instances in this group. The value - must be 1-58 characters long. Instances are named by appending a - hyphen and a random four-character string to the base instance name. - The base instance name must comply with RFC1035. - required: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - The creation timestamp for this managed instance group in RFC3339 - text format. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'currentActions' - description: | - The list of instance actions and the number of instances in this - managed instance group that are scheduled for each of those actions. - properties: - - !ruby/object:Api::Type::Integer - name: 'abandoning' - description: | - The total number of instances in the managed instance group that - are scheduled to be abandoned. Abandoning an instance removes it - from the managed instance group without deleting it. - output: true - - !ruby/object:Api::Type::Integer - name: 'creating' - description: | - The number of instances in the managed instance group that are - scheduled to be created or are currently being created. If the - group fails to create any of these instances, it tries again until - it creates the instance successfully. - - If you have disabled creation retries, this field will not be - populated; instead, the creatingWithoutRetries field will be - populated. - output: true - - !ruby/object:Api::Type::Integer - name: 'creatingWithoutRetries' - description: | - The number of instances that the managed instance group will - attempt to create. The group attempts to create each instance only - once. If the group fails to create any of these instances, it - decreases the group's targetSize value accordingly. - output: true - - !ruby/object:Api::Type::Integer - name: 'deleting' - description: | - The number of instances in the managed instance group that are - scheduled to be deleted or are currently being deleted. - output: true - - !ruby/object:Api::Type::Integer - name: 'none' - description: | - The number of instances in the managed instance group that are - running and have no scheduled actions. - output: true - - !ruby/object:Api::Type::Integer - name: 'recreating' - description: | - The number of instances in the managed instance group that are - scheduled to be recreated or are currently being being recreated. - Recreating an instance deletes the existing root persistent disk - and creates a new disk from the image that is defined in the - instance template. - output: true - - !ruby/object:Api::Type::Integer - name: 'refreshing' - description: | - The number of instances in the managed instance group that are - being reconfigured with properties that do not require a restart - or a recreate action. For example, setting or removing target - pools for the instance. - output: true - - !ruby/object:Api::Type::Integer - name: 'restarting' - description: | - The number of instances in the managed instance group that are - scheduled to be restarted or are currently being restarted. - output: true - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - input: true - # fingerprint ignored as it is an internal locking detail - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'A unique identifier for this resource' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'instanceGroup' - resource: 'InstanceGroup' - imports: 'selfLink' - description: 'The instance group being managed' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'instanceTemplate' - resource: 'InstanceTemplate' - imports: 'selfLink' - description: | - The instance template that is specified for this managed instance - group. The group uses this template to create all new instances in the - managed instance group. - required: true - # kind is internal transport detail - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the managed instance group. The name must be 1-63 - characters long, and comply with RFC1035. - required: true - # TODO(nelsonjr): Make namedPorts a NameValue(name[string], port[integer]) - - !ruby/object:Api::Type::Array - name: 'namedPorts' - description: - Named ports configured for the Instance Groups complementary to this - Instance Group Manager. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this named port. The name must be 1-63 characters - long, and comply with RFC1035. - - !ruby/object:Api::Type::Integer - name: 'port' - description: - The port number, which can be a value between 1 and 65535. - - !ruby/object:Api::Type::Array - name: 'targetPools' - description: | - TargetPool resources to which instances in the instanceGroup field are - added. The target pools automatically apply to all of the instances in - the managed instance group. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'targetPool' - description: 'The targetPool to receive managed instances.' - resource: 'TargetPool' - imports: 'selfLink' - - !ruby/object:Api::Type::Integer - name: 'targetSize' - description: | - The target number of running instances for this managed instance - group. Deleting or abandoning instances reduces this number. Resizing - the group changes this number. - - !ruby/object:Api::Type::Array - name: 'autoHealingPolicies' - description: | - The autohealing policy for this managed instance group - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'healthCheck' - description: | - The URL for the health check that signals autohealing. - - !ruby/object:Api::Type::Integer - name: 'initialDelaySec' - description: | - The number of seconds that the managed instance group waits - before it applies autohealing policies to new instances or recently recreated instances - - !ruby/object:Api::Resource - name: 'InterconnectAttachment' - kind: 'compute#interconnectAttachment' - base_url: 'projects/{{project}}/regions/{{region}}/interconnectAttachments' - collection_url_key: 'items' - update_verb: :PATCH - has_self_link: true - description: | - Represents an InterconnectAttachment (VLAN attachment) resource. For more - information, see Creating VLAN Attachments. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - required: true - description: | - Region where the regional interconnect attachment resides. - properties: - - !ruby/object:Api::Type::Boolean - name: 'adminEnabled' - send_empty_value: true - default_value: true - description: | - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment - - !ruby/object:Api::Type::String - name: 'cloudRouterIpAddress' - description: | - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - output: true - - !ruby/object:Api::Type::String - name: 'customerRouterIpAddress' - description: | - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - output: true - - !ruby/object:Api::Type::String - name: 'interconnect' - input: true - description: | - URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::String - name: 'mtu' - description: | - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - - !ruby/object:Api::Type::Enum - name: 'bandwidth' - description: | - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G - values: - - :BPS_50M - - :BPS_100M - - :BPS_200M - - :BPS_300M - - :BPS_400M - - :BPS_500M - - :BPS_1G - - :BPS_2G - - :BPS_5G - - :BPS_10G - - :BPS_20G - - :BPS_50G - - !ruby/object:Api::Type::String - name: 'edgeAvailabilityDomain' - input: true - description: | - Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - - !ruby/object:Api::Type::String - name: 'pairingKey' - description: | - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain" - output: true - - !ruby/object:Api::Type::String - name: 'partnerAsn' - description: | - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'privateInterconnectInfo' - description: | - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. - output: true - properties: - - !ruby/object:Api::Type::Integer - name: tag8021q - description: | - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - output: true - - !ruby/object:Api::Type::Enum - name: 'type' - input: true - description: | - The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. - values: - - :DEDICATED - - :PARTNER - - :PARTNER_PROVIDER - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - [Output Only] The current state of this attachment's functionality. - values: - - :ACTIVE - - :DEFUNCT - - :PARTNER_REQUEST_RECEIVED - - :PENDING_CUSTOMER - - :PENDING_PARTNER - - :STATE_UNSPECIFIED - output: true - - !ruby/object:Api::Type::String - name: 'googleReferenceId' - description: | - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - output: true - - !ruby/object:Api::Type::String - name: 'operationalStatus' - description: | - The current status of whether or not this interconnect attachment - is functional. - output: true - exclude: true - - !ruby/object:Api::Type::ResourceRef - name: 'router' - resource: 'Router' - imports: 'selfLink' - description: | - URL of the cloud router to be used for dynamic routing. This router must be in - the same region as this InterconnectAttachment. The InterconnectAttachment will - automatically connect the Interconnect to the network & region within which the - Cloud Router is configured. - required: true - input: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'id' - description: | - The unique identifier for the resource. This identifier is - defined by the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is created. The - name must be 1-63 characters long, and comply with RFC1035. Specifically, the - name must be 1-63 characters long and match the regular expression - `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a - lowercase letter, and all following characters must be a dash, lowercase - letter, or digit, except the last character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::Array - name: candidateSubnets - input: true - description: | - Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: vlanTag8021q - input: true - description: | - The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - - !ruby/object:Api::Type::Array - name: 'ipsecInternalAddresses' - description: | - URL of addresses that have been reserved for the interconnect - attachment, Used only for interconnect attachment that has the - encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. - - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will be - allocated from regional external IP address pool. - input: true - item_type: !ruby/object:Api::Type::ResourceRef - name: 'ipsecInternalAddress' - resource: 'Address' - imports: 'selfLink' - description: | - URL of an address that has been reserved for the interconnect - attachment. - - !ruby/object:Api::Type::Enum - name: 'encryption' - description: | - Indicates the user-supplied encryption option of this interconnect - attachment: - - NONE is the default value, which means that the attachment carries - unencrypted traffic. VMs can send traffic to, or receive traffic - from, this type of attachment. - - IPSEC indicates that the attachment carries only traffic encrypted by - an IPsec device such as an HA VPN gateway. VMs cannot directly send - traffic to, or receive traffic from, such an attachment. To use - IPsec-encrypted Cloud Interconnect create the attachment using this - option. - - Not currently available publicly. - input: true - values: - - :NONE - - :IPSEC - default_value: :NONE - - !ruby/object:Api::Resource - name: 'MachineImage' - kind: 'compute#machineImage' - base_url: projects/{{project}}/global/machineImages - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a Machine Image resource. Machine images store all the configuration, - metadata, permissions, and data from one or more disks required to create a - Virtual machine (VM) instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/machine-images' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/machineImages' - min_version: beta - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - description: 'Name of the resource.' - required: true - - !ruby/object:Api::Type::String - name: description - description: 'A text description of the resource.' - - !ruby/object:Api::Type::ResourceRef - name: sourceInstance - description: 'The source instance used to create the machine image. You can provide this as a partial or full URL to the resource.' - resource: 'Instance' - imports: 'selfLink' - required: true - - !ruby/object:Api::Type::Array - name: 'storageLocations' - description: | - The regional or multi-regional Cloud Storage bucket location where the machine image is stored. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::Boolean - name: guestFlush - description: | - Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. - Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). - - !ruby/object:Api::Type::NestedObject - name: 'machineImageEncryptionKey' - description: | - Encrypts the machine image using a customer-supplied encryption key. - - After you encrypt a machine image with a customer-supplied key, you must - provide the same key if you use the machine image later (e.g. to create a - instance from the image) - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - - !ruby/object:Api::Resource - name: 'MachineType' - kind: 'compute#machineType' - base_url: projects/{{project}}/zones/{{zone}}/machineTypes - collection_url_key: 'items' - has_self_link: true - readonly: true - description: | - Represents a MachineType resource. Machine types determine the virtualized - hardware specifications of your virtual machine instances, such as the - amount of memory or number of virtual CPUs. - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'deprecated' - description: 'The deprecation status associated with this machine type.' - properties: - - !ruby/object:Api::Type::Time - name: 'deleted' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to DELETED. This is only - informational and the status will not change unless the client - explicitly changes it. - output: true - - !ruby/object:Api::Type::Time - name: 'deprecated' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to DEPRECATED. This is only - informational and the status will not change unless the client - explicitly changes it. - output: true - - !ruby/object:Api::Type::Time - name: 'obsolete' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to OBSOLETE. This is only - informational and the status will not change unless the client - explicitly changes it. - output: true - - !ruby/object:Api::Type::String - name: 'replacement' - description: | - The URL of the suggested replacement for a deprecated resource. - The suggested replacement resource must be the same kind of - resource as the deprecated resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The deprecation state of this resource. This can be DEPRECATED, - OBSOLETE, or DELETED. Operations which create a new resource - using a DEPRECATED resource will return successfully, but with a - warning indicating the deprecated resource and recommending its - replacement. Operations which use OBSOLETE or DELETED resources - will be rejected and result in an error. - values: - - :DEPRECATED - - :OBSOLETE - - :DELETED - output: true - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional textual description of the resource.' - output: true - - !ruby/object:Api::Type::Integer - name: 'guestCpus' - description: | - The number of virtual CPUs that are available to the instance. - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Boolean - name: 'isSharedCpu' - description: | - Whether this machine type has a shared CPU. See Shared-core machine - types for more information. - output: true - - !ruby/object:Api::Type::Integer - name: 'maximumPersistentDisks' - description: 'Maximum persistent disks allowed.' - output: true - - !ruby/object:Api::Type::Integer - name: 'maximumPersistentDisksSizeGb' - description: 'Maximum total persistent disks size (GB) allowed.' - output: true - - !ruby/object:Api::Type::Integer - name: 'memoryMb' - description: | - The amount of physical memory available to the instance, defined in - MB. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the resource.' - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'The zone the machine type is defined.' - required: true - - !ruby/object:Api::Resource - name: 'Network' - kind: 'compute#network' - base_url: projects/{{project}}/global/networks - collection_url_key: 'items' - input: true - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks' - description: | - Manages a VPC network or legacy network resource on GCP. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. The resource must be - recreated to modify this field. - input: true - - !ruby/object:Api::Type::String - name: 'gateway_ipv4' - # We override this in api.yaml so that the name is more aesthetic - api_name: 'gatewayIPv4' - output: true - description: | - The gateway address for default routing out of the network. This value - is selected by GCP. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Array - # TODO: Change subnetworks to ResourceRef - name: 'subnetworks' - description: | - Server-defined fully-qualified URLs for all subnetworks in this - network. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::Boolean - name: 'autoCreateSubnetworks' - description: | - When set to `true`, the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - `10.128.0.0/9` address range. - - When set to `false`, the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - input: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'routingConfig' - update_verb: :PATCH - update_url: projects/{{project}}/global/networks/{{name}} - description: | - The network-level routing configuration for this network. Used by Cloud - Router to determine what type of network-wide routing behavior to - enforce. - properties: - - !ruby/object:Api::Type::Enum - name: 'routingMode' - required: true - description: | - The network-wide routing mode to use. If set to `REGIONAL`, this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to `GLOBAL`, - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. - values: - - :REGIONAL - - :GLOBAL - - !ruby/object:Api::Type::Array - name: 'peerings' - # This is only used in InSpec, handled via fine-grained in Terraform - exclude: true - output: true - description: | - Peerings for a network - item_type: !ruby/object:Api::Type::NestedObject - name: subnetworks - description: The subnetworks that should be mirrored. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the peering. - - !ruby/object:Api::Type::String - name: 'state' - description: | - State of the peering. - - !ruby/object:Api::Type::String - name: 'stateDetails' - description: | - Details about the current state of the peering. - - !ruby/object:Api::Type::String - name: 'network' - description: | - URL of the peer network - - !ruby/object:Api::Type::Boolean - name: 'exportCustomRoutes' - description: | - Whether to export the custom routes to the peer network. - - !ruby/object:Api::Type::Boolean - name: 'importCustomRoutes' - description: | - Whether to import the custom routes to the peer network. - - !ruby/object:Api::Type::Integer - name: 'peerMtu' - description: | - Maximum Transmission Unit in bytes. - - !ruby/object:Api::Type::Integer - name: 'mtu' - description: | - Maximum Transmission Unit in bytes. The default value is 1460 bytes. - The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). - Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped - with an ICMP `Fragmentation-Needed` message if the packets are routed to the Internet or other VPCs - with varying MTUs. - input: true - - !ruby/object:Api::Type::Boolean - name: 'enableUlaInternalIpv6' - description: | - Enable ULA internal ipv6 on this network. Enabling this feature will assign - a /48 from google defined ULA prefix fd20::/20. - input: true - - !ruby/object:Api::Type::String - name: 'internalIpv6Range' - description: | - When enabling ula internal ipv6, caller optionally can specify the /48 range - they want from the google defined ULA prefix fd20::/20. The input must be a - valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will - fail if the speficied /48 is already in used by another resource. - If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. - input: true - - !ruby/object:Api::Resource - name: 'NetworkEndpoint' - kind: 'compute#networkEndpoint' - base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}' - description: | - A Network endpoint represents a IP address and port combination that is - part of a specific network endpoint group (NEG). NEGs are zonal - collections of these endpoints for GCP resources within a - single subnet. **NOTE**: Network endpoints cannot be created outside of a - network endpoint group. - input: true - create_verb: :POST - create_url: projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/attachNetworkEndpoints - delete_verb: :POST - delete_url: projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/detachNetworkEndpoints - read_verb: :POST - self_link: projects/{{project}}/zones/{{zone}}/networkEndpointGroups/{{network_endpoint_group}}/listNetworkEndpoints - identity: - - instance - - ipAddress - - port - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - items - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: | - Zone where the containing network endpoint group is located. - required: true - url_param_only: true - - !ruby/object:Api::Type::ResourceRef - name: 'networkEndpointGroup' - resource: 'NetworkEndpointGroup' - imports: 'name' - description: | - The network endpoint group this endpoint is part of. - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'instance' - resource: 'Instance' - imports: 'name' - description: | - The name for a specific VM instance that the IP address belongs to. - This is required for network endpoints of type GCE_VM_IP_PORT. - The instance must be in the same zone of network endpoint group. - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - Port number of network endpoint. - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: | - IPv4 address of network endpoint. The IP address must belong - to a VM in GCE (either the primary IP or as part of an aliased IP - range). - required: true - - !ruby/object:Api::Resource - name: 'NetworkEndpointGroup' - kind: 'compute#networkEndpointGroup' - base_url: 'projects/{{project}}/zones/{{zone}}/networkEndpointGroups' - input: true - has_self_link: true - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' - description: | - Network endpoint groups (NEGs) are zonal resources that represent - collections of IP address and port combinations for GCP resources within a - single subnet. Each IP address and port combination is called a network - endpoint. - - Network endpoint groups can be used as backends in backend services for - HTTP(S), TCP proxy, and SSL proxy load balancers. You cannot use NEGs as a - backend with internal load balancers. Because NEG backends allow you to - specify IP addresses and ports, you can distribute traffic in a granular - fashion among applications or containers running within VM instances. - - Recreating a network endpoint group that's in use by another resource will give a - `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` - to avoid this type of error. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: | - Zone where the network endpoint group is located. - required: true - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Enum - name: 'networkEndpointType' - description: | - Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. - - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. - values: - - :GCE_VM_IP - - :GCE_VM_IP_PORT - - :NON_GCP_PRIVATE_IP_PORT - default_value: :GCE_VM_IP_PORT - - !ruby/object:Api::Type::Integer - name: 'size' - description: Number of network endpoints in the network endpoint group. - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The network to which all network endpoints in the NEG belong. - Uses "default" project network if unspecified. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - Optional subnetwork to which all network endpoints in the NEG belong. - - !ruby/object:Api::Type::Integer - name: 'defaultPort' - description: | - The default port used if the port number is not specified in the - network endpoint. - - !ruby/object:Api::Resource - name: 'GlobalNetworkEndpoint' - kind: 'compute#networkEndpoint' - base_url: 'projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}' - description: | - A Global Network endpoint represents a IP address and port combination that exists outside of GCP. - **NOTE**: Global network endpoints cannot be created outside of a - global network endpoint group. - input: true - create_verb: :POST - create_url: projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/attachNetworkEndpoints - delete_verb: :POST - delete_url: projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/detachNetworkEndpoints - read_verb: :POST - self_link: projects/{{project}}/global/networkEndpointGroups/{{global_network_endpoint_group}}/listNetworkEndpoints - identity: - - ipAddress - - fqdn - - port - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - items - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'globalNetworkEndpointGroup' - resource: 'GlobalNetworkEndpointGroup' - imports: 'name' - description: | - The global network endpoint group this endpoint is part of. - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - Port number of the external endpoint. - required: true - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: | - IPv4 address external endpoint. - - !ruby/object:Api::Type::String - name: 'fqdn' - at_least_one_of: - - fqdn - - ip_address - description: | - Fully qualified domain name of network endpoint. - This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. - - !ruby/object:Api::Resource - name: 'GlobalNetworkEndpointGroup' - kind: 'compute#networkEndpointGroup' - base_url: 'projects/{{project}}/global/networkEndpointGroups' - input: true - has_self_link: true - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/internet-neg-concepts' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/networkEndpointGroups' - description: | - A global network endpoint group contains endpoints that reside outside of Google Cloud. - Currently a global network endpoint group can only support a single endpoint. - - Recreating a global network endpoint group that's in use by another resource will give a - `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` - to avoid this type of error. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Enum - name: 'networkEndpointType' - required: true - description: | - Type of network endpoints in this network endpoint group. - values: - - :INTERNET_IP_PORT - - :INTERNET_FQDN_PORT - - !ruby/object:Api::Type::Integer - name: 'defaultPort' - description: | - The default port used if the port number is not specified in the - network endpoint. - - !ruby/object:Api::Resource - name: 'RegionNetworkEndpointGroup' - kind: 'compute#networkEndpointGroup' - base_url: 'projects/{{project}}/regions/{{region}}/networkEndpointGroups' - input: true - has_self_link: true - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups' - description: | - A regional NEG that can support Serverless Products. - - Recreating a region network endpoint group that's in use by another resource will give a - `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` - to avoid this type of error. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - A reference to the region where the Serverless NEGs Reside. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Enum - name: 'networkEndpointType' - description: | - Type of network endpoints in this network endpoint group. Defaults to SERVERLESS - values: - - :SERVERLESS - - :PRIVATE_SERVICE_CONNECT - default_value: :SERVERLESS - - !ruby/object:Api::Type::String - name: 'pscTargetService' - description: | - The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - - !ruby/object:Api::Type::ResourceRef - name: 'subnetwork' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - - !ruby/object:Api::Type::NestedObject - name: 'cloudRun' - conflicts: - - cloud_function - - app_engine - - serverless_deployment - description: | - Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - - !ruby/object:Api::Type::String - name: 'service' - at_least_one_of: - - cloud_run.0.service - - cloud_run.0.url_mask - description: | - Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - - !ruby/object:Api::Type::String - name: 'tag' - description: | - Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - - !ruby/object:Api::Type::String - name: 'urlMask' - at_least_one_of: - - cloud_run.0.service - - cloud_run.0.url_mask - description: | - A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - - !ruby/object:Api::Type::NestedObject - name: 'appEngine' - conflicts: - - cloud_run - - cloud_function - - serverless_deployment - allow_empty_object: true - description: | - Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - - !ruby/object:Api::Type::String - name: 'service' - description: | - Optional serving service. - The service name must be 1-63 characters long, and comply with RFC1035. - Example value: "default", "my-service". - - !ruby/object:Api::Type::String - name: 'version' - description: | - Optional serving version. - The version must be 1-63 characters long, and comply with RFC1035. - Example value: "v1", "v2". - - !ruby/object:Api::Type::String - name: 'urlMask' - description: | - A template to parse service and version fields from a request URL. - URL mask allows for routing to multiple App Engine services without - having to create multiple Network Endpoint Groups and backend services. - - For example, the request URLs "foo1-dot-appname.appspot.com/v1" and - "foo1-dot-appname.appspot.com/v2" can be backed by the same Serverless NEG with - URL mask "-dot-appname.appspot.com/". The URL mask will parse - them to { service = "foo1", version = "v1" } and { service = "foo1", version = "v2" } respectively. - - !ruby/object:Api::Type::NestedObject - name: 'cloudFunction' - conflicts: - - cloud_run - - app_engine - - serverless_deployment - description: | - Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - - !ruby/object:Api::Type::String - name: 'function' - at_least_one_of: - - cloud_function.0.function - - cloud_function.0.url_mask - description: | - A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - - !ruby/object:Api::Type::String - name: 'urlMask' - at_least_one_of: - - cloud_function.0.function - - cloud_function.0.url_mask - description: | - A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - - !ruby/object:Api::Type::NestedObject - name: 'serverlessDeployment' - min_version: beta - conflicts: - - cloud_run - - cloud_function - - app_engine - allow_empty_object: true - description: | - Only valid when networkEndpointType is "SERVERLESS". - Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set. - properties: - - !ruby/object:Api::Type::String - name: 'platform' - required: true - # Docs (https://cloud.google.com/compute/docs/reference/rest/beta/regionNetworkEndpointGroups) say support is offered for: - # API Gateway: apigateway.googleapis.com, App Engine: appengine.googleapis.com, - # Cloud Functions: cloudfunctions.googleapis.com, Cloud Run: run.googleapis.com - # However, only API Gateway is currently supported - description: | - The platform of the NEG backend target(s). Possible values: - API Gateway: apigateway.googleapis.com - - !ruby/object:Api::Type::String - name: 'resource' - description: | - The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask. - The resource identified by this value is platform-specific and is as follows: API Gateway: The gateway ID, App Engine: The service name, - Cloud Functions: The function name, Cloud Run: The service name - - !ruby/object:Api::Type::String - name: 'version' - description: | - The optional resource version. The version identified by this value is platform-specific and is follows: - API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag - - !ruby/object:Api::Type::String - name: 'urlMask' - required: false - description: | - A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources - on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources. - The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID, - App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag - - !ruby/object:Api::Resource - name: 'NodeGroup' - kind: 'compute#NodeGroup' - base_url: projects/{{project}}/zones/{{zone}}/nodeGroups - create_url: projects/{{project}}/zones/{{zone}}/nodeGroups?initialNodeCount={{size}} - has_self_link: true - description: | - Represents a NodeGroup resource to manage a group of sole-tenant nodes. - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Sole-Tenant Nodes': 'https://cloud.google.com/compute/docs/nodes/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups' - collection_url_key: 'items' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'selfLink' - required: true - description: | - Zone where this node group is located - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: | - Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional textual description of the resource. - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. - - !ruby/object:Api::Type::ResourceRef - name: 'nodeTemplate' - resource: 'NodeTemplate' - imports: 'selfLink' - required: true - description: | - The URL of the node template to which this node group belongs. - update_verb: :POST - update_url: 'projects/{{project}}/zones/{{zone}}/nodeGroups/{{name}}/setNodeTemplate' - - !ruby/object:Api::Type::Integer - name: 'size' - description: | - The total number of nodes in the node group. - input: true - send_empty_value: true - - !ruby/object:Api::Type::Integer - name: 'initialSize' - description: | - The initial number of nodes in the node group. One of `initial_size` or `size` must be specified. - url_param_only: true - exactly_one_of: - - size - - initial_size - - !ruby/object:Api::Type::String - name: 'maintenancePolicy' - description: | - Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT. - default_value: DEFAULT - - !ruby/object:Api::Type::NestedObject - name: 'maintenanceWindow' - description: | - contains properties for the timeframe of maintenance - properties: - - !ruby/object:Api::Type::String - name: 'startTime' - required: true - description: | - instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid. - - !ruby/object:Api::Type::NestedObject - name: 'autoscalingPolicy' - description: | - If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. - properties: - - !ruby/object:Api::Type::Enum - name: 'mode' - required: true - description: | - The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. - values: - - :OFF - - :ON - - :ONLY_SCALE_OUT - - !ruby/object:Api::Type::Integer - name: 'minNodes' - description: | - Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - - !ruby/object:Api::Type::Integer - name: 'maxNodes' - description: | - Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'shareSettings' - description: | - Share settings for the node group. - properties: - - !ruby/object:Api::Type::Enum - name: 'shareType' - required: true - description: | - Node group sharing type. - values: - - :ORGANIZATION - - :SPECIFIC_PROJECTS - - :LOCAL - - !ruby/object:Api::Type::Map - name: 'projectMap' - description: | - A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. - key_name: id - key_description: | - The project ID. - value_type: !ruby/object:Api::Type::NestedObject - name: projectConfig - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - required: true - description: | - The project id/number should be the same as the key of this project config in the project map. - - !ruby/object:Api::Resource - name: 'NetworkPeeringRoutesConfig' - base_url: 'projects/{{project}}/global/networks/{{network}}' - self_link: 'projects/{{project}}/global/networks/{{network}}' - description: | - Manage a network peering's route settings without managing the peering as - a whole. This resource is primarily intended for use with GCP-generated - peerings that shouldn't otherwise be managed by other tools. Deleting this - resource is a no-op and the peering will not be modified. - create_verb: :PATCH - create_url: 'projects/{{project}}/global/networks/{{network}}/updatePeering' - update_verb: :PATCH - update_url: 'projects/{{project}}/global/networks/{{network}}/updatePeering' - identity: - - peering - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - peerings - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/vpc/docs/vpc-peering' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networks/updatePeering' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'name' - description: | - The name of the primary network for the peering. - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'peering' - # renamed to make it clear that this is an existing peering - api_name: 'name' - required: true - description: | - Name of the peering. - - !ruby/object:Api::Type::Boolean - name: 'exportCustomRoutes' - required: true - description: | - Whether to export the custom routes to the peer network. - - !ruby/object:Api::Type::Boolean - name: 'importCustomRoutes' - required: true - description: | - Whether to import the custom routes to the peer network. - - !ruby/object:Api::Resource - name: 'NodeTemplate' - kind: 'compute#nodeTemplate' - base_url: projects/{{project}}/regions/{{region}}/nodeTemplates - has_self_link: true - description: | - Represents a NodeTemplate resource. Node templates specify properties - for creating sole-tenant nodes, such as node type, vCPU and memory - requirements, node affinity labels, and region. - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Sole-Tenant Nodes': 'https://cloud.google.com/compute/docs/nodes/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/nodeTemplates' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - collection_url_key: 'items' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - required: true - description: | - Region where nodes using the node template will be created - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional textual description of the resource.' - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the resource.' - - !ruby/object:Api::Type::KeyValuePairs - name: 'nodeAffinityLabels' - description: | - Labels to use for node affinity, which will be used in - instance scheduling. - - !ruby/object:Api::Type::String - name: 'nodeType' - description: | - Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. - conflicts: - - node_type_flexibility - - !ruby/object:Api::Type::NestedObject - name: 'nodeTypeFlexibility' - description: | - Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. - conflicts: - - node_type - properties: - - !ruby/object:Api::Type::String - name: cpus - at_least_one_of: - - node_type_flexibility.0.cpus - - node_type_flexibility.0.memory - description: | - Number of virtual CPUs to use. - - !ruby/object:Api::Type::String - name: memory - at_least_one_of: - - node_type_flexibility.0.cpus - - node_type_flexibility.0.memory - description: | - Physical memory available to the node, defined in MB. - - !ruby/object:Api::Type::String - name: localSsd - description: | - Use local SSD - output: true - - !ruby/object:Api::Type::NestedObject - name: 'serverBinding' - description: | - The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - - !ruby/object:Api::Type::Enum - name: 'type' - required: true - description: | - Type of server binding policy. If `RESTART_NODE_ON_ANY_SERVER`, - nodes using this template will restart on any physical server - following a maintenance event. - - If `RESTART_NODE_ON_MINIMAL_SERVER`, nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. - values: - - :RESTART_NODE_ON_ANY_SERVER - - :RESTART_NODE_ON_MINIMAL_SERVERS - - !ruby/object:Api::Type::Enum - name: 'cpuOvercommitType' - description: | - CPU overcommit. - values: - - :ENABLED - - :NONE - default_value: :NONE - - !ruby/object:Api::Resource - name: 'OrganizationSecurityPolicy' - min_version: beta - base_url: 'locations/global/securityPolicies?parentId={{parent}}' - self_link: 'locations/global/securityPolicies/{{id}}' - create_url: 'locations/global/securityPolicies?parentId={{parent}}' - update_verb: :PATCH - description: | - Organization security policies are used to control incoming/outgoing traffic. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a firewall policy': - 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-policy' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies' - parameters: - - !ruby/object:Api::Type::String - name: parent - description: | - The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. - Format: organizations/{organization_id} or folders/{folder_id} - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: displayName - description: | - A textual name of the security policy. - input: true - required: true - - !ruby/object:Api::Type::String - name: description - description: | - A textual description for the organization security policy. - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - description: | - Fingerprint of this resource. This field is used internally during - updates of this resource. - output: true - - !ruby/object:Api::Type::String - name: id - description: | - The unique identifier for the resource. This identifier is defined by the server. - output: true - - !ruby/object:Api::Type::Enum - name: type - description: | - The type indicates the intended use of the security policy. - For organization security policies, the only supported type - is "FIREWALL". - input: true - values: - - :FIREWALL - default_value: :FIREWALL - - !ruby/object:Api::Resource - name: 'OrganizationSecurityPolicyAssociation' - min_version: beta - base_url: 'locations/global/securityPolicies/{{policy_id}}' - self_link: 'locations/global/securityPolicies/{{policy_id}}/getAssociation?name={{name}}' - create_url: 'locations/global/securityPolicies/{{policy_id}}/addAssociation' - delete_verb: :POST - delete_url: 'locations/global/securityPolicies/{{policy_id}}/removeAssociation?name={{name}}' - description: | - An association for the OrganizationSecurityPolicy. - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Associating a policy with the organization or folder': - 'https://cloud.google.com/vpc/docs/using-firewall-policies#associate' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addAssociation' - parameters: - - !ruby/object:Api::Type::String - name: 'policyId' - description: | - The security policy ID of the association. - required: true - url_param_only: true - api_name: 'securityPolicyId' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The name for an association. - required: true - - !ruby/object:Api::Type::String - name: 'attachmentId' - description: | - The resource that the security policy is attached to. - required: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The display name of the security policy of the association. - output: true - - !ruby/object:Api::Resource - name: 'OrganizationSecurityPolicyRule' - min_version: beta - base_url: 'locations/global/securityPolicies/{{policy_id}}' - self_link: 'locations/global/securityPolicies/{{policy_id}}/getRule?priority={{priority}}' - create_url: 'locations/global/securityPolicies/{{policy_id}}/addRule?priority={{priority}}' - update_verb: :POST - update_url: 'locations/global/securityPolicies/{{policy_id}}/patchRule?priority={{priority}}' - delete_verb: :POST - delete_url: 'locations/global/securityPolicies/{{policy_id}}/removeRule?priority={{priority}}' - description: | - A rule for the OrganizationSecurityPolicy. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating firewall rules': - 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-rules' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies/addRule' - parameters: - - !ruby/object:Api::Type::String - name: policyId - description: | - The ID of the OrganizationSecurityPolicy this rule applies to. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the rule. - - !ruby/object:Api::Type::Integer - name: 'priority' - description: | - An integer indicating the priority of a rule in the list. The priority must be a value - between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the - highest priority and 2147483647 is the lowest prority. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'match' - description: - A match condition that incoming traffic is evaluated against. If it evaluates to true, - the corresponding 'action' is enforced. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the rule. - - !ruby/object:Api::Type::Enum - name: 'versionedExpr' - description: | - Preconfigured versioned expression. For organization security policy rules, - the only supported type is "FIREWALL". - values: - - :FIREWALL - default_value: :FIREWALL - - !ruby/object:Api::Type::NestedObject - name: 'config' - description: - The configuration options for matching the rule. - required: true - properties: - - !ruby/object:Api::Type::Array - name: 'srcIpRanges' - description: | - Source IP address range in CIDR format. Required for - INGRESS rules. - item_type: Api::Type::String - exactly_one_of: - - match.0.config.0.src_ip_ranges - - match.0.config.0.dest_ip_ranges - - !ruby/object:Api::Type::Array - name: 'destIpRanges' - description: | - Destination IP address range in CIDR format. Required for - EGRESS rules. - item_type: Api::Type::String - exactly_one_of: - - match.0.config.0.src_ip_ranges - - match.0.config.0.dest_ip_ranges - - !ruby/object:Api::Type::Array - name: 'layer4Config' - api_name: 'layer4Configs' - description: | - Pairs of IP protocols and ports that the rule should match. - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipProtocol' - description: | - The IP protocol to which this rule applies. The protocol - type is required when creating a firewall rule. - This value can either be one of the following well - known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), - or the IP protocol number. - required: true - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'ports' - description: | - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - - !ruby/object:Api::Type::String - name: 'action' - description: | - The Action to perform when the client connection triggers the rule. Can currently be either - "allow", "deny" or "goto_next". - required: true - - !ruby/object:Api::Type::Boolean - name: 'preview' - description: | - If set to true, the specified action is not enforced. - - !ruby/object:Api::Type::Enum - name: 'direction' - description: | - The direction in which this rule applies. If unspecified an INGRESS rule is created. - values: - - :INGRESS - - :EGRESS - - !ruby/object:Api::Type::Array - name: 'targetResources' - description: | - A list of network resource URLs to which this rule applies. - This field allows you to control which network's VMs get - this rule. If this field is left blank, all VMs - within the organization will receive the rule. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'enableLogging' - description: | - Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the - configured export destination in Stackdriver. - send_empty_value: true - - !ruby/object:Api::Type::Array - name: 'targetServiceAccounts' - description: | - A list of service accounts indicating the sets of - instances that are applied with this rule. - item_type: Api::Type::String - - !ruby/object:Api::Resource - name: 'PacketMirroring' - base_url: projects/{{project}}/regions/{{region}}/packetMirrorings - update_verb: :PATCH - self_link: projects/{{project}}/regions/{{region}}/packetMirrorings/{{name}} - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Packet Mirroring': 'https://cloud.google.com/vpc/docs/using-packet-mirroring#creating' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/packetMirrorings' - description: | - Packet Mirroring mirrors traffic to and from particular VM instances. - You can use the collected traffic to help you detect security threats - and monitor application performance. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - - properties: - - !ruby/object:Api::Type::String - name: name - description: The name of the packet mirroring rule - required: true - - !ruby/object:Api::Type::String - name: description - description: A human-readable description of the rule. - input: true - - !ruby/object:Api::Type::String - name: region - description: The region where this rule is active. - required: true - - !ruby/object:Api::Type::NestedObject - name: network - input: true - description: | - Specifies the mirrored VPC network. Only packets in this network - will be mirrored. All mirrored VMs should have a NIC in the given - network. All mirrored subnetworks should belong to the given network. - properties: - - !ruby/object:Api::Type::ResourceRef - name: url - description: The full self_link URL of the network where this rule is active. - resource: 'Network' - imports: 'selfLink' - required: true - input: true - required: true - - !ruby/object:Api::Type::Integer - name: priority - description: | - Since only one rule can be active at a time, priority is - used to break ties in the case of two rules that apply to - the same instances. - required: true - - !ruby/object:Api::Type::NestedObject - name: collectorIlb - description: | - The Forwarding Rule resource (of type loadBalancingScheme=INTERNAL) - that will be used as collector for mirrored traffic. The - specified forwarding rule must have isMirroringCollector - set to true. - required: true - properties: - - !ruby/object:Api::Type::ResourceRef - name: url - required: true - resource: 'ForwardingRule' - imports: 'selfLink' - description: The URL of the forwarding rule. - - !ruby/object:Api::Type::NestedObject - name: filter - description: | - A filter for mirrored traffic. If unset, all traffic is mirrored. - properties: - - !ruby/object:Api::Type::Array - name: ipProtocols - api_name: 'IPProtocols' - description: | - Protocols that apply as a filter on mirrored traffic. - item_type: Api::Type::String - name: ipProtocols - description: Possible IP protocols including tcp, udp, icmp and esp - - !ruby/object:Api::Type::Array - name: cidrRanges - description: | - IP CIDR ranges that apply as a filter on the source (ingress) or - destination (egress) IP in the IP header. Only IPv4 is supported. - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: direction - description: Direction of traffic to mirror. - values: - - :INGRESS - - :EGRESS - - :BOTH - default_value: :BOTH - - !ruby/object:Api::Type::NestedObject - name: mirroredResources - required: true - description: | - A means of specifying which resources to mirror. - properties: - - !ruby/object:Api::Type::Array - name: subnetworks - at_least_one_of: - - mirrored_resources.0.subnetworks - - mirrored_resources.0.instances - - mirrored_resources.0.tags - description: | - All instances in one of these subnetworks will be mirrored. - item_type: !ruby/object:Api::Type::NestedObject - name: subnetworks - description: The subnetworks that should be mirrored. Specify at most 5. - properties: - - !ruby/object:Api::Type::ResourceRef - name: url - resource: 'Subnetwork' - imports: 'selfLink' - description: The URL of the subnetwork where this rule should be active. - required: true - - !ruby/object:Api::Type::Array - name: instances - description: | - All the listed instances will be mirrored. Specify at most 50. - at_least_one_of: - - mirrored_resources.0.subnetworks - - mirrored_resources.0.instances - - mirrored_resources.0.tags - item_type: !ruby/object:Api::Type::NestedObject - name: instances - description: The instances that should be mirrored. - properties: - - !ruby/object:Api::Type::ResourceRef - name: url - resource: 'Instance' - imports: 'selfLink' - description: The URL of the instances where this rule should be active. - required: true - - !ruby/object:Api::Type::Array - name: tags - at_least_one_of: - - mirrored_resources.0.subnetworks - - mirrored_resources.0.instances - - mirrored_resources.0.tags - description: | - All instances with these tags will be mirrored. - item_type: Api::Type::String - - - !ruby/object:Api::Resource - name: 'PerInstanceConfig' - base_url: 'projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}' - description: | - A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name - across instance group manager operations and can define stateful disks or metadata that are unique to the instance. - create_verb: :POST - create_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/createInstances - update_verb: :POST - update_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/updatePerInstanceConfigs - delete_verb: :POST - delete_url: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/deletePerInstanceConfigs - read_verb: :POST - self_link: projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{instance_group_manager}}/listPerInstanceConfigs - identity: - - name - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - items - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: | - Zone where the containing instance group manager is located - required: true - url_param_only: true - input: true - - !ruby/object:Api::Type::ResourceRef - name: 'instanceGroupManager' - resource: 'InstanceGroupManager' - imports: 'name' - description: | - The instance group manager this instance config is part of. - required: true - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this per-instance config and its corresponding instance. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'preservedState' - description: 'The preserved state for this instance.' - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - Preserved metadata defined for this instance. This is a list of key->value pairs. - - !ruby/object:Api::Type::Array - name: 'disk' - api_name: disks - description: | - Stateful disks for the instance. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: deviceName - required: true - description: | - A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. - - !ruby/object:Api::Type::String - name: source - required: true - description: | - The URI of an existing persistent disk to attach under the specified device-name in the format - `projects/project-id/zones/zone/disks/disk-name`. - - !ruby/object:Api::Type::Enum - name: mode - description: | - The mode of the disk. - values: - - :READ_ONLY - - :READ_WRITE - default_value: :READ_WRITE - - !ruby/object:Api::Type::Enum - name: deleteRule - description: | - A value that prescribes what should happen to the stateful disk when the VM instance is deleted. - The available options are `NEVER` and `ON_PERMANENT_INSTANCE_DELETION`. - `NEVER` - detach the disk when the VM is deleted, but do not delete the disk. - `ON_PERMANENT_INSTANCE_DELETION` will delete the stateful disk when the VM is permanently - deleted from the instance group. - values: - - :NEVER - - :ON_PERMANENT_INSTANCE_DELETION - default_value: :NEVER - - !ruby/object:Api::Type::Map - name: 'internalIp' - api_name: internalIPs - min_version: beta - key_name: "interface_name" - description: | - Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. - value_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: autoDelete - description: | - These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. - values: - - :NEVER - - :ON_PERMANENT_INSTANCE_DELETION - default_value: :NEVER - - !ruby/object:Api::Type::NestedObject - name: 'ipAddress' - description: | - Ip address representation - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: | - The URL of the reservation for this IP address. - - !ruby/object:Api::Type::Map - name: 'externalIp' - min_version: beta - api_name: externalIPs - key_name: "interface_name" - description: | - Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. - value_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: autoDelete - description: | - These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. - values: - - :NEVER - - :ON_PERMANENT_INSTANCE_DELETION - default_value: :NEVER - - !ruby/object:Api::Type::NestedObject - name: 'ipAddress' - description: | - Ip address representation - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: | - The URL of the reservation for this IP address. - - !ruby/object:Api::Resource - name: 'RegionPerInstanceConfig' - base_url: 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}' - description: | - A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name - across instance group manager operations and can define stateful disks or metadata that are unique to the instance. - This resource works with regional instance group managers. - create_verb: :POST - create_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/createInstances - update_verb: :POST - update_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/updatePerInstanceConfigs - delete_verb: :POST - delete_url: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/deletePerInstanceConfigs - read_verb: :POST - self_link: projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{region_instance_group_manager}}/listPerInstanceConfigs - identity: - - name - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - items - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/instance-groups/stateful-migs#per-instance_configs' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/instanceGroupManagers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - Region where the containing instance group manager is located - required: true - url_param_only: true - input: true - - !ruby/object:Api::Type::ResourceRef - name: 'regionInstanceGroupManager' - resource: 'RegionInstanceGroupManager' - imports: 'name' - description: | - The region instance group manager this instance config is part of. - required: true - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this per-instance config and its corresponding instance. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'preservedState' - description: 'The preserved state for this instance.' - update_verb: :POST - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - Preserved metadata defined for this instance. This is a list of key->value pairs. - - !ruby/object:Api::Type::Array - name: 'disk' - api_name: disks - description: | - Stateful disks for the instance. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: deviceName - required: true - description: | - A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. - - !ruby/object:Api::Type::String - name: source - required: true - description: | - The URI of an existing persistent disk to attach under the specified device-name in the format - `projects/project-id/zones/zone/disks/disk-name`. - - !ruby/object:Api::Type::Enum - name: mode - description: | - The mode of the disk. - values: - - :READ_ONLY - - :READ_WRITE - default_value: :READ_WRITE - - !ruby/object:Api::Type::Enum - name: deleteRule - description: | - A value that prescribes what should happen to the stateful disk when the VM instance is deleted. - The available options are `NEVER` and `ON_PERMANENT_INSTANCE_DELETION`. - `NEVER` - detach the disk when the VM is deleted, but do not delete the disk. - `ON_PERMANENT_INSTANCE_DELETION` will delete the stateful disk when the VM is permanently - deleted from the instance group. - values: - - :NEVER - - :ON_PERMANENT_INSTANCE_DELETION - default_value: :NEVER - - !ruby/object:Api::Type::Map - name: 'internalIp' - api_name: internalIPs - min_version: beta - key_name: "interface_name" - description: | - Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface. - value_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: autoDelete - description: | - These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. - values: - - :NEVER - - :ON_PERMANENT_INSTANCE_DELETION - default_value: :NEVER - - !ruby/object:Api::Type::NestedObject - name: 'ipAddress' - description: | - Ip address representation - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: | - The URL of the reservation for this IP address. - - !ruby/object:Api::Type::Map - name: 'externalIp' - min_version: beta - api_name: externalIPs - key_name: "interface_name" - description: | - Preserved external IPs defined for this instance. This map is keyed with the name of the network interface. - value_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: autoDelete - description: | - These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. - values: - - :NEVER - - :ON_PERMANENT_INSTANCE_DELETION - default_value: :NEVER - - !ruby/object:Api::Type::NestedObject - name: 'ipAddress' - description: | - Ip address representation - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: | - The URL of the reservation for this IP address. - - !ruby/object:Api::Resource - name: 'ProjectInfo' - base_url: projects - self_link: projects/{{project}} - readonly: true - description: | - Information about the project specifically for compute. - properties: - - !ruby/object:Api::Type::String - name: name - description: The name of this project - - !ruby/object:Api::Type::NestedObject - name: 'commonInstanceMetadata' - description: 'Metadata shared for all instances in this project' - properties: - - !ruby/object:Api::Type::Array - name: 'items' - description: | - Array of key/values - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'key' - description: 'Key of the metadata key/value pair' - - !ruby/object:Api::Type::String - name: 'value' - description: 'Value of the metadata key/value pair' - - !ruby/object:Api::Type::Array - name: 'enabledFeatures' - description: | - Restricted features enabled for use on this project - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: defaultServiceAccount - description: Default service account used by VMs in this project - - !ruby/object:Api::Type::String - name: xpnProjectStatus - description: The role this project has in a shared VPC configuration. - - !ruby/object:Api::Type::String - name: defaultNetworkTier - description: The default network tier used for configuring resources in this project - - !ruby/object:Api::Type::Array - name: 'quotas' - description: | - Quotas applied to this project - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'metric' - description: 'Name of the quota metric' - - !ruby/object:Api::Type::String - name: 'limit' - description: 'Quota limit for this metric' - - !ruby/object:Api::Type::String - name: 'usage' - description: 'Current usage of this metric' - - !ruby/object:Api::Type::String - name: 'owner' - description: Owning resource. This is the resource on which this quota is applied. - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - - !ruby/object:Api::Resource - name: 'Region' - kind: 'compute#region' - base_url: projects/{{project}}/regions - collection_url_key: 'items' - has_self_link: true - readonly: true - description: | - Represents a Region resource. A region is a specific geographical - location where you can run your resources. Each region has one or more - zones - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'deprecated' - description: 'The deprecation state of this resource.' - output: true - properties: - - !ruby/object:Api::Type::Time - name: 'deleted' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to DELETED. - - !ruby/object:Api::Type::Time - name: 'deprecated' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to DEPRECATED. - output: true - - !ruby/object:Api::Type::Time - name: 'obsolete' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to OBSOLETE. - output: true - - !ruby/object:Api::Type::String - name: 'replacement' - description: | - The URL of the suggested replacement for a deprecated resource. The - suggested replacement resource must be the same kind of resource as - the deprecated resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The deprecation state of this resource. This can be DEPRECATED, - OBSOLETE, or DELETED. Operations which create a new resource using a - DEPRECATED resource will return successfully, but with a warning - indicating the deprecated resource and recommending its replacement. - Operations which use OBSOLETE or DELETED resources will be rejected - and result in an error. - values: - - :DEPRECATED - - :OBSOLETE - - :DELETED - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the resource.' - - !ruby/object:Api::Type::Array - name: 'quotas' - description: 'Quotas assigned to this region.' - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'metric' - description: 'Name of the quota metric.' - output: true - - !ruby/object:Api::Type::Double - name: 'limit' - description: 'Quota limit for this metric.' - output: true - - !ruby/object:Api::Type::Double - name: 'usage' - description: 'Current usage of this metric.' - output: true - - !ruby/object:Api::Type::String - name: 'owner' - description: 'Owning resource. This is the resource on which this quota is applied.' - output: true - - !ruby/object:Api::Type::Enum - name: 'status' - description: | - Status of the region, either UP or DOWN. - values: - - :UP - - :DOWN - output: true - - !ruby/object:Api::Type::Array - name: 'zones' - description: 'List of zones within the region' - item_type: Api::Type::String - output: true - - !ruby/object:Api::Resource - name: 'RegionAutoscaler' - kind: 'compute#autoscaler' - base_url: projects/{{project}}/regions/{{region}}/autoscalers - update_url: projects/{{project}}/regions/{{region}}/autoscalers?autoscaler={{name}} - collection_url_key: 'items' - has_self_link: true - description: | - Represents an Autoscaler resource. - - Autoscalers allow you to automatically scale virtual machine instances in - managed instance groups according to an autoscaling policy that you - define. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Autoscaling Groups of Instances': 'https://cloud.google.com/compute/docs/autoscaler/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionAutoscalers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - URL of the region where the instance group resides. - required: true - input: true - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'Unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. The name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::NestedObject - name: 'autoscalingPolicy' - description: | - The configuration parameters for the autoscaling algorithm. You can - define one or more of the policies for an autoscaler: cpuUtilization, - customMetricUtilizations, and loadBalancingUtilization. - - If none of these are specified, the default will be to autoscale based - on cpuUtilization to 0.6 or 60%. - required: true - properties: - - !ruby/object:Api::Type::Integer - name: 'minNumReplicas' - description: | - The minimum number of replicas that the autoscaler can scale down - to. This cannot be less than 0. If not provided, autoscaler will - choose a default value depending on maximum number of instances - allowed. - send_empty_value: true - - !ruby/object:Api::Type::Integer - name: 'maxNumReplicas' - description: | - The maximum number of instances that the autoscaler can scale up - to. This is required when creating or updating an autoscaler. The - maximum number of replicas should not be lower than minimal number - of replicas. - required: true - - !ruby/object:Api::Type::Integer - name: 'coolDownPeriodSec' - description: | - The number of seconds that the autoscaler should wait before it - starts collecting information from a new instance. This prevents - the autoscaler from collecting information when the instance is - initializing, during which the collected usage would not be - reliable. The default time autoscaler waits is 60 seconds. - - Virtual machine initialization times might vary because of - numerous factors. We recommend that you test how long an - instance may take to initialize. To do this, create an instance - and time the startup process. - default_value: 60 - - !ruby/object:Api::Type::Enum - name: 'mode' - default_value: :ON - description: | - Defines operating mode for this policy. - values: - - :OFF - - :ONLY_UP - - :ON - - !ruby/object:Api::Type::NestedObject - name: 'scaleDownControl' - min_version: beta - description: | - Defines scale down controls to reduce the risk of response latency - and outages due to abrupt scale-in events - properties: - - !ruby/object:Api::Type::NestedObject - name: 'maxScaledDownReplicas' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas - - autoscaling_policy.0.scale_down_control.0.time_window_sec - properties: - - !ruby/object:Api::Type::Integer - name: 'fixed' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent - description: | - Specifies a fixed number of VM instances. This must be a positive - integer. - - !ruby/object:Api::Type::Integer - name: 'percent' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.fixed - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas.0.percent - description: | - Specifies a percentage of instances between 0 to 100%, inclusive. - For example, specify 80 for 80%. - - !ruby/object:Api::Type::Integer - name: 'timeWindowSec' - at_least_one_of: - - autoscaling_policy.0.scale_down_control.0.max_scaled_down_replicas - - autoscaling_policy.0.scale_down_control.0.time_window_sec - description: | - How long back autoscaling should look when computing recommendations - to include directives regarding slower scale down, as described above. - - !ruby/object:Api::Type::NestedObject - name: 'scaleInControl' - description: | - Defines scale in controls to reduce the risk of response latency - and outages due to abrupt scale-in events - properties: - - !ruby/object:Api::Type::NestedObject - name: 'maxScaledInReplicas' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas - - autoscaling_policy.0.scale_in_control.0.time_window_sec - properties: - - !ruby/object:Api::Type::Integer - name: 'fixed' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent - description: | - Specifies a fixed number of VM instances. This must be a positive - integer. - - !ruby/object:Api::Type::Integer - name: 'percent' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.fixed - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas.0.percent - description: | - Specifies a percentage of instances between 0 to 100%, inclusive. - For example, specify 80 for 80%. - - !ruby/object:Api::Type::Integer - name: 'timeWindowSec' - at_least_one_of: - - autoscaling_policy.0.scale_in_control.0.max_scaled_in_replicas - - autoscaling_policy.0.scale_in_control.0.time_window_sec - description: | - How long back autoscaling should look when computing recommendations - to include directives regarding slower scale down, as described above. - - !ruby/object:Api::Type::NestedObject - name: 'cpuUtilization' - description: | - Defines the CPU utilization policy that allows the autoscaler to - scale based on the average CPU utilization of a managed instance - group. - properties: - - !ruby/object:Api::Type::Double - name: 'utilizationTarget' - description: | - The target CPU utilization that the autoscaler should maintain. - Must be a float value in the range (0, 1]. If not specified, the - default is 0.6. - - If the CPU level is below the target utilization, the autoscaler - scales down the number of instances until it reaches the minimum - number of instances you specified or until the average CPU of - your instances reaches the target utilization. - - If the average CPU is above the target utilization, the autoscaler - scales up until it reaches the maximum number of instances you - specified or until the average utilization reaches the target - utilization. - - !ruby/object:Api::Type::String - name: 'predictiveMethod' - default_value: NONE - description: | - Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: - - - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. - - - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. - - !ruby/object:Api::Type::Array - name: 'customMetricUtilizations' - description: | - Configuration parameters of autoscaling based on a custom metric. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'metric' - description: | - The identifier (type) of the Stackdriver Monitoring metric. - The metric cannot have negative values. - - The metric must have a value type of INT64 or DOUBLE. - required: true - - !ruby/object:Api::Type::Double - name: 'singleInstanceAssignment' - min_version: beta - description: | - If scaling is based on a per-group metric value that represents the - total amount of work to be done or resource usage, set this value to - an amount assigned for a single instance of the scaled group. - The autoscaler will keep the number of instances proportional to the - value of this metric, the metric itself should not change value due - to group resizing. - - For example, a good metric to use with the target is - `pubsub.googleapis.com/subscription/num_undelivered_messages` - or a custom metric exporting the total number of requests coming to - your instances. - - A bad example would be a metric exporting an average or median - latency, since this value can't include a chunk assignable to a - single instance, it could be better used with utilization_target - instead. - - !ruby/object:Api::Type::Double - name: 'utilizationTarget' - description: | - The target value of the metric that autoscaler should - maintain. This must be a positive value. A utilization - metric scales number of virtual machines handling requests - to increase or decrease proportionally to the metric. - - For example, a good metric to use as a utilizationTarget is - www.googleapis.com/compute/instance/network/received_bytes_count. - The autoscaler will work to keep this value constant for each - of the instances. - - !ruby/object:Api::Type::Enum - name: 'utilizationTargetType' - description: | - Defines how target utilization value is expressed for a - Stackdriver Monitoring metric. - values: - - :GAUGE - - :DELTA_PER_SECOND - - :DELTA_PER_MINUTE - - !ruby/object:Api::Type::String - name: 'filter' - description: | - A filter string to be used as the filter string for - a Stackdriver Monitoring TimeSeries.list API call. - This filter is used to select a specific TimeSeries for - the purpose of autoscaling and to determine whether the metric - is exporting per-instance or per-group data. - - You can only use the AND operator for joining selectors. - You can only use direct equality comparison operator (=) without - any functions for each selector. - You can specify the metric in both the filter string and in the - metric field. However, if specified in both places, the metric must - be identical. - - The monitored resource type determines what kind of values are - expected for the metric. If it is a gce_instance, the autoscaler - expects the metric to include a separate TimeSeries for each - instance in a group. In such a case, you cannot filter on resource - labels. - - If the resource type is any other value, the autoscaler expects - this metric to contain values that apply to the entire autoscaled - instance group and resource label filtering can be performed to - point autoscaler at the correct TimeSeries to scale upon. - This is called a per-group metric for the purpose of autoscaling. - - If not specified, the type defaults to gce_instance. - - You should provide a filter that is selective enough to pick just - one TimeSeries for the autoscaled group or for each of the instances - (if you are using gce_instance resource type). If multiple - TimeSeries are returned upon the query execution, the autoscaler - will sum their respective values to obtain its scaling value. - min_version: beta - - !ruby/object:Api::Type::NestedObject - name: 'loadBalancingUtilization' - description: | - Configuration parameters of autoscaling based on a load balancer. - properties: - - !ruby/object:Api::Type::Double - name: 'utilizationTarget' - description: | - Fraction of backend capacity utilization (set in HTTP(s) load - balancing configuration) that autoscaler should maintain. Must - be a positive float value. If not defined, the default is 0.8. - - !ruby/object:Api::Type::Map - name: 'scalingSchedules' - description: | - Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap. - key_name: name - key_description: | - A name for the schedule. - value_type: !ruby/object:Api::Type::NestedObject - name: scalingSchedule - properties: - - !ruby/object:Api::Type::Integer - name: 'minRequiredReplicas' - description: | - Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule. - required: true - send_empty_value: true - - !ruby/object:Api::Type::String - name: 'schedule' - description: | - The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field). - required: true - - !ruby/object:Api::Type::String - name: 'timeZone' - default_value: UTC - description: | - The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database. - - !ruby/object:Api::Type::Integer - name: 'durationSec' - description: | - The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300. - required: true - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect. - default_value: false - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of a scaling schedule. - - !ruby/object:Api::Type::String - name: 'target' - # TODO(#303): resourceref once RegionIGM exists - # resource: 'RegionInstanceGroupManager' - # imports: 'selfLink' - description: | - URL of the managed instance group that this autoscaler will scale. - required: true - - !ruby/object:Api::Resource - name: 'RegionDiskType' - kind: 'compute#diskType' - base_url: projects/{{project}}/regions/{{region}}/diskTypes - collection_url_key: 'items' - description: | - Represents a regional DiskType resource. A DiskType resource represents - the type of disk to use, such as a pd-ssd, pd-balanced or pd-standard. To reference a - disk type, use the disk type's full or partial URL. - readonly: true - has_self_link: true - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'A reference to the region where the disk type resides.' - required: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Integer - name: 'defaultDiskSizeGb' - description: 'Server-defined default disk size in GB.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'deprecated' - description: 'The deprecation status associated with this disk type.' - output: true - properties: - - !ruby/object:Api::Type::Time - name: 'deleted' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to DELETED. - output: true - - !ruby/object:Api::Type::Time - name: 'deprecated' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to DEPRECATED. - output: true - - !ruby/object:Api::Type::Time - name: 'obsolete' - description: | - An optional RFC3339 timestamp on or after which the deprecation state - of this resource will be changed to OBSOLETE. - output: true - - !ruby/object:Api::Type::String - name: 'replacement' - description: | - The URL of the suggested replacement for a deprecated resource. The - suggested replacement resource must be the same kind of resource as - the deprecated resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The deprecation state of this resource. This can be DEPRECATED, - OBSOLETE, or DELETED. Operations which create a new resource using a - DEPRECATED resource will return successfully, but with a warning - indicating the deprecated resource and recommending its replacement. - Operations which use OBSOLETE or DELETED resources will be rejected - and result in an error. - values: - - :DEPRECATED - - :OBSOLETE - - :DELETED - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the resource.' - - !ruby/object:Api::Type::String - name: 'validDiskSize' - description: | - An optional textual description of the valid disk size, such as - "10GB-10TB". - output: true - - !ruby/object:Api::Resource - name: 'RegionDisk' - kind: 'compute#disk' - input: true - base_url: projects/{{project}}/regions/{{region}}/disks - collection_url_key: 'items' - has_self_link: true - description: | - Persistent disks are durable storage devices that function similarly to - the physical disks in a desktop or a server. Compute Engine manages the - hardware behind these devices to ensure data redundancy and optimize - performance for you. Persistent disks are available as either standard - hard disk drives (HDD) or solid-state drives (SSD). - - Persistent disks are located independently from your virtual machine - instances, so you can detach or move persistent disks to keep your data - even after you delete your instances. Persistent disk performance scales - automatically with size, so you can resize your existing persistent disks - or add more persistent disks to an instance to meet your performance and - storage space requirements. - - Add a persistent disk to your instance when you need reliable and - affordable storage with consistent performance characteristics. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Adding or Resizing Regional Persistent Disks': - 'https://cloud.google.com/compute/docs/disks/regional-persistent-disk' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionDisks' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'A reference to the region where the disk resides.' - required: true - - !ruby/object:Api::Type::NestedObject - name: 'diskEncryptionKey' - description: | - Encrypts the disk using a customer-supplied encryption key. - - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - - Customer-supplied encryption keys do not protect access to metadata of - the disk. - - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - input: true - - !ruby/object:Api::Type::ResourceRef - name: 'sourceSnapshot' - resource: 'Snapshot' - imports: 'selfLink' - description: | - The source snapshot used to create this disk. You can provide this as - a partial or full URL to the resource. For example, the following are - valid values: - - * `https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot` - * `projects/project/global/snapshots/snapshot` - * `global/snapshots/snapshot` - - !ruby/object:Api::Type::NestedObject - name: 'sourceSnapshotEncryptionKey' - description: | - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - min_version: beta - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - output: true - input: true - - !ruby/object:Api::Type::String - name: 'sourceSnapshotId' - description: | - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - output: true - properties: - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/setLabels' - update_verb: :POST - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Time - name: 'lastAttachTimestamp' - description: 'Last attach timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Time - name: 'lastDetachTimestamp' - description: 'Last detach timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this disk. A list of key->value pairs. - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/setLabels' - - !ruby/object:Api::Type::Array - name: 'licenses' - description: 'Any applicable publicly visible licenses.' - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Integer - name: 'sizeGb' - description: | - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the sourceImage or - sourceSnapshot parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with sourceImage or sourceSnapshot, - the value of sizeGb must not be less than the size of the sourceImage - or the size of the snapshot. - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/disks/{{name}}/resize' - - !ruby/object:Api::Type::Array - name: 'users' - description: | - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance - item_type: !ruby/object:Api::Type::ResourceRef - name: 'user' - resource: 'Instance' - imports: 'selfLink' - description: 'A reference to a user of this disk' - output: true - - !ruby/object:Api::Type::Integer - name: 'physicalBlockSizeBytes' - description: | - Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - - !ruby/object:Api::Type::Array - name: 'replicaZones' - description: 'URLs of the zones where the disk should be replicated to.' - min_size: 2 - max_size: 2 - required: true - item_type: !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'selfLink' - description: | - A reference to a zone where the disk should be replicated to. - - !ruby/object:Api::Type::ResourceRef - name: 'type' - resource: 'RegionDiskType' - imports: 'selfLink' - description: | - URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - - !ruby/object:Api::Type::String - name: 'interface' - min_version: 'beta' - # interface is removed using url_param_only to preserve schema definition - # and prevent sending or reading in API requests - url_param_only: true - default_value: 'SCSI' - deprecation_message: This field is no longer in use, disk interfaces will be automatically determined on attachment. To resolve this issue, remove this field from your config. - description: | - Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. - - !ruby/object:Api::Type::String - name: 'sourceDisk' - description: | - The source disk used to create this disk. You can provide this as a partial or full URL to the resource. - For example, the following are valid values: - - * https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk} - * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk} - * projects/{project}/zones/{zone}/disks/{disk} - * projects/{project}/regions/{region}/disks/{disk} - * zones/{zone}/disks/{disk} - * regions/{region}/disks/{disk} - - !ruby/object:Api::Type::String - name: 'sourceDiskId' - description: | - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - output: true - - !ruby/object:Api::Resource - name: 'RegionUrlMap' - kind: 'compute#urlMap' - base_url: projects/{{project}}/regions/{{region}}/urlMaps - collection_url_key: 'items' - has_self_link: true - description: | - UrlMaps are used to route requests to a backend service based on rules - that you define for the host and path of an incoming URL. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'A reference to the region where the url map resides.' - required: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'defaultService' - exactly_one_of: - - default_service - - default_url_redirect - - default_route_action.0.weighted_backend_services - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The full or partial URL of the defaultService resource to which traffic is directed if - none of the hostRules match. If defaultRouteAction is additionally specified, advanced - routing actions like URL Rewrites, etc. take effect prior to sending the request to the - backend. However, if defaultService is specified, defaultRouteAction cannot contain any - weightedBackendServices. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - # 'fingerprint' used internally for object consistency. - - !ruby/object:Api::Type::Array - name: 'hostRules' - description: 'The list of HostRules to use against the URL.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this HostRule. Provide this property - when you create the resource. - - !ruby/object:Api::Type::Array - name: 'hosts' - required: true - item_type: Api::Type::String - description: | - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - - !ruby/object:Api::Type::String - name: 'pathMatcher' - required: true - description: | - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - description: | - Fingerprint of this resource. This field is used internally during - updates of this resource. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::Array - name: 'pathMatchers' - description: 'The list of named PathMatchers to use against the URL.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'defaultService' - # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. - # (github.com/hashicorp/terraform-plugin-sdk/issues/470) - # TODO: add defaultRouteAction.weightedBackendService here once they are supported. - # exactly_one_of: - # - path_matchers.0.default_service - # - path_matchers.0.default_url_redirect - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - A reference to a RegionBackendService resource. This will be used if - none of the pathRules defined by this PathMatcher is matched by - the URL's path portion. - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name to which this PathMatcher is referred by the HostRule. - - !ruby/object:Api::Type::Array - name: 'routeRules' - description: | - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'priority' - required: true - description: | - For routeRules within a given pathMatcher, priority determines the order - in which load balancer will interpret routeRules. RouteRules are evaluated - in order of priority, from the lowest to highest number. The priority of - a rule decreases as its number increases (1, 2, 3, N+1). The first rule - that matches the request is applied. - - You cannot configure two or more routeRules with the same priority. - Priority for each rule must be set to a number between 0 and - 2147483647 inclusive. - - Priority numbers can have gaps, which enable you to add or remove rules - in the future without affecting the rest of the rules. For example, - 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which - you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the - future without any impact on existing rules. - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The region backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Array - name: 'matchRules' - description: | - The rules for determining a match. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'fullPathMatch' - description: | - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - - !ruby/object:Api::Type::Array - name: 'headerMatches' - description: | - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'exactMatch' - description: | - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - - !ruby/object:Api::Type::Boolean - name: 'invertMatch' - default_value: false - description: | - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - - !ruby/object:Api::Type::String - name: 'prefixMatch' - description: | - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - - !ruby/object:Api::Type::Boolean - name: 'presentMatch' - description: | - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - - !ruby/object:Api::Type::NestedObject - name: 'rangeMatch' - description: | - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - - !ruby/object:Api::Type::Integer - name: 'rangeEnd' - required: true - description: | - The end of the range (exclusive). - - !ruby/object:Api::Type::Integer - name: 'rangeStart' - required: true - description: | - The start of the range (inclusive). - - !ruby/object:Api::Type::String - name: 'regexMatch' - description: | - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - - !ruby/object:Api::Type::String - name: 'suffixMatch' - description: | - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - - !ruby/object:Api::Type::Boolean - name: 'ignoreCase' - default_value: false - description: | - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - - !ruby/object:Api::Type::Array - name: 'metadataFilters' - description: | - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'filterLabels' - min_size: 1 - max_size: 64 - required: true - description: | - The list of label value pairs that must match labels in the provided metadata - based on filterMatchCriteria This list must not be empty and can have at the - most 64 entries. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of metadata label. The name can have a maximum length of 1024 characters - and must be at least 1 character long. - - !ruby/object:Api::Type::String - name: 'value' - required: true - description: | - The value of the label must match the specified value. value can have a maximum - length of 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'filterMatchCriteria' - required: true - description: | - Specifies how individual filterLabel matches within the list of filterLabels - contribute towards the overall metadataFilter match. Supported values are: - - * MATCH_ANY: At least one of the filterLabels must have a matching label in the - provided metadata. - * MATCH_ALL: All filterLabels must have matching labels in - the provided metadata. - values: - - :MATCH_ALL - - :MATCH_ANY - - !ruby/object:Api::Type::String - name: 'prefixMatch' - description: | - For satisfying the matchRule condition, the request's path must begin with the - specified prefixMatch. prefixMatch must begin with a /. The value must be - between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or - regexMatch must be specified. - - !ruby/object:Api::Type::Array - name: 'queryParameterMatches' - description: | - Specifies a list of query parameter match criteria, all of which must match - corresponding query parameters in the request. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'exactMatch' - description: | - The queryParameterMatch matches if the value of the parameter exactly matches - the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch - must be set. - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name of the query parameter to match. The query parameter must exist in the - request, in the absence of which the request match fails. - - !ruby/object:Api::Type::Boolean - name: 'presentMatch' - description: | - Specifies that the queryParameterMatch matches if the request contains the query - parameter, irrespective of whether the parameter has a value or not. Only one of - presentMatch, exactMatch and regexMatch must be set. - - !ruby/object:Api::Type::String - name: 'regexMatch' - description: | - The queryParameterMatch matches if the value of the parameter matches the - regular expression specified by regexMatch. For the regular expression grammar, - please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, - exactMatch and regexMatch must be set. - - !ruby/object:Api::Type::String - name: 'regexMatch' - description: | - For satisfying the matchRule condition, the path of the request must satisfy the - regular expression specified in regexMatch after removing any query parameters - and anchor supplied with the original URL. For regular expression grammar please - see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, - fullPathMatch or regexMatch must be specified. - - !ruby/object:Api::Type::NestedObject - name: 'routeAction' - description: | - In response to a matching matchRule, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - default_value: false - description: | - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Headers header. - - !ruby/object:Api::Type::Array - name: 'allowMethods' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Methods header. - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - item_type: Api::Type::String - description: | - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - item_type: Api::Type::String - description: | - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Boolean - name: 'disabled' - default_value: false - description: | - If true, specifies the CORS policy is disabled. - which indicates that the CORS policy is in effect. Defaults to false. - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Expose-Headers header. - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault - injection. - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - description: | - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - description: | - Specifies the value of the fixed delay interval. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The RegionBackendService resource being mirrored to. - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - Specifies the retry policy associated with this route. - properties: - - !ruby/object:Api::Type::Integer - name: 'numRetries' - required: true - description: | - Specifies the allowed number retries. This number must be > 0. - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Array - name: 'retryConditions' - item_type: Api::Type::String - description: | - Specifies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - * gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in - the response header is set to unavailable - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - description: | - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The default RegionBackendService resource. Before - forwarding the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Integer - name: 'weight' - required: true - description: | - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - - !ruby/object:Api::Type::NestedObject - name: 'urlRedirect' - description: | - When this rule is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - default_value: false - description: | - If set to true, any accompanying query portion of the original URL is - removed prior to redirecting the request. If set to false, the query - portion of the original URL is retained. The default value is false. - - !ruby/object:Api::Type::Array - name: 'pathRules' - description: | - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The region backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - - !ruby/object:Api::Type::Array - name: 'paths' - required: true - item_type: Api::Type::String - description: | - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - - !ruby/object:Api::Type::NestedObject - name: 'routeAction' - description: | - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - default_value: false - description: | - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Headers header. - - !ruby/object:Api::Type::Array - name: 'allowMethods' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Methods header. - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - item_type: Api::Type::String - description: | - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - item_type: Api::Type::String - description: | - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Boolean - name: 'disabled' - required: true - description: | - If true, specifies the CORS policy is disabled. - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Expose-Headers header. - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault - injection. - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - required: true - description: | - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - required: true - description: | - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - required: true - description: | - Specifies the value of the fixed delay interval. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - required: true - description: | - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The RegionBackendService resource being mirrored to. - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - Specifies the retry policy associated with this route. - properties: - - !ruby/object:Api::Type::Integer - name: 'numRetries' - description: | - Specifies the allowed number retries. This number must be > 0. - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Array - name: 'retryConditions' - item_type: Api::Type::String - description: | - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - description: | - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The default RegionBackendService resource. Before - forwarding the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Integer - name: 'weight' - required: true - description: | - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - - !ruby/object:Api::Type::NestedObject - name: 'urlRedirect' - description: | - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - description: | - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - - !ruby/object:Api::Type::NestedObject - name: 'defaultUrlRedirect' - # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. - # (github.com/hashicorp/terraform-plugin-sdk/issues/470) - # TODO: add defaultRouteAction.weightedBackendService here once they are supported. - # exactly_one_of: - # - path_matchers.0.default_service - # - path_matchers.0.default_url_redirect - description: | - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - description: | - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - - !ruby/object:Api::Type::Array - name: 'tests' - description: | - The list of expected URL mappings. Requests to update this UrlMap will - succeed only if all of the test cases pass. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: 'Description of this test case.' - - !ruby/object:Api::Type::String - name: 'host' - required: true - description: 'Host portion of the URL.' - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: 'Path portion of the URL.' - - !ruby/object:Api::Type::ResourceRef - name: 'service' - required: true - resource: 'RegionBackendService' - imports: 'selfLink' - description: - A reference to expected RegionBackendService resource the given URL - should be mapped to. - - !ruby/object:Api::Type::NestedObject - name: 'defaultUrlRedirect' - exactly_one_of: - - default_service - - default_url_redirect - - default_route_action.0.weighted_backend_services - conflicts: - - default_route_action - description: | - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - description: | - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - - !ruby/object:Api::Type::NestedObject - name: 'defaultRouteAction' - conflicts: - - default_url_redirect - description: | - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - description : | - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - exactly_one_of: - - default_service - - default_url_redirect - - default_route_action.0.weighted_backend_services - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::Integer - name: 'weight' - description: | - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request before forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request before forwarding the request to the backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: 'The name of the header.' - - !ruby/object:Api::Type::String - name: 'headerValue' - description: 'The value of the header to add.' - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - default_value: false - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response before sending the response back to the client. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response before sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: 'The name of the header.' - - !ruby/object:Api::Type::String - name: 'headerValue' - description: 'The value of the header to add.' - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - default_value: false - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description : | - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - at_least_one_of: - - default_route_action.0.url_rewrite.0.path_prefix_rewrite - - default_route_action.0.url_rewrite.0.host_rewrite - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - at_least_one_of: - - default_route_action.0.url_rewrite.0.path_prefix_rewrite - - default_route_action.0.url_rewrite.0.host_rewrite - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - at_least_one_of: - - default_route_action.0.timeout.0.seconds - - default_route_action.0.timeout.0.nanos - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - at_least_one_of: - - default_route_action.0.timeout.0.seconds - - default_route_action.0.timeout.0.nanos - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description : | - Specifies the retry policy associated with this route. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::Array - name: 'retryConditions' - item_type: Api::Type::String - description: | - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - at_least_one_of: - - default_route_action.0.retry_policy.0.retry_conditions - - default_route_action.0.retry_policy.0.num_retries - - default_route_action.0.retry_policy.0.per_try_timeout - - !ruby/object:Api::Type::Integer - name: 'numRetries' - description: | - Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. - default_value: 1 - at_least_one_of: - - default_route_action.0.retry_policy.0.retry_conditions - - default_route_action.0.retry_policy.0.num_retries - - default_route_action.0.retry_policy.0.per_try_timeout - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - at_least_one_of: - - default_route_action.0.retry_policy.0.retry_conditions - - default_route_action.0.retry_policy.0.num_retries - - default_route_action.0.retry_policy.0.per_try_timeout - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - at_least_one_of: - - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds - - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - at_least_one_of: - - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds - - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - The full or partial URL to the RegionBackendService resource being mirrored to. - The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored backend service. - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - description: | - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - description: | - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowMethods' - description: | - Specifies the content for the Access-Control-Allow-Methods header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - description: | - Specifies the content for the Access-Control-Allow-Headers header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - description: | - Specifies the content for the Access-Control-Expose-Headers header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - description: | - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - default_value: false - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect. - default_value: false - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay - - default_route_action.0.fault_injection_policy.0.abort - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - description: | - Specifies the value of the fixed delay interval. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay - - default_route_action.0.fault_injection_policy.0.delay.0.percentage - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay - - default_route_action.0.fault_injection_policy.0.delay.0.percentage - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault injection. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay - - default_route_action.0.fault_injection_policy.0.abort - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - description: | - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.abort.0.http_status - - default_route_action.0.fault_injection_policy.0.abort.0.percentage - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.abort.0.http_status - - default_route_action.0.fault_injection_policy.0.abort.0.percentage - - !ruby/object:Api::Resource - name: 'RegionHealthCheck' - kind: 'compute#healthCheck' - base_url: projects/{{project}}/regions/{{region}}/healthChecks - collection_url_key: 'items' - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/health-checks' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionHealthChecks' - description: | - Health Checks determine whether instances are responsive and able to do work. - They are an important part of a comprehensive load balancing configuration, - as they enable monitoring instances behind load balancers. - - Health Checks poll instances at a specified interval. Instances that - do not respond successfully to some number of probes in a row are marked - as unhealthy. No new connections are sent to unhealthy instances, - though existing connections will continue. The health check will - continue to poll unhealthy instances. If an instance later responds - successfully to some number of consecutive probes, it is marked - healthy again and can receive new connections. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - input: true - description: | - The region where the regional health check resides. - properties: - - !ruby/object:Api::Type::Integer - name: 'checkIntervalSec' - description: | - How often (in seconds) to send a health check. The default value is 5 - seconds. - default_value: 5 - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. - send_empty_value: true - - !ruby/object:Api::Type::Integer - name: 'healthyThreshold' - description: | - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - default_value: 2 - - !ruby/object:Api::Type::Integer - name: 'id' - description: | - The unique identifier for the resource. This identifier is defined by - the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - - !ruby/object:Api::Type::Integer - name: 'unhealthyThreshold' - description: | - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - default_value: 2 - - !ruby/object:Api::Type::Integer - name: 'timeoutSec' - description: | - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - default_value: 5 - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - Specifies the type of the healthCheck, either TCP, SSL, HTTP or - HTTPS. If not specified, the default is TCP. Exactly one of the - protocol-specific health check field must be specified, which must - match type field. - values: - - :TCP - - :SSL - - :HTTP - - :HTTPS - - :HTTP2 - - !ruby/object:Api::Type::NestedObject - name: 'httpHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'host' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - - !ruby/object:Api::Type::String - name: 'requestPath' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The request path of the HTTP health check request. - The default value is /. - default_value: "/" - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - The TCP port number for the HTTP health check request. - The default value is 80. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - http_health_check.0.host - - http_health_check.0.request_path - - http_health_check.0.response - - http_health_check.0.port - - http_health_check.0.port_name - - http_health_check.0.proxy_header - - http_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'httpsHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'host' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - - !ruby/object:Api::Type::String - name: 'requestPath' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The request path of the HTTPS health check request. - The default value is /. - default_value: "/" - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - The TCP port number for the HTTPS health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - https_health_check.0.host - - https_health_check.0.request_path - - https_health_check.0.response - - https_health_check.0.port - - https_health_check.0.port_name - - https_health_check.0.proxy_header - - https_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'tcpHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'request' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - The TCP port number for the TCP health check request. - The default value is 80. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - tcp_health_check.0.request - - tcp_health_check.0.response - - tcp_health_check.0.port - - tcp_health_check.0.port_name - - tcp_health_check.0.proxy_header - - tcp_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'sslHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'request' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - The TCP port number for the SSL health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - ssl_health_check.0.request - - ssl_health_check.0.response - - ssl_health_check.0.port - - ssl_health_check.0.port_name - - ssl_health_check.0.proxy_header - - ssl_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'http2HealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::String - name: 'host' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - - !ruby/object:Api::Type::String - name: 'requestPath' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The request path of the HTTP2 health check request. - The default value is /. - default_value: "/" - - !ruby/object:Api::Type::String - name: 'response' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - The TCP port number for the HTTP2 health check request. - The default value is 443. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - Specifies the type of proxy header to append before sending data to the - backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - http2_health_check.0.host - - http2_health_check.0.request_path - - http2_health_check.0.response - - http2_health_check.0.port - - http2_health_check.0.port_name - - http2_health_check.0.proxy_header - - http2_health_check.0.port_specification - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::NestedObject - name: 'grpcHealthCheck' - exactly_one_of: - - http_health_check - - https_health_check - - http2_health_check - - tcp_health_check - - ssl_health_check - - grpc_health_check - properties: - - !ruby/object:Api::Type::Integer - name: 'port' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - - !ruby/object:Api::Type::String - name: 'portName' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - - !ruby/object:Api::Type::Enum - name: 'portSpecification' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - Specifies how port is selected for health checking, can be one of the - following values: - - * `USE_FIXED_PORT`: The port number in `port` is used for health checking. - - * `USE_NAMED_PORT`: The `portName` is used for health checking. - - * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in `port` and - `portName` fields. - values: - - :USE_FIXED_PORT - - :USE_NAMED_PORT - - :USE_SERVING_PORT - - !ruby/object:Api::Type::String - name: 'grpcServiceName' - at_least_one_of: - - grpc_health_check.0.port - - grpc_health_check.0.port_name - - grpc_health_check.0.port_specification - - grpc_health_check.0.grpc_service_name - description: | - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - * Empty serviceName means the overall status of all services at the backend. - * Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - - The grpcServiceName can only be ASCII. - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - description: | - Configure logging on this health check. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - description: | - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - default_value: false - - !ruby/object:Api::Resource - name: 'ResourcePolicy' - kind: 'compute#resourcePolicy' - base_url: projects/{{project}}/regions/{{region}}/resourcePolicies - input: true - has_self_link: true - collection_url_key: 'items' - description: | - A policy that can be attached to a resource to specify or schedule actions on that resource. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: region - resource: Region - imports: name - description: Region where resource policy resides. - input: true - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name of the resource, provided by the client when initially creating - the resource. The resource name must be 1-63 characters long, and comply - with RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])`? which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when you create the resource. - - !ruby/object:Api::Type::NestedObject - name: 'snapshotSchedulePolicy' - conflicts: - - 'group_placement_policy' - - 'instance_schedule_policy' - description: | - Policy for creating snapshots of persistent disks. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'schedule' - description: | - Contains one of an `hourlySchedule`, `dailySchedule`, or `weeklySchedule`. - required: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'hourlySchedule' - description: | - The policy will execute every nth hour starting at the specified time. - exactly_one_of: - - snapshot_schedule_policy.0.schedule.0.hourly_schedule - - snapshot_schedule_policy.0.schedule.0.daily_schedule - - snapshot_schedule_policy.0.schedule.0.weekly_schedule - properties: - - !ruby/object:Api::Type::Integer - name: 'hoursInCycle' - description: | - The number of hours between snapshots. - required: true - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00 - required: true - - !ruby/object:Api::Type::NestedObject - name: 'dailySchedule' - description: | - The policy will execute every nth day at the specified time. - exactly_one_of: - - snapshot_schedule_policy.0.schedule.0.hourly_schedule - - snapshot_schedule_policy.0.schedule.0.daily_schedule - - snapshot_schedule_policy.0.schedule.0.weekly_schedule - properties: - - !ruby/object:Api::Type::Integer - name: 'daysInCycle' - description: | - The number of days between snapshots. - required: true - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'weeklySchedule' - description: | - Allows specifying a snapshot time for each day of the week. - exactly_one_of: - - snapshot_schedule_policy.0.schedule.0.hourly_schedule - - snapshot_schedule_policy.0.schedule.0.daily_schedule - - snapshot_schedule_policy.0.schedule.0.weekly_schedule - properties: - - !ruby/object:Api::Type::Array - name: 'dayOfWeeks' - description: | - May contain up to seven (one for each day of the week) snapshot times. - required: true - min_size: 1 - max_size: 7 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - required: true - - !ruby/object:Api::Type::Enum - name: 'day' - description: | - The day of the week to create the snapshot. e.g. MONDAY - required: true - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: 'retentionPolicy' - description: | - Retention policy applied to snapshots created by this resource policy. - properties: - - !ruby/object:Api::Type::Integer - name: 'maxRetentionDays' - description: | - Maximum age of the snapshot that is allowed to be kept. - required: true - - !ruby/object:Api::Type::Enum - name: 'onSourceDiskDelete' - description: | - Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. - default_value: :KEEP_AUTO_SNAPSHOTS - values: - - :KEEP_AUTO_SNAPSHOTS - - :APPLY_RETENTION_POLICY - - !ruby/object:Api::Type::NestedObject - name: 'snapshotProperties' - description: | - Properties with which the snapshots are created, such as labels. - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - at_least_one_of: - - snapshot_schedule_policy.0.snapshot_properties.0.labels - - snapshot_schedule_policy.0.snapshot_properties.0.storage_locations - - snapshot_schedule_policy.0.snapshot_properties.0.guest_flush - description: | - A set of key-value pairs. - - !ruby/object:Api::Type::Array - name: 'storageLocations' - at_least_one_of: - - snapshot_schedule_policy.0.snapshot_properties.0.labels - - snapshot_schedule_policy.0.snapshot_properties.0.storage_locations - - snapshot_schedule_policy.0.snapshot_properties.0.guest_flush - max_size: 1 - description: | - Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional) - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'guestFlush' - send_empty_value: true - at_least_one_of: - - snapshot_schedule_policy.0.snapshot_properties.0.labels - - snapshot_schedule_policy.0.snapshot_properties.0.storage_locations - - snapshot_schedule_policy.0.snapshot_properties.0.guest_flush - description: | - Whether to perform a 'guest aware' snapshot. - - !ruby/object:Api::Type::String - name: 'chainName' - description: | - Creates the new snapshot in the snapshot chain labeled with the - specified name. The chain name must be 1-63 characters long and comply - with RFC1035. - - !ruby/object:Api::Type::NestedObject - name: 'groupPlacementPolicy' - conflicts: - - 'instance_schedule_policy' - - 'snapshot_schedule_policy' - description: | - Resource policy for instances used for placement configuration. - properties: - - !ruby/object:Api::Type::Integer - name: 'vmCount' - description: | - Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - - !ruby/object:Api::Type::Integer - name: 'availabilityDomainCount' - description: | - The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network - - !ruby/object:Api::Type::Enum - name: 'collocation' - description: | - Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify `COLLOCATED` to enable collocation. Can only be specified with `vm_count`. If compute instances are created - with a COLLOCATED policy, then exactly `vm_count` instances must be created at the same time with the resource policy - attached. - values: - - :COLLOCATED - - !ruby/object:Api::Type::Integer - name: 'maxDistance' - min_version: 'beta' - description: | - Specifies the number of max logical switches. - - !ruby/object:Api::Type::NestedObject - name: 'instanceSchedulePolicy' - conflicts: - - 'snapshot_schedule_policy' - - 'group_placement_policy' - description: | - Resource policy for scheduling instance operations. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'vmStartSchedule' - at_least_one_of: - - instance_schedule_policy.0.vm_start_schedule - - instance_schedule_policy.0.vm_stop_schedule - description: | - Specifies the schedule for starting instances. - properties: - - !ruby/object:Api::Type::String - name: 'schedule' - description: | - Specifies the frequency for the operation, using the unix-cron format. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'vmStopSchedule' - at_least_one_of: - - instance_schedule_policy.0.vm_start_schedule - - instance_schedule_policy.0.vm_stop_schedule - description: | - Specifies the schedule for stopping instances. - properties: - - !ruby/object:Api::Type::String - name: 'schedule' - description: | - Specifies the frequency for the operation, using the unix-cron format. - required: true - - !ruby/object:Api::Type::String - name: 'timeZone' - description: | - Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - required: true - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - The start time of the schedule. The timestamp is an RFC3339 string. - - !ruby/object:Api::Type::String - name: 'expirationTime' - description: | - The expiration time of the schedule. The timestamp is an RFC3339 string. - - !ruby/object:Api::Resource - name: 'Route' - kind: 'compute#route' - base_url: projects/{{project}}/global/routes - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a Route resource. - - A route is a rule that specifies how certain packets should be handled by - the virtual network. Routes are associated with virtual machines by tag, - and the set of routes for a particular virtual machine is called its - routing table. For each packet leaving a virtual machine, the system - searches that virtual machine's routing table for a single best matching - route. - - Routes match packets by destination IP address, preferring smaller or more - specific ranges over larger ones. If there is a tie, the system selects - the route with the smallest priority value. If there is still a tie, it - uses the layer three and four packet headers to select just one of the - remaining matching routes. The packet is then forwarded as specified by - the next_hop field of the winning route -- either to another virtual - machine destination, a virtual machine gateway or a Compute - Engine-operated gateway. Packets that do not match any route in the - sending virtual machine's routing table will be dropped. - - A Route resource must have exactly one specification of either - nextHopGateway, nextHopInstance, nextHopIp, nextHopVpnTunnel, or - nextHopIlb. - - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Routes': 'https://cloud.google.com/vpc/docs/using-routes' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routes' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'destRange' - description: | - The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property - when you create the resource. - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the - last character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: 'The network that this route applies to.' - input: true - required: true - - !ruby/object:Api::Type::Integer - name: 'priority' - description: | - The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - input: true - - !ruby/object:Api::Type::Array - name: 'tags' - description: 'A list of instance tags to which this route applies.' - item_type: Api::Type::String - input: true - - !ruby/object:Api::Type::String - name: 'nextHopGateway' - input: true - exactly_one_of: - - next_hop_gateway - - next_hop_instance - - next_hop_ip - - next_hop_vpn_tunnel - - next_hop_ilb - description: | - URL to a gateway that should handle matching packets. - - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - - * https://www.googleapis.com/compute/v1/projects/project/ - global/gateways/default-internet-gateway - * projects/project/global/gateways/default-internet-gateway - * global/gateways/default-internet-gateway - - !ruby/object:Api::Type::ResourceRef - name: 'nextHopInstance' - resource: 'Instance' - imports: 'selfLink' - input: true - exactly_one_of: - - next_hop_gateway - - next_hop_instance - - next_hop_ip - - next_hop_vpn_tunnel - - next_hop_ilb - description: | - URL to an instance that should handle matching packets. - You can specify this as a full or partial URL. For example: - - * https://www.googleapis.com/compute/v1/projects/project/zones/zone/ - instances/instance - * projects/project/zones/zone/instances/instance - * zones/zone/instances/instance - - !ruby/object:Api::Type::String - name: 'nextHopIp' - description: | - Network IP address of an instance that should handle matching packets. - input: true - exactly_one_of: - - next_hop_gateway - - next_hop_instance - - next_hop_ip - - next_hop_vpn_tunnel - - next_hop_ilb - - !ruby/object:Api::Type::ResourceRef - name: 'nextHopVpnTunnel' - resource: 'VpnTunnel' - imports: 'selfLink' - input: true - exactly_one_of: - - next_hop_gateway - - next_hop_instance - - next_hop_ip - - next_hop_vpn_tunnel - - next_hop_ilb - description: | - URL to a VpnTunnel that should handle matching packets. - - !ruby/object:Api::Type::String - name: 'nextHopNetwork' - output: true - description: | - URL to a Network that should handle matching packets. - - !ruby/object:Api::Type::String - name: 'nextHopIlb' - description: | - The IP address or URL to a forwarding rule of type - loadBalancingScheme=INTERNAL that should handle matching - packets. - - With the GA provider you can only specify the forwarding - rule as a partial or full URL. For example, the following - are all valid values: - * 10.128.0.56 - * https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule - * regions/region/forwardingRules/forwardingRule - - When the beta provider, you can also specify the IP address - of a forwarding rule from the same VPC or any peered VPC. - - Note that this can only be used when the destinationRange is - a public (non-RFC 1918) IP CIDR range. - input: true - exactly_one_of: - - next_hop_gateway - - next_hop_instance - - next_hop_ip - - next_hop_vpn_tunnel - - next_hop_ilb - - !ruby/object:Api::Resource - name: 'Router' - kind: 'compute#router' - base_url: projects/{{project}}/regions/{{region}}/routers - collection_url_key: 'items' - # Since Terraform has separate resources for router, router interface, and - # router peer, calling PUT on the router will delete the interface and peer. - # Use patch instead. - update_verb: :PATCH - has_self_link: true - description: | - Represents a Router resource. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Google Cloud Router': 'https://cloud.google.com/router/docs/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: region - resource: Region - imports: name - description: Region where the router resides. - input: true - required: true - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: name - description: | - Name of the resource. The name must be 1-63 characters long, and - comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` - which means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::String - name: description - description: | - An optional description of this resource. - send_empty_value: true - - !ruby/object:Api::Type::ResourceRef - name: network - resource: Network - imports: 'selfLink' - description: | - A reference to the network to which this router belongs. - required: true - input: true - # TODO: Figure out the story for interfaces/bgpPeers. Right - # now in Terraform we have three separate resources: router, - # router_interface, and router_peer. Decide whether we want to keep that - # pattern for the other providers, keep it unique for Terraform, or add - # these fields to the Terraform resource (and then within that, decide - # whether to deprecate router_interface and router_peer or leave them - # alone). - - !ruby/object:Api::Type::NestedObject - name: bgp - description: | - BGP information specific to this router. - send_empty_value: true - properties: - - !ruby/object:Api::Type::Integer - name: asn - description: | - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. - required: true - - !ruby/object:Api::Type::Enum - name: advertiseMode - description: | - User-specified flag to indicate which mode to use for advertisement. - values: - - :DEFAULT - - :CUSTOM - default_value: :DEFAULT - - !ruby/object:Api::Type::Array - name: advertisedGroups - description: | - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS - item_type: Api::Type::String # TODO(#324): enum? - send_empty_value: true - - !ruby/object:Api::Type::Array - name: advertisedIpRanges - description: | - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - send_empty_value: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: range - required: true - description: | - The IP range to advertise. The value must be a - CIDR-formatted string. - send_empty_value: true - - !ruby/object:Api::Type::String - name: description - description: | - User-specified description for the IP range. - send_empty_value: true - - !ruby/object:Api::Type::Integer - name: keepaliveInterval - description: | - The interval in seconds between BGP keepalive messages that are sent to the peer. - Hold time is three times the interval at which keepalive messages are sent, and the hold time is the - maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. - BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for - the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20. - default_value: 20 - - !ruby/object:Api::Type::Boolean - name: encryptedInterconnectRouter - input: true - description: | - Field to indicate if a router is dedicated to use with encrypted - Interconnect Attachment (IPsec-encrypted Cloud Interconnect feature). - - Not currently available publicly. - - !ruby/object:Api::Resource - name: 'RouterNat' - base_url: projects/{{project}}/regions/{{region}}/routers/{{router}} - self_link: projects/{{project}}/regions/{{region}}/routers/{{router}} - create_url: projects/{{project}}/regions/{{region}}/routers/{{router}} - update_url: projects/{{project}}/regions/{{region}}/routers/{{router}} - delete_url: projects/{{project}}/regions/{{region}}/routers/{{router}} - create_verb: :PATCH - update_verb: :PATCH - delete_verb: :PATCH - identity: - - name - collection_url_key: nats - nested_query: !ruby/object:Api::Resource::NestedQuery - modify_by_patch: true - keys: - - nats - description: | - A NAT service created in a router. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Google Cloud Router': 'https://cloud.google.com/router/docs/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'router' - resource: 'Router' - imports: 'name' - description: | - The name of the Cloud Router in which this NAT will be configured. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::ResourceRef - name: region - resource: Region - imports: name - description: Region where the router and NAT reside. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the NAT service. The name must be 1-63 characters long and - comply with RFC1035. - required: true - input: true - - !ruby/object:Api::Type::Enum - name: 'natIpAllocateOption' - required: true - description: | - How external IPs should be allocated for this NAT. Valid values are - `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud - Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. - values: - - :MANUAL_ONLY - - :AUTO_ONLY - - !ruby/object:Api::Type::Array - name: 'natIps' - description: | - Self-links of NAT IPs. Only valid if natIpAllocateOption - is set to MANUAL_ONLY. - send_empty_value: true - item_type: !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: 'A reference to an address associated with this NAT' - - !ruby/object:Api::Type::Array - name: 'drainNatIps' - description: | - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. - send_empty_value: true - item_type: !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: 'A reference to an address associated with this NAT' - - !ruby/object:Api::Type::Enum - name: 'sourceSubnetworkIpRangesToNat' - required: true - description: | - How NAT should be configured per Subnetwork. - If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the - IP ranges in every Subnetwork are allowed to Nat. - If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP - ranges in every Subnetwork are allowed to Nat. - `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. - values: - - :ALL_SUBNETWORKS_ALL_IP_RANGES - - :ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES - - :LIST_OF_SUBNETWORKS - - !ruby/object:Api::Type::Array - name: subnetwork - api_name: 'subnetworks' - send_empty_value: true - description: | - One or more subnetwork NAT configurations. Only used if - `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS` - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'name' - resource: 'Subnetwork' - imports: 'selfLink' - description: 'Self-link of subnetwork to NAT' - required: true - - !ruby/object:Api::Type::Array - name: 'sourceIpRangesToNat' - description: | - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - `ALL_IP_RANGES`, `LIST_OF_SECONDARY_IP_RANGES`, - `PRIMARY_IP_RANGE`. - required: true - min_size: 1 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'secondaryIpRangeNames' - description: | - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - `LIST_OF_SECONDARY_IP_RANGES` is one of the values in - sourceIpRangesToNat - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: minPortsPerVm - description: | - Minimum number of ports allocated to a VM from this NAT. - - !ruby/object:Api::Type::Integer - name: maxPortsPerVm - description: | - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - - !ruby/object:Api::Type::Boolean - name: enableDynamicPortAllocation - description: | - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - - !ruby/object:Api::Type::Integer - name: udpIdleTimeoutSec - description: | - Timeout (in seconds) for UDP connections. Defaults to 30s if not set. - default_value: 30 - - !ruby/object:Api::Type::Integer - name: icmpIdleTimeoutSec - description: | - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. - default_value: 30 - - !ruby/object:Api::Type::Integer - name: tcpEstablishedIdleTimeoutSec - description: | - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - default_value: 1200 - - !ruby/object:Api::Type::Integer - name: tcpTransitoryIdleTimeoutSec - description: | - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - default_value: 30 - - !ruby/object:Api::Type::Integer - name: tcpTimeWaitTimeoutSec - description: | - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - default_value: 120 - - !ruby/object:Api::Type::NestedObject - name: logConfig - description: | - Configuration for logging on NAT - send_empty_value: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - description: | - Indicates whether or not to export logs. - required: true - - !ruby/object:Api::Type::Enum - name: 'filter' - description: | - Specifies the desired filtering of logs on this NAT. - required: true - values: - - :ERRORS_ONLY - - :TRANSLATIONS_ONLY - - :ALL - - !ruby/object:Api::Type::Array - name: rules - description: 'A list of rules associated with this NAT.' - send_empty_value: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'ruleNumber' - description: | - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - required: true - send_empty_value: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this rule.' - - !ruby/object:Api::Type::String - name: 'match' - description: | - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'" - required: true - - !ruby/object:Api::Type::NestedObject - name: 'action' - description: 'The action to be enforced for traffic that matches this rule.' - properties: - - !ruby/object:Api::Type::Array - name: 'sourceNatActiveIps' - description: | - A list of URLs of the IP resources used for this NAT rule. - These IP addresses must be valid static external IP addresses assigned to the project. - This field is used for public NAT. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: 'A reference to an address associated with this NAT' - - !ruby/object:Api::Type::Array - name: 'sourceNatDrainIps' - description: | - A list of URLs of the IP resources to be drained. - These IPs must be valid static external IPs that have been assigned to the NAT. - These IPs should be used for updating/patching a NAT rule only. - This field is used for public NAT. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'address' - resource: 'Address' - imports: 'selfLink' - description: 'A reference to an address associated with this NAT' - - !ruby/object:Api::Type::Boolean - name: enableEndpointIndependentMapping - description: | - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - default_value: true - send_empty_value: true - - !ruby/object:Api::Resource - name: 'RouterBgpPeer' - base_url: projects/{{project}}/regions/{{region}}/routers/{{router}} - self_link: projects/{{project}}/regions/{{region}}/routers/{{router}} - create_verb: :PATCH - update_verb: :PATCH - delete_verb: :PATCH - identity: - - name - nested_query: !ruby/object:Api::Resource::NestedQuery - modify_by_patch: true - keys: - - bgpPeers - description: | - BGP information that must be configured into the routing stack to - establish BGP peering. This information must specify the peer ASN - and either the interface name, IP address, or peer IP address. - Please refer to RFC4273. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Google Cloud Router': 'https://cloud.google.com/router/docs/' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/routers' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{regions}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'router' - resource: 'Router' - imports: 'name' - description: | - The name of the Cloud Router in which this BgpPeer will be configured. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::ResourceRef - name: region - resource: Region - imports: name - description: Region where the router and BgpPeer reside. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of this BGP peer. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which - means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'interfaceName' - description: | - Name of the interface the BGP peer is associated with. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: | - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - - !ruby/object:Api::Type::String - name: 'peerIpAddress' - description: | - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - required: true - - !ruby/object:Api::Type::Integer - name: 'peerAsn' - description: | - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - required: true - - !ruby/object:Api::Type::Integer - name: 'advertisedRoutePriority' - description: | - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - send_empty_value: true - - !ruby/object:Api::Type::Enum - name: advertiseMode - description: | - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: `DEFAULT`, `CUSTOM` - values: - - :DEFAULT - - :CUSTOM - default_value: :DEFAULT - - !ruby/object:Api::Type::Array - name: advertisedGroups - description: | - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * `ALL_SUBNETS`: Advertises all available subnets, including peer VPC subnets. - * `ALL_VPC_SUBNETS`: Advertises the router's own VPC subnets. - * `ALL_PEER_VPC_SUBNETS`: Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is `CUSTOM` - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - send_empty_value: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: advertisedIpRanges - description: | - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is `CUSTOM` and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - send_empty_value: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: range - required: true - description: | - The IP range to advertise. The value must be a - CIDR-formatted string. - - !ruby/object:Api::Type::String - name: description - description: | - User-specified description for the IP range. - send_empty_value: true - - !ruby/object:Api::Type::String - name: 'managementType' - description: | - The resource that configures and manages this BGP peer. - - * `MANAGED_BY_USER` is the default value and can be managed by - you or other users - * `MANAGED_BY_ATTACHMENT` is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - output: true - - !ruby/object:Api::Type::NestedObject - name: bfd - description: | - BFD configuration for the BGP peering. - properties: - - !ruby/object:Api::Type::Enum - name: sessionInitializationMode - description: | - The BFD session initialization mode for this BGP peer. - If set to `ACTIVE`, the Cloud Router will initiate the BFD session - for this BGP peer. If set to `PASSIVE`, the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to `DISABLED`, BFD is disabled for this BGP peer. - values: - - :ACTIVE - - :DISABLED - - :PASSIVE - required: true - - !ruby/object:Api::Type::Integer - name: minTransmitInterval - description: | - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - default_value: 1000 - - !ruby/object:Api::Type::Integer - name: minReceiveInterval - description: | - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - default_value: 1000 - - !ruby/object:Api::Type::Integer - name: multiplier - description: | - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - default_value: 5 - - !ruby/object:Api::Type::Boolean - name: 'enable' - description: | - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - default_value: true - - !ruby/object:Api::Type::ResourceRef - name: 'routerApplianceInstance' - resource: 'Instance' - imports: 'selfLink' - description: | - The URI of the VM instance that is used as third-party router appliances - such as Next Gen Firewalls, Virtual Routers, or Router Appliances. - The VM instance must be located in zones contained in the same region as - this Cloud Router. The VM instance is the peer side of the BGP session. - - !ruby/object:Api::Resource - name: 'SecurityPolicy' - kind: 'compute#securityPolicy' - base_url: projects/{{project}}/global/securityPolicies - collection_url_key: 'items' - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/armor/docs/security-policy-concepts' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/securityPolicies' - description: | - Represents a Cloud Armor Security Policy resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the security policy.' - required: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Array - name: 'rules' - description: | - A list of rules that belong to this policy. - There must always be a default rule (rule with priority 2147483647 and match "*"). - If no rules are provided when creating a security policy, a default rule with action "allow" will be added. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the rule. - - !ruby/object:Api::Type::Integer - name: 'priority' - description: | - An integer indicating the priority of a rule in the list. The priority must be a value - between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the - highest priority and 2147483647 is the lowest prority. - - !ruby/object:Api::Type::String - name: 'action' - description: | - The Action to preform when the client connection triggers the rule. Can currently be either - "allow" or "deny()" where valid values for status are 403, 404, and 502. - - !ruby/object:Api::Type::Boolean - name: 'preview' - description: | - If set to true, the specified action is not enforced. - - !ruby/object:Api::Type::NestedObject - name: 'match' - description: - A match condition that incoming traffic is evaluated against. If it evaluates to true, - the corresponding 'action' is enforced. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the rule. - - !ruby/object:Api::Type::NestedObject - name: 'expr' - description: - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, - source.region_code and contents in the request header. - properties: - - !ruby/object:Api::Type::String - name: 'expression' - description: | - Textual representation of an expression in Common Expression Language syntax. - - !ruby/object:Api::Type::String - name: 'title' - description: | - Optional. Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Optional. Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: 'location' - description: | - Optional. String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - - !ruby/object:Api::Type::String - name: 'versionedExpr' - description: | - Preconfigured versioned expression. If this field is specified, config must also be specified. - Available preconfigured expressions along with their requirements are: `SRC_IPS_V1` - must specify - the corresponding srcIpRange field in config. - - !ruby/object:Api::Type::NestedObject - name: 'config' - description: - The configuration options available when specifying versionedExpr. This field must be specified - if versionedExpr is specified and cannot be specified if versionedExpr is not specified. - properties: - - !ruby/object:Api::Type::Array - name: 'srcIpRanges' - description: | - CIDR IP address range. - item_type: Api::Type::String - - !ruby/object:Api::Resource - name: 'Snapshot' - kind: 'compute#snapshot' - input: true - base_url: projects/{{project}}/global/snapshots - create_url: projects/{{project}}/zones/{{zone}}/disks/{{sourceDisk}}/createSnapshot - collection_url_key: 'items' - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/disks/create-snapshots' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/snapshots' - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: false - parent_resource_attribute: 'name' - import_format: ["projects/{{project}}/global/snapshots/{{name}}", "{{name}}"] - description: | - Represents a Persistent Disk Snapshot resource. - - Use snapshots to back up data from your persistent disks. Snapshots are - different from public images and custom images, which are used primarily - to create instances or configure instance templates. Snapshots are useful - for periodic backup of the data on your persistent disks. You can create - snapshots from persistent disks even while they are attached to running - instances. - - Snapshots are incremental, so you can create regular snapshots on a - persistent disk faster and at a much lower cost than if you regularly - created a full image of the disk. - # 'createSnapshot' is a zonal operation while 'snapshot.delete' is a global - # operation. we'll leave the object as global operation and use the disk's - # zonal operation for the create action. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - full_url: 'selfLink' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'sourceDisk' - resource: 'Disk' - imports: 'name' - description: 'A reference to the disk used to create this snapshot.' - input: true - required: true - # ignore_read in providers - this is only used in Create - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: 'A reference to the zone where the disk is hosted.' - input: true - - !ruby/object:Api::Type::NestedObject - name: 'snapshotEncryptionKey' - description: | - Encrypts the snapshot using a customer-supplied encryption key. - - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. - - Customer-supplied encryption keys do not protect access to metadata of - the snapshot. - - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - - !ruby/object:Api::Type::String - name: 'sha256' - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - output: true - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - - !ruby/object:Api::Type::NestedObject - # ignore_read in providers - this is only used in Create - name: 'sourceDiskEncryptionKey' - description: | - The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - - !ruby/object:Api::Type::String - name: 'rawKey' - description: | - Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - # The docs list this field but it is never returned. - - !ruby/object:Api::Type::String - name: 'sha256' - exclude: true - output: true - description: | - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - - !ruby/object:Api::Type::String - # TODO(chrisst) Change to ResourceRef once KMS is in Magic Modules - name: 'kmsKeyName' - description: | - The name of the encryption key that is stored in Google Cloud KMS. - - !ruby/object:Api::Type::String - name: 'kmsKeyServiceAccount' - description: | - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - # 'status' not useful for object convergence. - - !ruby/object:Api::Type::Integer - name: 'diskSizeGb' - description: 'Size of the snapshot, specified in GB.' - output: true - - !ruby/object:Api::Type::String - name: 'chainName' - description: | - Creates the new snapshot in the snapshot chain labeled with the - specified name. The chain name must be 1-63 characters long and - comply with RFC1035. This is an uncommon option only for advanced - service owners who needs to create separate snapshot chains, for - example, for chargeback tracking. When you describe your snapshot - resource, this field is visible only if it has a non-empty value. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource; provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::String - name: 'description' - input: true - description: 'An optional description of this resource.' - # 'sourceDiskId' not useful for object convergence. - - !ruby/object:Api::Type::Integer - name: 'storageBytes' - description: | - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - output: true - # 'storageBytesStatus' not useful for object convergence. - - !ruby/object:Api::Type::Array - name: 'storageLocations' - description: | - Cloud Storage bucket storage location of the snapshot (regional or multi-regional). - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'licenses' - output: true - description: | - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'license' - resource: 'License' - imports: 'selfLink' - description: 'A reference to a license associated with this snapshot' - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels to apply to this Snapshot. - update_verb: :POST - update_url: 'projects/{{project}}/global/snapshots/{{name}}/setLabels' - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/global/snapshots/{{name}}/setLabels' - update_verb: :POST - - !ruby/object:Api::Resource - name: 'SslCertificate' - kind: 'compute#sslCertificate' - base_url: projects/{{project}}/global/sslCertificates - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates' - input: true - has_self_link: true - description: | - An SslCertificate resource, used for HTTPS load balancing. This resource - provides a mechanism to upload an SSL key and certificate to - the load balancer to serve secure connections from the user. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'certificate' - description: | - The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - required: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::String - name: 'expireTime' - output: true - description: 'Expire time of the certificate in RFC3339 text format.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::String - name: 'privateKey' - description: 'The write-only private key in PEM format.' - required: true - input: true - - !ruby/object:Api::Resource - # This is intentionally out of alphabetic order because it represents the same - # GCP resource as the preceding certificate object. - name: 'ManagedSslCertificate' - kind: 'compute#sslCertificate' - base_url: projects/{{project}}/global/sslCertificates - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslCertificates' - input: true - has_self_link: true - description: | - An SslCertificate resource, used for HTTPS load balancing. This resource - represents a certificate for which the certificate secrets are created and - managed by Google. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 30 - update_minutes: 30 - # Deletes can take 20-30 minutes to complete, since they depend - # on the provisioning process either succeeding or failing completely. - delete_minutes: 30 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::NestedObject - name: 'managed' - description: | - Properties relevant to a managed certificate. These will be used if the - certificate is managed (as indicated by a value of `MANAGED` in `type`). - properties: - - !ruby/object:Api::Type::Array - name: 'domains' - description: | - Domains for which a managed SSL certificate will be valid. Currently, - there can be up to 100 domains in this list. - max_size: 100 - item_type: Api::Type::String - required: true - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - Enum field whose value is always `MANAGED` - used to signal to the API - which type this is. - values: - - :MANAGED - default_value: :MANAGED - - !ruby/object:Api::Type::Array - name: 'subjectAlternativeNames' - description: | - Domains associated with the certificate via Subject Alternative Name. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::Time - name: 'expireTime' - description: | - Expire time of the certificate in RFC3339 text format. - output: true - - !ruby/object:Api::Resource - name: 'RegionSslCertificate' - kind: 'compute#sslCertificate' - base_url: projects/{{project}}/regions/{{region}}/sslCertificates - collection_url_key: 'items' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/load-balancing/docs/ssl-certificates' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionSslCertificates' - input: true - has_self_link: true - description: | - A RegionSslCertificate resource, used for HTTPS load balancing. This resource - provides a mechanism to upload an SSL key and certificate to - the load balancer to serve secure connections from the user. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - required: true - input: true - description: | - The region where the regional ssl certificate resides. - properties: - - !ruby/object:Api::Type::String - name: 'certificate' - description: | - The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - required: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::String - name: 'expireTime' - output: true - description: 'Expire time of the certificate in RFC3339 text format.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::String - name: 'privateKey' - description: 'The write-only private key in PEM format.' - required: true - input: true - - !ruby/object:Api::Resource - name: 'Reservation' - base_url: projects/{{project}}/zones/{{zone}}/reservations - update_verb: :PATCH - update_url: projects/{{project}}/zones/{{zone}}/reservations/{{name}} - update_mask: true - collection_url_key: 'items' - has_self_link: true - description: | - Represents a reservation resource. A reservation ensures that capacity is - held in a specific zone even if the reserved VMs are not running. - - Reservations apply only to Compute Engine, Cloud Dataproc, and Google - Kubernetes Engine VM usage.Reservations do not apply to `f1-micro` or - `g1-small` machine types, preemptible VMs, sole tenant nodes, or other - services not listed above - like Cloud SQL and Dataflow. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Reserving zonal resources': 'https://cloud.google.com/compute/docs/instances/reserving-zonal-resources' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/reservations' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: | - The zone where the reservation is made. - required: true - input: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - output: true - description: | - Creation timestamp in RFC3339 text format. - - !ruby/object:Api::Type::String - name: 'description' - input: true - description: | - An optional description of this resource. - - !ruby/object:Api::Type::Integer - name: 'id' - output: true - description: | - The unique identifier for the resource. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - - !ruby/object:Api::Type::String - name: 'commitment' - output: true - description: | - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - - !ruby/object:Api::Type::Boolean - name: 'specificReservationRequired' - input: true - # Not a hard API default, but this should help avoid a unset/true/false - # trinary. - default_value: false - description: | - When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - - !ruby/object:Api::Type::String - name: 'status' - output: true - description: | - The status of the reservation. - - !ruby/object:Api::Type::NestedObject - name: 'shareSettings' - description: | - The share setting for reservations. - properties: - - !ruby/object:Api::Type::Enum - name: 'shareType' - values: - - :LOCAL - - :SPECIFIC_PROJECTS - description: | - Type of sharing for this shared-reservation - - !ruby/object:Api::Type::Map - name: 'projectMap' - description: | - A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS. - key_name: id - key_description: | - The project id/number which is deleting or adding to the project list. - value_type: !ruby/object:Api::Type::NestedObject - name: projectConfig - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - description: | - The project id/number should be the same as the key of this project config in the project map. - - !ruby/object:Api::Type::NestedObject - name: 'specificReservation' - required: true - description: | - Reservation for instances with specific machine shapes. - update_verb: :POST - update_url: 'projects/{{project}}/zones/{{zone}}/reservations/{{name}}/resize' - properties: - - !ruby/object:Api::Type::Integer - name: 'count' - required: true - description: | - The number of resources that are allocated. - - !ruby/object:Api::Type::Integer - name: 'inUseCount' - output: true - description: | - How many instances are in use. - - !ruby/object:Api::Type::NestedObject - name: 'instanceProperties' - required: true - input: true - description: | - The instance properties for the reservation. - properties: - - !ruby/object:Api::Type::String - name: 'machineType' - required: true - input: true - description: | - The name of the machine type to reserve. - - !ruby/object:Api::Type::String - name: 'minCpuPlatform' - input: true - description: | - The minimum CPU platform for the reservation. For example, - `"Intel Skylake"`. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - - !ruby/object:Api::Type::Array - name: 'guestAccelerators' - description: | - Guest accelerator type and count. - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'acceleratorType' - required: true - input: true - description: | - The full or partial URL of the accelerator type to - attach to this instance. For example: - `projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100` - - If you are creating an instance template, specify only the accelerator name. - - !ruby/object:Api::Type::Integer - name: 'acceleratorCount' - required: true - input: true - description: | - The number of the guest accelerator cards exposed to - this instance. - - !ruby/object:Api::Type::Array - name: 'localSsds' - input: true - description: | - The amount of local ssd to reserve with each instance. This - reserves disks of type `local-ssd`. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'interface' - input: true - default_value: :SCSI - values: - - :SCSI - - :NVME - description: | - The disk interface to use for attaching this disk. - - !ruby/object:Api::Type::Integer - name: 'diskSizeGb' - required: true - input: true - description: | - The size of the disk in base-2 GB. - - !ruby/object:Api::Resource - name: 'ServiceAttachment' - kind: 'compute#ServiceAttachment' - base_url: projects/{{project}}/regions/{{region}}/serviceAttachments - has_self_link: true - update_verb: :PATCH - description: | - Represents a ServiceAttachment resource. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configuring Private Service Connect to access services': 'https://cloud.google.com/vpc/docs/configure-private-service-connect-services' - api: 'https://cloud.google.com/compute/docs/reference/beta/serviceAttachments' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - URL of the region where the resource resides. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the resource. The name must be 1-63 characters long, and - comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` - which means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - input: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - description: | - Fingerprint of this resource. This field is used internally during - updates of this resource. - - !ruby/object:Api::Type::String - name: 'connectionPreference' - required: true - description: | - The connection preference to use for this service attachment. Valid - values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL". - - !ruby/object:Api::Type::Array - name: 'connectedEndpoints' - output: true - description: | - An array of the consumer forwarding rules connected to this service - attachment. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'endpoint' - output: true - description: | - The URL of the consumer forwarding rule. - - !ruby/object:Api::Type::String - name: 'status' - output: true - description: | - The status of the connection from the consumer forwarding rule to - this service attachment. - - !ruby/object:Api::Type::ResourceRef - name: targetService - required: true - input: true - resource: 'ForwardingRule' - imports: 'selfLink' - description: | - The URL of a forwarding rule that represents the service identified by - this service attachment. - - !ruby/object:Api::Type::Array - name: 'natSubnets' - required: true - send_empty_value: true - description: | - An array of subnets that is provided for NAT in this service attachment. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'subnet' - resource: 'Subnetwork' - imports: 'selfLink' - description: | - A subnet that is provided for NAT in this service attachment. - - !ruby/object:Api::Type::Boolean - name: 'enableProxyProtocol' - required: true - input: true - description: | - If true, enable the proxy protocol which is for supplying client TCP/IP - address data in TCP connections that traverse proxies on their way to - destination servers. - - !ruby/object:Api::Type::Array - name: 'domainNames' - input: true - item_type: Api::Type::String - description: | - If specified, the domain name will be used during the integration between - the PSC connected endpoints and the Cloud DNS. For example, this is a - valid domain name: "p.mycompany.com.". Current max number of domain names - supported is 1. - - !ruby/object:Api::Type::Array - name: 'consumerRejectLists' - item_type: Api::Type::String - send_empty_value: true - description: | - An array of projects that are not allowed to connect to this service - attachment. - - !ruby/object:Api::Type::Array - name: 'consumerAcceptLists' - description: | - An array of projects that are allowed to connect to this service - attachment. - send_empty_value: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'projectIdOrNum' - required: true - description: | - A project that is allowed to connect to this service attachment. - - !ruby/object:Api::Type::Integer - name: 'connectionLimit' - required: true - description: | - The number of consumer forwarding rules the consumer project can - create. - - !ruby/object:Api::Resource - name: 'SslPolicy' - kind: 'compute#sslPolicy' - base_url: projects/{{project}}/global/sslPolicies - collection_url_key: 'items' - update_verb: :PATCH - has_self_link: true - description: | - Represents a SSL policy. SSL policies give you the ability to control the - features of SSL that your SSL proxy or HTTPS load balancer negotiates. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - # TODO: profile, minTlsVersion, enabledFeatures, customFeatures, fingerprint, warnings, kind - - !ruby/object:Api::Type::Enum - name: 'profile' - description: | - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using `CUSTOM`, - the set of SSL features to enable must be specified in the - `customFeatures` field. - values: - - :COMPATIBLE - - :MODERN - - :RESTRICTED - - :CUSTOM - - !ruby/object:Api::Type::Enum - name: 'minTlsVersion' - description: | - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. - values: - - :TLS_1_0 - - :TLS_1_1 - - :TLS_1_2 - - !ruby/object:Api::Type::Array - name: 'enabledFeatures' - description: 'The list of features enabled in the SSL policy.' - output: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'customFeatures' - description: | - A list of features enabled when the selected profile is CUSTOM. The - method returns the set of features that can be specified in this - list. This field must be empty if the profile is not CUSTOM. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'fingerprint' - description: | - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - output: true - - !ruby/object:Api::Type::Array - name: 'warnings' - description: | - If potential misconfigurations are detected for this SSL policy, this - field will be populated with warning messages. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'code' - description: 'A warning code, if applicable.' - output: true - - !ruby/object:Api::Type::String - name: 'message' - description: 'A human-readable description of the warning code.' - output: true - - !ruby/object:Api::Resource - name: 'RegionSslPolicy' - kind: 'compute#sslPolicy' - base_url: projects/{{project}}/regions/{{region}}/sslPolicies - collection_url_key: 'items' - update_verb: :PATCH - has_self_link: true - min_version: beta - description: | - Represents a Regional SSL policy. SSL policies give you the ability to control the - features of SSL that your SSL proxy or HTTPS load balancer negotiates. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies' - api: 'https://cloud.google.com/compute/docs/reference/rest/beta/regionSslPolicies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - required: true - input: true - description: | - The region where the regional SSL policy resides. - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::String - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'profile' - description: | - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using `CUSTOM`, - the set of SSL features to enable must be specified in the - `customFeatures` field. - values: - - :COMPATIBLE - - :MODERN - - :RESTRICTED - - :CUSTOM - - !ruby/object:Api::Type::Enum - name: 'minTlsVersion' - description: | - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. - values: - - :TLS_1_0 - - :TLS_1_1 - - :TLS_1_2 - - !ruby/object:Api::Type::Array - name: 'enabledFeatures' - description: 'The list of features enabled in the SSL policy.' - output: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'customFeatures' - description: | - A list of features enabled when the selected profile is CUSTOM. The - method returns the set of features that can be specified in this - list. This field must be empty if the profile is not CUSTOM. - item_type: Api::Type::String - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - description: | - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - output: true - - !ruby/object:Api::Type::Array - name: 'warnings' - description: | - If potential misconfigurations are detected for this SSL policy, this - field will be populated with warning messages. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'code' - description: 'A warning code, if applicable.' - output: true - - !ruby/object:Api::Type::String - name: 'message' - description: 'A human-readable description of the warning code.' - output: true - - !ruby/object:Api::Resource - name: 'Subnetwork' - kind: 'compute#subnetwork' - base_url: projects/{{project}}/regions/{{region}}/subnetworks - collection_url_key: 'items' - input: true - has_self_link: true - description: | - A VPC network is a virtual version of the traditional physical networks - that exist within and between physical data centers. A VPC network - provides connectivity for your Compute Engine virtual machine (VM) - instances, Container Engine containers, App Engine Flex services, and - other network-related resources. - - Each GCP project contains one or more VPC networks. Each VPC network is a - global entity spanning all GCP regions. This global VPC network allows VM - instances and other resources to communicate with each other via internal, - private IP addresses. - - Each VPC network is subdivided into subnets, and each subnet is contained - within a single region. You can have more than one subnet in a region for - a given VPC network. Each subnet has a contiguous private RFC1918 IP - space. You create instances, containers, and the like in these subnets. - When you create an instance, you must create it in a subnet, and the - instance draws its internal IP address from that subnet. - - Virtual machine (VM) instances in a VPC network can communicate with - instances in all other subnets of the same VPC network, regardless of - region, using their RFC1918 private IP addresses. You can isolate portions - of the network, even entire subnets, using firewall rules. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - - !ruby/object:Api::Type::String - name: 'gatewayAddress' - description: | - The gateway address for default routes to reach destination addresses - outside this subnetwork. - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'ipCidrRange' - description: | - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/expandIpCidrRange' - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the resource, provided by the client when initially - creating the resource. The name must be 1-63 characters long, and - comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which - means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The network this subnet belongs to. - Only networks that are in the distributed mode can have subnetworks. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'purpose' - input: true - description: | - The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the `role` field. - - !ruby/object:Api::Type::Enum - name: 'role' - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} - update_id: 'role' - fingerprint_name: 'fingerprint' - values: - - :ACTIVE - - :BACKUP - description: | - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. - - !ruby/object:Api::Type::Array - name: 'secondaryIpRanges' - description: | - An array of configurations for secondary IP ranges for VM instances - contained in this subnetwork. The primary IP of such VM must belong - to the primary ipCidrRange of the subnetwork. The alias IPs may belong - to either primary or secondary ranges. - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} - update_id: 'secondaryIpRanges' - fingerprint_name: 'fingerprint' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'rangeName' - required: true - description: | - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - - !ruby/object:Api::Type::String - name: 'ipCidrRange' - required: true - description: | - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - - !ruby/object:Api::Type::Boolean - name: 'privateIpGoogleAccess' - description: | - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/setPrivateIpGoogleAccess' - - !ruby/object:Api::Type::String - name: 'privateIpv6GoogleAccess' - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} - description: The private IPv6 google access type for the VMs in this subnet. - fingerprint_name: 'fingerprint' - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - The GCP region for this subnetwork. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} - fingerprint_name: 'fingerprint' - update_id: 'logConfig' - description: | - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the `purpose` of this - subnetwork is `INTERNAL_HTTPS_LOAD_BALANCER` - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' - description: If logging is enabled for this subnetwork - - !ruby/object:Api::Type::Enum - name: 'aggregationInterval' - at_least_one_of: - - log_config.0.aggregation_interval - - log_config.0.flow_sampling - - log_config.0.metadata - - log_config.0.filterExpr - description: | - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. - values: - - :INTERVAL_5_SEC - - :INTERVAL_30_SEC - - :INTERVAL_1_MIN - - :INTERVAL_5_MIN - - :INTERVAL_10_MIN - - :INTERVAL_15_MIN - default_value: :INTERVAL_5_SEC - - !ruby/object:Api::Type::Double - name: 'flowSampling' - at_least_one_of: - - log_config.0.aggregation_interval - - log_config.0.flow_sampling - - log_config.0.metadata - - log_config.0.filterExpr - description: | - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - default_value: 0.5 - - !ruby/object:Api::Type::Enum - name: 'metadata' - at_least_one_of: - - log_config.0.aggregation_interval - - log_config.0.flow_sampling - - log_config.0.metadata - - log_config.0.filterExpr - description: | - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. - values: - - :EXCLUDE_ALL_METADATA - - :INCLUDE_ALL_METADATA - - :CUSTOM_METADATA - default_value: :INCLUDE_ALL_METADATA - - !ruby/object:Api::Type::Array - name: 'metadataFields' - description: | - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'filterExpr' - at_least_one_of: - - log_config.0.aggregation_interval - - log_config.0.flow_sampling - - log_config.0.metadata - - log_config.0.filterExpr - description: | - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. - default_value: "true" - - !ruby/object:Api::Type::Enum - name: 'stackType' - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} - fingerprint_name: 'fingerprint' - values: - - :IPV4_ONLY - - :IPV4_IPV6 - description: | - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. - - !ruby/object:Api::Type::Enum - name: 'ipv6AccessType' - update_verb: :PATCH - update_url: projects/{{project}}/regions/{{region}}/subnetworks/{{name}} - fingerprint_name: 'fingerprint' - values: - - :EXTERNAL - - :INTERNAL - description: | - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. - - !ruby/object:Api::Type::String - name: 'ipv6CidrRange' - output: true - description: | - The range of internal IPv6 addresses that are owned by this subnetwork. - - !ruby/object:Api::Type::String - name: 'externalIpv6Prefix' - output: true - description: | - The range of external IPv6 addresses that are owned by this subnetwork. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Private Google Access': - 'https://cloud.google.com/vpc/docs/configure-private-google-access' - 'Cloud Networking': - 'https://cloud.google.com/vpc/docs/using-vpc' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks' - - !ruby/object:Api::Resource - name: 'TargetHttpProxy' - kind: 'compute#targetHttpProxy' - base_url: projects/{{project}}/global/targetHttpProxies - collection_url_key: 'items' - has_self_link: true - input: true - description: | - Represents a TargetHttpProxy resource, which is used by one or more global - forwarding rule to route incoming HTTP requests to a URL map. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' - api: 'https://cloud.google.com/compute/docs/reference/v1/targetHttpProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'urlMap' - resource: 'UrlMap' - imports: 'selfLink' - description: | - A reference to the UrlMap resource that defines the mapping from URL - to the BackendService. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/targetHttpProxies/{{name}}/setUrlMap' - - !ruby/object:Api::Type::Boolean - name: 'proxyBind' - description: | - This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - - !ruby/object:Api::Resource - name: 'TargetHttpsProxy' - kind: 'compute#targetHttpsProxy' - base_url: projects/{{project}}/global/targetHttpsProxies - collection_url_key: 'items' - has_self_link: true - input: true - description: | - Represents a TargetHttpsProxy resource, which is used by one or more - global forwarding rule to route incoming HTTPS requests to a URL map. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' - api: 'https://cloud.google.com/compute/docs/reference/v1/targetHttpsProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'quicOverride' - description: | - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. - values: - - :NONE - - :ENABLE - - :DISABLE - update_verb: :POST - update_url: - 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setQuicOverride' - - !ruby/object:Api::Type::Array - name: 'sslCertificates' - description: | - A list of SslCertificate resources that are used to authenticate - connections between users and the load balancer. At least one SSL - certificate must be specified. - update_verb: :POST - update_url: - 'projects/{{project}}/targetHttpsProxies/{{name}}/setSslCertificates' - item_type: !ruby/object:Api::Type::ResourceRef - name: 'sslCertificate' - resource: 'SslCertificate' - imports: 'selfLink' - description: 'The SSL certificates used by this TargetHttpsProxy' - - !ruby/object:Api::Type::String - name: 'certificateMap' - description: | - A reference to the CertificateMap resource uri that identifies a certificate map - associated with the given target proxy. This field can only be set for global target proxies. - Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. - update_verb: :POST - update_url: - 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setCertificateMap' - - !ruby/object:Api::Type::ResourceRef - name: 'sslPolicy' - resource: 'SslPolicy' - imports: 'selfLink' - description: | - A reference to the SslPolicy resource that will be associated with - the TargetHttpsProxy resource. If not set, the TargetHttpsProxy - resource will not have any SSL policy configured. - update_verb: :POST - update_url: - 'projects/{{project}}/global/targetHttpsProxies/{{name}}/setSslPolicy' - - !ruby/object:Api::Type::ResourceRef - name: 'urlMap' - resource: 'UrlMap' - imports: 'selfLink' - description: | - A reference to the UrlMap resource that defines the mapping from URL - to the BackendService. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/targetHttpsProxies/{{name}}/setUrlMap' - - !ruby/object:Api::Type::Boolean - name: 'proxyBind' - description: | - This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - - !ruby/object:Api::Resource - name: 'RegionTargetHttpProxy' - base_url: projects/{{project}}/regions/{{region}}/targetHttpProxies - has_self_link: true - input: true - description: | - Represents a RegionTargetHttpProxy resource, which is used by one or more - forwarding rules to route incoming HTTP requests to a URL map. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - required: true - input: true - description: | - The region where the regional proxy resides. - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'urlMap' - resource: 'RegionUrlMap' - imports: 'selfLink' - description: | - A reference to the RegionUrlMap resource that defines the mapping from URL - to the BackendService. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}/setUrlMap' - - !ruby/object:Api::Resource - name: 'RegionTargetHttpsProxy' - base_url: projects/{{project}}/regions/{{region}}/targetHttpsProxies - has_self_link: true - input: true - description: | - Represents a RegionTargetHttpsProxy resource, which is used by one or more - forwarding rules to route incoming HTTPS requests to a URL map. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - input: true - required: true - description: | - The region where the regional proxy resides. - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - # This field is present in the schema but as of 2019 Sep 23 attempting to set it fails with - # a 400 "QUIC override is supported only with global TargetHttpsProxy". jamessynge@ said in an - # email sent on 2019 Sep 20 that support for this "is probably far in the future." - #- !ruby/object:Api::Type::Enum - # name: 'quicOverride' - # description: | - # Specifies the QUIC override policy for this resource. This determines - # whether the load balancer will attempt to negotiate QUIC with clients - # or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - # specified, uses the QUIC policy with no user overrides, which is - # equivalent to DISABLE. Not specifying this field is equivalent to - # specifying NONE. - # values: - # - :NONE - # - :ENABLE - # - :DISABLE - # update_verb: :POST - # update_url: - # 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setQuicOverride' - - !ruby/object:Api::Type::Array - name: 'sslCertificates' - description: | - A list of RegionSslCertificate resources that are used to authenticate - connections between users and the load balancer. Currently, exactly - one SSL certificate must be specified. - required: true - update_verb: :POST - update_url: - 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' - item_type: !ruby/object:Api::Type::ResourceRef - name: 'sslCertificate' - resource: 'RegionSslCertificate' - imports: 'selfLink' - description: 'The SSL certificates used by this TargetHttpsProxy' - - !ruby/object:Api::Type::ResourceRef - name: 'sslPolicy' - resource: 'RegionSslPolicy' - imports: 'selfLink' - min_version: beta - description: | - A reference to the Region SslPolicy resource that will be associated with - the TargetHttpsProxy resource. If not set, the TargetHttpsProxy - resource will not have any SSL policy configured. - # 2022 May 28 - setSslPolicy method not yet listed - # https://cloud.google.com/compute/docs/reference/rest/beta/regionTargetHttpsProxies - # update_verb: :POST - # update_url: - # 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslPolicy' - - !ruby/object:Api::Type::ResourceRef - name: 'urlMap' - resource: 'RegionUrlMap' - imports: 'selfLink' - description: | - A reference to the RegionUrlMap resource that defines the mapping from URL - to the RegionBackendService. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setUrlMap' - - !ruby/object:Api::Resource - name: 'RegionTargetTcpProxy' - base_url: projects/{{project}}/regions/{{region}}/targetTcpProxies - has_self_link: true - input: true - description: | - Represents a RegionTargetTcpProxy resource, which is used by one or more - forwarding rules to route incoming TCP requests to a regional TCP proxy load - balancer. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/load-balancing/docs/tcp/internal-proxy' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetTcpProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - required: true - input: true - description: | - The region where the regional proxy resides. - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::Integer - name: 'proxyId' - api_name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - description: | - Specifies the type of proxy header to append before sending data to - the backend. - values: - - :NONE - - :PROXY_V1 - default_value: :NONE - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'RegionBackendService' - imports: 'selfLink' - description: | - A reference to the BackendService resource. - required: true - - !ruby/object:Api::Type::Boolean - name: 'proxyBind' - description: | - This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - - !ruby/object:Api::Resource - name: 'TargetInstance' - kind: 'compute#targetInstance' - base_url: projects/{{project}}/zones/{{zone}}/targetInstances - collection_url_key: 'items' - has_self_link: true - input: true - description: | - Represents a TargetInstance resource which defines an endpoint instance - that terminates traffic of certain protocols. In particular, they are used - in Protocol Forwarding, where forwarding rules can send packets to a - non-NAT'ed target instance. Each target instance contains a single - virtual machine instance that receives and handles traffic from the - corresponding forwarding rules. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Protocol Forwarding': 'https://cloud.google.com/compute/docs/protocol-forwarding' - api: 'https://cloud.google.com/compute/docs/reference/v1/targetInstances' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/zones/{{zone}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'zone' - resource: 'Zone' - imports: 'name' - description: | - URL of the zone where the target instance resides. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'network' - description: 'The URL of the network this target instance uses to forward traffic. If not specified, the traffic will be forwarded to the network that the default network interface belongs to.' - input: true - min_version: beta - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::ResourceRef - name: 'instance' - resource: 'Instance' - imports: 'selfLink' - description: | - A URL to the virtual machine instance that handles traffic for this - target instance. Accepts self-links or the partial paths with format - `projects/project/zones/zone/instances/instance' or - `zones/zone/instances/instance` - required: true - input: true - - !ruby/object:Api::Type::Enum - name: 'natPolicy' - description: | - NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. - input: true - default_value: :NO_NAT - values: - - :NO_NAT - - !ruby/object:Api::Resource - name: 'TargetPool' - kind: 'compute#targetPool' - base_url: projects/{{project}}/regions/{{region}}/targetPools - collection_url_key: 'items' - description: 'Represents a TargetPool resource, used for Load Balancing.' - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/load-balancing/network/target-pools' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/targetPools' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'The region where the target pool resides.' - required: true - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backupPool' - resource: 'TargetPool' - imports: 'selfLink' - input: true - description: | - This field is applicable only when the containing target pool is - serving a forwarding rule as the primary pool, and its failoverRatio - field is properly set to a value between [0, 1]. - - backupPool and failoverRatio together define the fallback behavior of - the primary target pool: if the ratio of the healthy instances in the - primary pool is at or below failoverRatio, traffic arriving at the - load-balanced IP will be directed to the backup pool. - - In case where failoverRatio and backupPool are not set, or all the - instances in the backup pool are unhealthy, the traffic will be - directed back to the primary pool in the "force" mode, where traffic - will be spread to the healthy instances with the best effort, or to - all instances when no instance is healthy. - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::Double - name: 'failoverRatio' - description: | - This field is applicable only when the containing target pool is - serving a forwarding rule as the primary pool (i.e., not as a backup - pool to some other target pool). The value of the field must be in - [0, 1]. - - If set, backupPool must also be set. They together define the fallback - behavior of the primary target pool: if the ratio of the healthy - instances in the primary pool is at or below this number, traffic - arriving at the load-balanced IP will be directed to the backup pool. - - In case where failoverRatio is not set or all the instances in the - backup pool are unhealthy, the traffic will be directed back to the - primary pool in the "force" mode, where traffic will be spread to the - healthy instances with the best effort, or to all instances when no - instance is healthy. - - !ruby/object:Api::Type::ResourceRef - name: 'healthCheck' - resource: 'HttpHealthCheck' - imports: 'selfLink' - description: | - A reference to a HttpHealthCheck resource. - - A member instance in this pool is considered healthy if and only if - the health checks pass. If not specified it means all member instances - will be considered healthy at all times. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Array - name: 'instances' - description: | - A list of virtual machine instances serving this pool. - - They must live in zones contained in the same region as this pool. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'instance' - description: 'The instance being served by this pool.' - resource: 'Instance' - imports: 'selfLink' - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'sessionAffinity' - description: | - Session affinity option. Must be one of these values: - - * NONE: Connections from the same client IP may go to any instance in - the pool. - * CLIENT_IP: Connections from the same client IP will go to the same - instance in the pool while that instance remains healthy. - * CLIENT_IP_PROTO: Connections from the same client IP with the same - IP protocol will go to the same instance in the pool while that - instance remains healthy. - input: true - values: - - :NONE - - :CLIENT_IP - - :CLIENT_IP_PROTO - - !ruby/object:Api::Resource - name: 'TargetSslProxy' - kind: 'compute#targetSslProxy' - base_url: projects/{{project}}/global/targetSslProxies - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a TargetSslProxy resource, which is used by one or more - global forwarding rule to route incoming SSL requests to a backend - service. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Setting Up SSL proxy for Google Cloud Load Balancing': 'https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/' - api: 'https://cloud.google.com/compute/docs/reference/v1/targetSslProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - description: | - Specifies the type of proxy header to append before sending data to - the backend. - values: - - :NONE - - :PROXY_V1 - update_verb: :POST - update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setProxyHeader' - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'BackendService' - imports: 'selfLink' - description: | - A reference to the BackendService resource. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setBackendService' - - !ruby/object:Api::Type::Array - name: 'sslCertificates' - description: | - A list of SslCertificate resources that are used to authenticate - connections between users and the load balancer. At least one - SSL certificate must be specified. - exactly_one_of: - - sslCertificates - - certificateMap - update_verb: :POST - update_url: 'projects/{{project}}/global/targetSslProxies/{{name}}/setSslCertificates' - item_type: !ruby/object:Api::Type::ResourceRef - name: 'sslCertificate' - resource: 'SslCertificate' - imports: 'selfLink' - description: 'The SSL certificates used by this TargetSslProxy' - - !ruby/object:Api::Type::String - name: 'certificateMap' - description: | - A reference to the CertificateMap resource uri that identifies a certificate map - associated with the given target proxy. This field can only be set for global target proxies. - Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`. - exactly_one_of: - - sslCertificates - - certificateMap - update_verb: :POST - update_url: - 'projects/{{project}}/global/targetSslProxies/{{name}}/setCertificateMap' - - !ruby/object:Api::Type::ResourceRef - name: 'sslPolicy' - resource: 'SslPolicy' - imports: 'selfLink' - description: | - A reference to the SslPolicy resource that will be associated with - the TargetSslProxy resource. If not set, the TargetSslProxy - resource will not have any SSL policy configured. - update_verb: :POST - update_url: - 'projects/{{project}}/global/targetSslProxies/{{name}}/setSslPolicy' - - !ruby/object:Api::Resource - name: 'TargetTcpProxy' - kind: 'compute#targetTcpProxy' - base_url: projects/{{project}}/global/targetTcpProxies - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a TargetTcpProxy resource, which is used by one or more - global forwarding rule to route incoming TCP requests to a Backend - service. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Setting Up TCP proxy for Google Cloud Load Balancing': - 'https://cloud.google.com/compute/docs/load-balancing/tcp-ssl/tcp-proxy' - api: 'https://cloud.google.com/compute/docs/reference/v1/targetTcpProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'proxyHeader' - description: | - Specifies the type of proxy header to append before sending data to - the backend. - values: - - :NONE - - :PROXY_V1 - update_verb: :POST - update_url: 'projects/{{project}}/global/targetTcpProxies/{{name}}/setProxyHeader' - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'BackendService' - imports: 'selfLink' - description: | - A reference to the BackendService resource. - required: true - update_verb: :POST - update_url: 'projects/{{project}}/global/targetTcpProxies/{{name}}/setBackendService' - - !ruby/object:Api::Type::Boolean - name: 'proxyBind' - description: | - This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - - !ruby/object:Api::Resource - name: 'TargetVpnGateway' - kind: 'compute#targetVpnGateway' - base_url: projects/{{project}}/regions/{{region}}/targetVpnGateways - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a VPN gateway running in GCP. This virtual device is managed - by Google, but used only by you. - references: !ruby/object:Api::Resource::ReferenceLinks - api: https://cloud.google.com/compute/docs/reference/rest/v1/targetVpnGateways - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - The region this gateway should sit in. - required: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The network this VPN gateway is accepting traffic for. - required: true - input: true - - !ruby/object:Api::Type::Array - name: 'tunnels' - description: | - A list of references to VpnTunnel resources associated with this VPN gateway. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'tunnel' - resource: 'VpnTunnel' - imports: 'selfLink' - description: | - A VpnTunnel resource associated with this VPN gateway. - output: true - - !ruby/object:Api::Type::Array - name: 'forwardingRules' - description: | - A list of references to the ForwardingRule resources associated with this VPN - gateway. - item_type: !ruby/object:Api::Type::ResourceRef - name: 'forwardingRule' - resource: 'ForwardingRule' - imports: 'selfLink' - description: | - A ForwardingRule resource associated with this VPN gateway. - output: true - # status is not useful for state convergence - - !ruby/object:Api::Resource - name: 'VpnGateway' - kind: 'compute#vpnGateway' - base_url: projects/{{project}}/regions/{{region}}/vpnGateways - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a VPN gateway running in GCP. This virtual device is managed - by Google, but used only by you. This type of VPN Gateway allows for the creation - of VPN solutions with higher availability than classic Target VPN Gateways. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Choosing a VPN': https://cloud.google.com/vpn/docs/how-to/choosing-a-vpn - 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' - api: https://cloud.google.com/compute/docs/reference/rest/v1/vpnGateways - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: | - The region this gateway should sit in. - required: true - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - input: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - input: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'network' - resource: 'Network' - imports: 'selfLink' - description: | - The network this VPN gateway is accepting traffic for. - required: true - input: true - - !ruby/object:Api::Type::Array - name: 'vpnInterfaces' - description: | - A list of interfaces on this VPN gateway. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The numeric ID of this VPN gateway interface.' - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: 'The external IP address for this VPN gateway interface.' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'interconnectAttachment' - resource: 'InterconnectAttachment' - imports: 'selfLink' - description: | - URL of the interconnect attachment resource. When the value - of this field is present, the VPN Gateway will be used for - IPsec-encrypted Cloud Interconnect; all Egress or Ingress - traffic for this VPN Gateway interface will go through the - specified interconnect attachment resource. - - Not currently available publicly. - input: true - - !ruby/object:Api::Resource - name: 'ExternalVpnGateway' - kind: 'compute#externalVpnGateway' - base_url: projects/{{project}}/global/externalVpnGateways - collection_url_key: 'items' - input: true - has_self_link: true - description: | - Represents a VPN gateway managed outside of GCP. - references: !ruby/object:Api::Resource::ReferenceLinks - api: https://cloud.google.com/compute/docs/reference/rest/v1/externalVpnGateways - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'Labels for the external VPN gateway resource.' - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource is - created. The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and - match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means - the first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::Enum - name: 'redundancyType' - description: | - Indicates the redundancy type of this external VPN gateway - values: - - :FOUR_IPS_REDUNDANCY - - :SINGLE_IP_INTERNALLY_REDUNDANT - - :TWO_IPS_REDUNDANCY - - !ruby/object:Api::Type::Array - name: 'interfaces' - description: | - A list of interfaces on this external VPN gateway. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - send_empty_value: true - description: | - The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * `0 - SINGLE_IP_INTERNALLY_REDUNDANT` - * `0, 1 - TWO_IPS_REDUNDANCY` - * `0, 1, 2, 3 - FOUR_IPS_REDUNDANCY` - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: | - IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - - !ruby/object:Api::Resource - name: 'UrlMap' - kind: 'compute#urlMap' - base_url: projects/{{project}}/global/urlMaps - collection_url_key: 'items' - has_self_link: true - description: | - UrlMaps are used to route requests to a backend service based on rules - that you define for the host and path of an incoming URL. - references: !ruby/object:Api::Resource::ReferenceLinks - api: https://cloud.google.com/compute/docs/reference/rest/v1/urlMaps - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::ResourceRef - name: 'defaultService' - exactly_one_of: - - default_service - - default_url_redirect - - default_route_action.0.weighted_backend_services - resource: 'BackendService' - imports: 'selfLink' - description: | - The full or partial URL of the defaultService resource to which traffic is directed if - none of the hostRules match. If defaultRouteAction is additionally specified, advanced - routing actions like URL Rewrites, etc. take effect prior to sending the request to the - backend. However, if defaultService is specified, defaultRouteAction cannot contain any - weightedBackendServices. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when you create - the resource. - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - description: | - Fingerprint of this resource. A hash of the contents stored in this object. This - field is used in optimistic locking. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - at_least_one_of: - - header_action.0.request_headers_to_add - - header_action.0.request_headers_to_remove - - header_action.0.response_headers_to_add - - header_action.0.response_headers_to_remove - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - at_least_one_of: - - header_action.0.request_headers_to_add - - header_action.0.request_headers_to_remove - - header_action.0.response_headers_to_add - - header_action.0.response_headers_to_remove - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - at_least_one_of: - - header_action.0.request_headers_to_add - - header_action.0.request_headers_to_remove - - header_action.0.response_headers_to_add - - header_action.0.response_headers_to_remove - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - at_least_one_of: - - header_action.0.request_headers_to_add - - header_action.0.request_headers_to_remove - - header_action.0.response_headers_to_add - - header_action.0.response_headers_to_remove - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Array - name: 'hostRules' - description: | - The list of HostRules to use against the URL. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when you create - the resource. - - !ruby/object:Api::Type::Array - name: 'hosts' - required: true - item_type: Api::Type::String - description: | - The list of host patterns to match. They must be valid hostnames, except * will - match any string of ([a-z0-9-.]*). In that case, * must be the first character - and must be followed in the pattern by either - or .. - - !ruby/object:Api::Type::String - name: 'pathMatcher' - required: true - description: | - The name of the PathMatcher to use to match the path portion of the URL if the - hostRule matches the URL's host portion. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Name of the resource. Provided by the client when the resource is created. The - name must be 1-63 characters long, and comply with RFC1035. Specifically, the - name must be 1-63 characters long and match the regular expression - `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase - letter, and all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - - !ruby/object:Api::Type::Array - name: 'pathMatchers' - description: | - The list of named PathMatchers to use against the URL. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'defaultService' - # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. - # (github.com/hashicorp/terraform-plugin-sdk/issues/470) - # exactly_one_of: - # - path_matchers.0.default_service - # - path_matchers.0.default_url_redirect - # - path_matchers.0.default_route_action.0.weighted_backend_services - resource: 'BackendService' - imports: 'selfLink' - description: | - The full or partial URL to the BackendService resource. This will be used if none - of the pathRules or routeRules defined by this PathMatcher are matched. For example, - the following are all valid URLs to a BackendService resource: - - https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backendService - - compute/v1/projects/project/global/backendServices/backendService - - global/backendServices/backendService - If defaultRouteAction is additionally specified, advanced routing actions like URL - Rewrites, etc. take effect prior to sending the request to the backend. However, if - defaultService is specified, defaultRouteAction cannot contain any - weightedBackendServices. Conversely, if defaultRouteAction specifies any - weightedBackendServices, defaultService must not be specified. - Only one of defaultService, defaultUrlRedirect or - defaultRouteAction.weightedBackendService must be set. Authorization requires one - or more of the following Google IAM permissions on the - specified resource defaultService: - - compute.backendBuckets.use - - compute.backendServices.use - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. Provide this property when you create - the resource. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name to which this PathMatcher is referred by the HostRule. - - !ruby/object:Api::Type::Array - name: 'pathRules' - description: | - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'BackendService' - imports: 'selfLink' - description: | - The backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - - !ruby/object:Api::Type::Array - name: 'paths' - required: true - item_type: Api::Type::String - description: | - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - - !ruby/object:Api::Type::NestedObject - name: 'routeAction' - description: | - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - default_value: false - description: | - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Headers header. - - !ruby/object:Api::Type::Array - name: 'allowMethods' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Methods header. - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - item_type: Api::Type::String - description: | - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - item_type: Api::Type::String - description: | - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Boolean - name: 'disabled' - required: true - description: | - If true, specifies the CORS policy is disabled. - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Expose-Headers header. - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault - injection. - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - required: true - description: | - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - required: true - description: | - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - required: true - description: | - Specifies the value of the fixed delay interval. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - required: true - description: | - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'BackendService' - imports: 'selfLink' - description: | - The BackendService resource being mirrored to. - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - Specifies the retry policy associated with this route. - properties: - - !ruby/object:Api::Type::Integer - name: 'numRetries' - description: | - Specifies the allowed number retries. This number must be > 0. - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Array - name: 'retryConditions' - item_type: Api::Type::String - description: | - Specifies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - * gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - * unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - description: | - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'BackendService' - imports: 'selfLink' - description: | - The default BackendService resource. Before - forwarding the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Integer - name: 'weight' - required: true - description: | - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - - !ruby/object:Api::Type::NestedObject - name: 'urlRedirect' - description: | - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - description: | - If set to true, any accompanying query portion of the original URL is - removed prior to redirecting the request. If set to false, the query - portion of the original URL is retained. - - !ruby/object:Api::Type::Array - name: 'routeRules' - description: | - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'priority' - required: true - description: | - For routeRules within a given pathMatcher, priority determines the order - in which load balancer will interpret routeRules. RouteRules are evaluated - in order of priority, from the lowest to highest number. The priority of - a rule decreases as its number increases (1, 2, 3, N+1). The first rule - that matches the request is applied. - - You cannot configure two or more routeRules with the same priority. - Priority for each rule must be set to a number between 0 and - 2147483647 inclusive. - - Priority numbers can have gaps, which enable you to add or remove rules - in the future without affecting the rest of the rules. For example, - 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which - you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the - future without any impact on existing rules. - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'BackendService' - imports: 'selfLink' - description: | - The backend service resource to which traffic is - directed if this rule is matched. If routeAction is additionally specified, - advanced routing actions like URL Rewrites, etc. take effect prior to sending - the request to the backend. However, if service is specified, routeAction cannot - contain any weightedBackendService s. Conversely, if routeAction specifies any - weightedBackendServices, service must not be specified. Only one of urlRedirect, - service or routeAction.weightedBackendService must be set. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Array - name: 'matchRules' - description: | - The rules for determining a match. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'fullPathMatch' - description: | - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - - !ruby/object:Api::Type::Array - name: 'headerMatches' - description: | - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'exactMatch' - description: | - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - - !ruby/object:Api::Type::Boolean - name: 'invertMatch' - default_value: false - description: | - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - - !ruby/object:Api::Type::String - name: 'prefixMatch' - description: | - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - - !ruby/object:Api::Type::Boolean - name: 'presentMatch' - description: | - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - - !ruby/object:Api::Type::NestedObject - name: 'rangeMatch' - description: | - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - -3 will match. - 0 will - not match. - 0.25 will not match. - -3someString will not match. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - properties: - - !ruby/object:Api::Type::Integer - name: 'rangeEnd' - required: true - description: | - The end of the range (exclusive). - - !ruby/object:Api::Type::Integer - name: 'rangeStart' - required: true - description: | - The start of the range (inclusive). - - !ruby/object:Api::Type::String - name: 'regexMatch' - description: | - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - - !ruby/object:Api::Type::String - name: 'suffixMatch' - description: | - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - - !ruby/object:Api::Type::Boolean - name: 'ignoreCase' - default_value: false - description: | - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - - !ruby/object:Api::Type::Array - name: 'metadataFilters' - description: | - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'filterLabels' - min_size: 1 - max_size: 64 - required: true - description: | - The list of label value pairs that must match labels in the provided metadata - based on filterMatchCriteria This list must not be empty and can have at the - most 64 entries. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of metadata label. The name can have a maximum length of 1024 characters - and must be at least 1 character long. - - !ruby/object:Api::Type::String - name: 'value' - required: true - description: | - The value of the label must match the specified value. value can have a maximum - length of 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'filterMatchCriteria' - required: true - description: | - Specifies how individual filterLabel matches within the list of filterLabels - contribute towards the overall metadataFilter match. Supported values are: - - MATCH_ANY: At least one of the filterLabels must have a matching label in the - provided metadata. - - MATCH_ALL: All filterLabels must have matching labels in - the provided metadata. - values: - - :MATCH_ALL - - :MATCH_ANY - - !ruby/object:Api::Type::String - name: 'prefixMatch' - description: | - For satisfying the matchRule condition, the request's path must begin with the - specified prefixMatch. prefixMatch must begin with a /. The value must be - between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or - regexMatch must be specified. - - !ruby/object:Api::Type::Array - name: 'queryParameterMatches' - description: | - Specifies a list of query parameter match criteria, all of which must match - corresponding query parameters in the request. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'exactMatch' - description: | - The queryParameterMatch matches if the value of the parameter exactly matches - the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch - must be set. - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The name of the query parameter to match. The query parameter must exist in the - request, in the absence of which the request match fails. - - !ruby/object:Api::Type::Boolean - name: 'presentMatch' - description: | - Specifies that the queryParameterMatch matches if the request contains the query - parameter, irrespective of whether the parameter has a value or not. Only one of - presentMatch, exactMatch and regexMatch must be set. - - !ruby/object:Api::Type::String - name: 'regexMatch' - description: | - The queryParameterMatch matches if the value of the parameter matches the - regular expression specified by regexMatch. For the regular expression grammar, - please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, - exactMatch and regexMatch must be set. - - !ruby/object:Api::Type::String - name: 'regexMatch' - description: | - For satisfying the matchRule condition, the path of the request must satisfy the - regular expression specified in regexMatch after removing any query parameters - and anchor supplied with the original URL. For regular expression grammar please - see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, - fullPathMatch or regexMatch must be specified. - - !ruby/object:Api::Type::NestedObject - name: 'routeAction' - description: | - In response to a matching matchRule, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing - properties: - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - default_value: false - description: | - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Headers header. - - !ruby/object:Api::Type::Array - name: 'allowMethods' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Allow-Methods header. - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - item_type: Api::Type::String - description: | - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - item_type: Api::Type::String - description: | - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - - !ruby/object:Api::Type::Boolean - name: 'disabled' - default_value: false - description: | - If true, specifies the CORS policy is disabled. - which indicates that the CORS policy is in effect. Defaults to false. - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - item_type: Api::Type::String - description: | - Specifies the content for the Access-Control-Expose-Headers header. - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault - injection. - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - description: | - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - description: | - Specifies the value of the fixed delay interval. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'BackendService' - imports: 'selfLink' - description: | - The BackendService resource being mirrored to. - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - Specifies the retry policy associated with this route. - properties: - - !ruby/object:Api::Type::Integer - name: 'numRetries' - required: true - description: | - Specifies the allowed number retries. This number must be > 0. - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction - is not set, will use the largest timeout among all backend services associated with the route. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::Array - name: 'retryConditions' - item_type: Api::Type::String - description: | - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - * gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in - the response header is set to unavailable - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 `seconds` field and a positive - `nanos` field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::String - name: 'seconds' - required: true - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The spec to modify the URL of the request, prior to forwarding the request to - the matched service - properties: - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - description: | - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - required: true - resource: 'BackendService' - imports: 'selfLink' - description: | - The default BackendService resource. Before - forwarding the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the - backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - required: true - description: | - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - item_type: Api::Type::String - description: | - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - - !ruby/object:Api::Type::Integer - name: 'weight' - required: true - description: | - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000 - - !ruby/object:Api::Type::NestedObject - name: 'urlRedirect' - description: | - When this rule is matched, the request is redirected to a URL specified by - urlRedirect. If urlRedirect is specified, service or routeAction must not be - set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. If set - to false, the URL scheme of the redirected request will remain the same as that - of the request. This must only be set for UrlMaps used in TargetHttpProxys. - Setting this true for TargetHttpsProxy is not permitted. Defaults to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one that was - supplied in the request. Only one of pathRedirect or prefixRedirect must be - specified. The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - default_value: false - description: | - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. Defaults to false. - - !ruby/object:Api::Type::NestedObject - name: 'defaultUrlRedirect' - # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. - # (github.com/hashicorp/terraform-plugin-sdk/issues/470) - # exactly_one_of: - # - path_matchers.0.default_service - # - path_matchers.0.default_url_redirect - # - path_matchers.0.default_route_action.0.weighted_backend_services - description: | - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - description: | - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - - !ruby/object:Api::Type::NestedObject - name: 'defaultRouteAction' - # TODO: (mbang) conflicts also won't work for array path matchers yet, uncomment here once supported. - # conflicts: - # - path_matcher.path_matcher.default_url_redirect - description: | - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - # TODO: (mbang) won't work for array path matchers yet, uncomment here once they are supported. - # (github.com/hashicorp/terraform-plugin-sdk/issues/470) - # exactly_one_of: - # - path_matchers.0.default_service - # - path_matchers.0.default_url_redirect - # - path_matchers.0.default_route_action.0.weighted_backend_services - description: | - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'BackendService' - imports: 'selfLink' - description: | - The full or partial URL to the default BackendService resource. Before forwarding the - request to backendService, the loadbalancer applies any relevant headerActions - specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::Integer - name: 'weight' - description: | - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000 - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - description: | - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: 'headerValue' - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - default_value: false - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - description: | - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: 'headerValue' - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - default_value: false - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The spec to modify the URL of the request, prior to forwarding the request to the matched service. - properties: - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - Specifies the retry policy associated with this route. - properties: - - !ruby/object:Api::Type::Array - name: 'retryConditions' - description: | - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'numRetries' - description: | - Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. - default_value: 1 - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'BackendService' - imports: 'selfLink' - description: | - The full or partial URL to the BackendService resource being mirrored to. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) - properties: - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - description: | - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - description: | - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowMethods' - description: | - Specifies the content for the Access-Control-Allow-Methods header. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - description: | - Specifies the content for the Access-Control-Allow-Headers header. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - description: | - Specifies the content for the Access-Control-Expose-Headers header. - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - description: | - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - default_value: false - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. - default_value: false - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - description: | - Specifies the value of the fixed delay interval. - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault injection. - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - description: | - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - - !ruby/object:Api::Type::Array - name: 'tests' - description: | - The list of expected URL mapping tests. Request to update this UrlMap will - succeed only if all of the test cases pass. You can specify a maximum of 100 - tests per UrlMap. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of this test case. - - !ruby/object:Api::Type::String - name: 'host' - required: true - description: | - Host portion of the URL. - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - Path portion of the URL. - - !ruby/object:Api::Type::ResourceRef - name: 'service' - resource: 'BackendService' - imports: 'selfLink' - required: true - description: | - Expected BackendService resource the given URL should be mapped to. - - !ruby/object:Api::Type::NestedObject - name: 'defaultUrlRedirect' - exactly_one_of: - - default_service - - default_url_redirect - - default_route_action.0.weighted_backend_services - conflicts: - - default_route_action - description: | - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. - properties: - - !ruby/object:Api::Type::String - name: 'hostRedirect' - description: | - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' - default_value: false - description: | - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - - !ruby/object:Api::Type::String - name: 'pathRedirect' - description: | - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. - - !ruby/object:Api::Type::String - name: 'prefixRedirect' - description: | - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' - description: | - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. - skip_docs_values: true - values: - - :FOUND - - :MOVED_PERMANENTLY_DEFAULT - - :PERMANENT_REDIRECT - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' - description: | - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. The default is set to false. - - !ruby/object:Api::Type::NestedObject - name: 'defaultRouteAction' - conflicts: - - default_url_redirect - description: | - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions - like URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend. - If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService - is set, defaultRouteAction cannot contain any weightedBackendServices. - - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - - !ruby/object:Api::Type::Array - name: 'weightedBackendServices' - exactly_one_of: - - default_service - - default_url_redirect - - default_route_action.0.weighted_backend_services - description: | - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'BackendService' - imports: 'selfLink' - description: | - The full or partial URL to the default BackendService resource. Before forwarding the - request to backendService, the loadbalancer applies any relevant headerActions - specified as part of this backendServiceWeight. - - !ruby/object:Api::Type::Integer - name: 'weight' - description: | - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000 - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - - !ruby/object:Api::Type::Array - name: 'requestHeadersToRemove' - description: | - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'requestHeadersToAdd' - description: | - Headers to add to a matching request prior to forwarding the request to the backendService. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: 'headerValue' - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - default_value: false - - !ruby/object:Api::Type::Array - name: 'responseHeadersToRemove' - description: | - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'responseHeadersToAdd' - description: | - Headers to add the response prior to sending the response back to the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: 'headerValue' - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - default_value: false - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The spec to modify the URL of the request, prior to forwarding the request to the matched service. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - at_least_one_of: - - default_route_action.0.url_rewrite.0.path_prefix_rewrite - - default_route_action.0.url_rewrite.0.host_rewrite - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - at_least_one_of: - - default_route_action.0.url_rewrite.0.path_prefix_rewrite - - default_route_action.0.url_rewrite.0.host_rewrite - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - at_least_one_of: - - default_route_action.0.timeout.0.seconds - - default_route_action.0.timeout.0.nanos - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - at_least_one_of: - - default_route_action.0.timeout.0.seconds - - default_route_action.0.timeout.0.nanos - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - Specifies the retry policy associated with this route. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::Array - name: 'retryConditions' - description: | - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable - at_least_one_of: - - default_route_action.0.retry_policy.0.retry_conditions - - default_route_action.0.retry_policy.0.num_retries - - default_route_action.0.retry_policy.0.per_try_timeout - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'numRetries' - description: | - Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1. - at_least_one_of: - - default_route_action.0.retry_policy.0.retry_conditions - - default_route_action.0.retry_policy.0.num_retries - - default_route_action.0.retry_policy.0.per_try_timeout - default_value: 1 - - !ruby/object:Api::Type::NestedObject - name: 'perTryTimeout' - description: | - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - at_least_one_of: - - default_route_action.0.retry_policy.0.retry_conditions - - default_route_action.0.retry_policy.0.num_retries - - default_route_action.0.retry_policy.0.per_try_timeout - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - at_least_one_of: - - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds - - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - at_least_one_of: - - default_route_action.0.retry_policy.0.per_try_timeout.0.seconds - - default_route_action.0.retry_policy.0.per_try_timeout.0.nanos - - !ruby/object:Api::Type::NestedObject - name: 'requestMirrorPolicy' - description: | - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'backendService' - resource: 'BackendService' - imports: 'selfLink' - description: | - The full or partial URL to the BackendService resource being mirrored to. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'corsPolicy' - description: | - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/) - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::Array - name: 'allowOrigins' - description: | - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowOriginRegexes' - description: | - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowMethods' - description: | - Specifies the content for the Access-Control-Allow-Methods header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowHeaders' - description: | - Specifies the content for the Access-Control-Allow-Headers header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exposeHeaders' - description: | - Specifies the content for the Access-Control-Expose-Headers header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: 'maxAge' - description: | - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - description: | - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - default_value: false - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. - default_value: false - at_least_one_of: - - default_route_action.0.cors_policy.0.allow_origins - - default_route_action.0.cors_policy.0.allow_origin_regexes - - default_route_action.0.cors_policy.0.allow_methods - - default_route_action.0.cors_policy.0.allow_headers - - default_route_action.0.cors_policy.0.expose_headers - - default_route_action.0.cors_policy.0.max_age - - default_route_action.0.cors_policy.0.allow_credentials - - default_route_action.0.cors_policy.0.disabled - - !ruby/object:Api::Type::NestedObject - name: 'faultInjectionPolicy' - description: | - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. - at_least_one_of: - - default_route_action.0.weighted_backend_services - - default_route_action.0.url_rewrite - - default_route_action.0.timeout - - default_route_action.0.retry_policy - - default_route_action.0.request_mirror_policy - - default_route_action.0.cors_policy - - default_route_action.0.fault_injection_policy - properties: - - !ruby/object:Api::Type::NestedObject - name: 'delay' - description: | - The specification for how client requests are delayed as part of fault injection, before being sent to a backend service. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay - - default_route_action.0.fault_injection_policy.0.abort - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fixedDelay' - description: | - Specifies the value of the fixed delay interval. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay - - default_route_action.0.fault_injection_policy.0.delay.0.percentage - properties: - - !ruby/object:Api::Type::String - name: 'seconds' - description: | - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.seconds - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay.0.nanos - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay.0.fixed_delay - - default_route_action.0.fault_injection_policy.0.delay.0.percentage - - !ruby/object:Api::Type::NestedObject - name: 'abort' - description: | - The specification for how client requests are aborted as part of fault injection. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.delay - - default_route_action.0.fault_injection_policy.0.abort - properties: - - !ruby/object:Api::Type::Integer - name: 'httpStatus' - description: | - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.abort.0.http_status - - default_route_action.0.fault_injection_policy.0.abort.0.percentage - - !ruby/object:Api::Type::Double - name: 'percentage' - description: | - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - at_least_one_of: - - default_route_action.0.fault_injection_policy.0.abort.0.http_status - - default_route_action.0.fault_injection_policy.0.abort.0.percentage - - !ruby/object:Api::Resource - name: 'VpnTunnel' - kind: 'compute#vpnTunnel' - description: 'VPN tunnel resource.' - input: true - base_url: projects/{{project}}/regions/{{region}}/vpnTunnels - collection_url_key: 'items' - has_self_link: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Cloud VPN Overview': 'https://cloud.google.com/vpn/docs/concepts/overview' - 'Networks and Tunnel Routing': 'https://cloud.google.com/vpn/docs/concepts/choosing-networks-routing' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/vpnTunnels' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'name' - description: 'The region where the tunnel is located.' - required: true - properties: - - !ruby/object:Api::Type::String - name: 'id' - description: 'The unique identifier for the resource. This identifier is defined by the server.' - output: true - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. The name must be 1-63 characters long, and - comply with RFC1035. Specifically, the name must be 1-63 - characters long and match the regular expression - `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character - must be a lowercase letter, and all following characters must - be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of this resource. - input: true - - !ruby/object:Api::Type::ResourceRef - name: 'targetVpnGateway' - description: | - URL of the Target VPN gateway with which this VPN tunnel is - associated. - resource: 'TargetVpnGateway' - imports: 'selfLink' - input: true - - !ruby/object:Api::Type::ResourceRef - name: 'vpnGateway' - description: | - URL of the VPN gateway with which this VPN tunnel is associated. - This must be used if a High Availability VPN gateway resource is created. - resource: 'VpnGateway' - imports: 'selfLink' - input: true - - !ruby/object:Api::Type::Integer - name: 'vpnGatewayInterface' - description: | - The interface ID of the VPN gateway with which this VPN tunnel is associated. - input: true - send_empty_value: true - - !ruby/object:Api::Type::ResourceRef - name: 'peerExternalGateway' - resource: 'ExternalVpnGateway' - imports: 'selfLink' - input: true - conflicts: - - peer_gcp_gateway - description: | - URL of the peer side external VPN gateway to which this VPN tunnel is connected. - - !ruby/object:Api::Type::Integer - name: 'peerExternalGatewayInterface' - description: | - The interface ID of the external VPN gateway to which this VPN tunnel is connected. - send_empty_value: true - - !ruby/object:Api::Type::ResourceRef - name: 'peerGcpGateway' - conflicts: - - peer_external_gateway - description: | - URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. - If provided, the VPN tunnel will automatically use the same vpn_gateway_interface - ID in the peer GCP VPN gateway. - resource: 'VpnGateway' - imports: 'selfLink' - - !ruby/object:Api::Type::ResourceRef - name: 'router' - description: | - URL of router resource to be used for dynamic routing. - resource: 'Router' - imports: 'selfLink' - input: true - - !ruby/object:Api::Type::String - name: 'peerIp' - description: | - IP address of the peer VPN gateway. Only IPv4 is supported. - - !ruby/object:Api::Type::String - name: 'sharedSecret' - description: | - Shared secret used to set the secure session between the Cloud VPN - gateway and the peer VPN gateway. - required: true - - !ruby/object:Api::Type::String - name: 'sharedSecretHash' - description: | - Hash of the shared secret. - output: true - - !ruby/object:Api::Type::Integer - name: 'ikeVersion' - description: | - IKE protocol version to use when establishing the VPN tunnel with - peer VPN gateway. - Acceptable IKE versions are 1 or 2. Default version is 2. - default_value: 2 - - !ruby/object:Api::Type::Array - name: 'localTrafficSelector' - description: | - Local traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example `192.168.0.0/16`. The ranges should be disjoint. - Only IPv4 is supported. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'remoteTrafficSelector' - description: | - Remote traffic selector to use when establishing the VPN tunnel with - peer VPN gateway. The value should be a CIDR formatted string, - for example `192.168.0.0/16`. The ranges should be disjoint. - Only IPv4 is supported. - item_type: Api::Type::String - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels to apply to this VpnTunnel. - update_verb: :POST - update_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}/setLabels' - min_version: beta - - !ruby/object:Api::Type::Fingerprint - name: 'labelFingerprint' - description: | - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - update_url: 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}/setLabels' - update_verb: :POST - min_version: beta - - !ruby/object:Api::Type::String - exclude: true - name: 'detailedStatus' - output: true - description: 'Detailed status message for the VPN tunnel.' - - !ruby/object:Api::Resource - name: 'Zone' - kind: 'compute#zone' - base_url: projects/{{project}}/zones - collection_url_key: 'items' - has_self_link: true - readonly: true - description: 'Represents a Zone resource.' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'deprecated' - description: 'The deprecation status associated with this machine type.' - properties: - - !ruby/object:Api::Type::Time - name: 'deleted' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to DELETED. This is only - informational and the status will not change unless the client - explicitly changes it. - output: true - - !ruby/object:Api::Type::Time - name: 'deprecated' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to DEPRECATED. This is only - informational and the status will not change unless the client - explicitly changes it. - output: true - - !ruby/object:Api::Type::Time - name: 'obsolete' - description: | - An optional RFC3339 timestamp on or after which the state of this - resource is intended to change to OBSOLETE. This is only - informational and the status will not change unless the client - explicitly changes it. - output: true - - !ruby/object:Api::Type::String - name: 'replacement' - description: | - The URL of the suggested replacement for a deprecated resource. - The suggested replacement resource must be the same kind of - resource as the deprecated resource. - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The deprecation state of this resource. This can be DEPRECATED, - OBSOLETE, or DELETED. Operations which create a new resource - using a DEPRECATED resource will return successfully, but with a - warning indicating the deprecated resource and recommending its - replacement. Operations which use OBSOLETE or DELETED resources - will be rejected and result in an error. - values: - - :DEPRECATED - - :OBSOLETE - - :DELETED - output: true - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional textual description of the resource.' - output: true - - !ruby/object:Api::Type::Integer - name: 'id' - description: 'The unique identifier for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the resource.' - - !ruby/object:Api::Type::ResourceRef - name: 'region' - resource: 'Region' - imports: 'selfLink' - description: 'The region where the zone is located.' - output: true - - !ruby/object:Api::Type::Enum - name: 'status' - description: 'The status of the zone.' - values: - - :UP - - :DOWN - output: true - - !ruby/object:Api::Type::Array - name: 'availableCpuPlatforms' - description: 'The available CPU platforms in this zone' - item_type: Api::Type::String - output: true - - !ruby/object:Api::Resource - name: 'TargetGrpcProxy' - kind: 'compute#targetGrpcProxy' - base_url: projects/{{project}}/global/targetGrpcProxies - collection_url_key: 'items' - update_verb: :PATCH - has_self_link: true - description: | - Represents a Target gRPC Proxy resource. A target gRPC proxy is a component - of load balancers intended for load balancing gRPC traffic. Global forwarding - rules reference a target gRPC proxy. The Target gRPC Proxy references - a URL map which specifies how traffic routes to gRPC backend services. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Target gRPC Proxies': 'https://cloud.google.com/traffic-director/docs/proxyless-overview' - api: 'https://cloud.google.com/compute/docs/reference/rest/v1/targetGrpcProxies' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'compute#operation' - path: 'name' - base_url: 'projects/{{project}}/global/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::Time - name: 'creationTimestamp' - description: 'Creation timestamp in RFC3339 text format.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the resource. Provided by the client when the resource - is created. The name must be 1-63 characters long, and comply - with RFC1035. Specifically, the name must be 1-63 characters long - and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which - means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: 'An optional description of this resource.' - - !ruby/object:Api::Type::String - name: 'selfLinkWithId' - description: 'Server-defined URL with id for the resource.' - output: true - - !ruby/object:Api::Type::String - name: 'urlMap' - description: | - URL to the UrlMap resource that defines the mapping from URL to - the BackendService. The protocol field in the BackendService - must be set to GRPC. - input: true - update_id: 'urlMap' - fingerprint_name: 'fingerprint' - - !ruby/object:Api::Type::Boolean - name: 'validateForProxyless' - input: true - description: | - If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to - - !ruby/object:Api::Type::Fingerprint - name: 'fingerprint' - description: | - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. diff --git a/mmv1/products/compute/product.yaml b/mmv1/products/compute/product.yaml new file mode 100644 index 000000000000..8d9fd06ef595 --- /dev/null +++ b/mmv1/products/compute/product.yaml @@ -0,0 +1,31 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# TODO(nelsonjr): Make all Zone and Region resource ref + +--- !ruby/object:Api::Product +name: Compute +display_name: Compute Engine +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://compute.googleapis.com/compute/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://compute.googleapis.com/compute/beta/ +scopes: + - https://www.googleapis.com/auth/compute +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Compute Engine API + url: https://console.cloud.google.com/apis/library/compute.googleapis.com/ diff --git a/mmv1/products/compute/terraform.yaml b/mmv1/products/compute/terraform.yaml index a816ec2bd58a..6d97b266e7e0 100644 --- a/mmv1/products/compute/terraform.yaml +++ b/mmv1/products/compute/terraform.yaml @@ -672,7 +672,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' default_value: 'pd-standard' name: !ruby/object:Overrides::Terraform::PropertyOverride - input: true + immutable: true licenses: !ruby/object:Overrides::Terraform::PropertyOverride exclude: true labelFingerprint: !ruby/object:Overrides::Terraform::PropertyOverride @@ -814,7 +814,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides # for a user to wind up in a broken state if they switch a rule from # being ingress to egress without examining the diff carefully. # See terraform issue #2713 for more context. - input: true + immutable: true logConfig: !ruby/object:Overrides::Terraform::PropertyOverride description: | This field denotes the logging options for a particular firewall rule. @@ -2150,7 +2150,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' default_value: 'pd-standard' name: !ruby/object:Overrides::Terraform::PropertyOverride - input: true + immutable: true licenses: !ruby/object:Overrides::Terraform::PropertyOverride exclude: true labelFingerprint: !ruby/object:Overrides::Terraform::PropertyOverride @@ -2449,33 +2449,33 @@ overrides: !ruby/object:Overrides::ResourceOverrides name: "resource_policy_basic" primary_resource_id: "foo" vars: - name: "policy" + name: "gce-policy" - !ruby/object:Provider::Terraform::Examples name: "resource_policy_full" primary_resource_id: "bar" vars: - name: "policy" + name: "gce-policy" - !ruby/object:Provider::Terraform::Examples name: "resource_policy_placement_policy" primary_resource_id: "baz" vars: - name: "policy" + name: "gce-policy" - !ruby/object:Provider::Terraform::Examples name: "resource_policy_placement_policy_max_distance" min_version: "beta" primary_resource_id: "baz" vars: - name: "policy" + name: "gce-policy" - !ruby/object:Provider::Terraform::Examples name: "resource_policy_instance_schedule_policy" primary_resource_id: "hourly" vars: - name: "policy" + name: "gce-policy" - !ruby/object:Provider::Terraform::Examples name: "resource_policy_snapshot_schedule_chain_name" primary_resource_id: "hourly" vars: - name: "policy" + name: "gce-policy" properties: region: !ruby/object:Overrides::Terraform::PropertyOverride required: false diff --git a/mmv1/products/containeranalysis/Note.yaml b/mmv1/products/containeranalysis/Note.yaml new file mode 100644 index 000000000000..bd533d2653fc --- /dev/null +++ b/mmv1/products/containeranalysis/Note.yaml @@ -0,0 +1,123 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Note' +base_url: projects/{{project}}/notes?noteId={{name}} +self_link: projects/{{project}}/notes/{{name}} +update_verb: :PATCH +update_mask: true +description: | + A Container Analysis note is a high-level piece of metadata that + describes a type of analysis that can be done for a resource. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/container-analysis/' + 'Creating Attestations (Occurrences)': 'https://cloud.google.com/binary-authorization/docs/making-attestations' + api: 'https://cloud.google.com/container-analysis/api/reference/rest/' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The name of the note. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: shortDescription + description: | + A one sentence description of the note. + - !ruby/object:Api::Type::String + name: longDescription + description: | + A detailed description of the note + - !ruby/object:Api::Type::Enum + name: 'kind' + description: | + The type of analysis this note describes + values: + - NOTE_KIND_UNSPECIFIED + - VULNERABILITY + - BUILD + - IMAGE + - PACKAGE + - DEPLOYMENT + - DISCOVERY + - ATTESTATION + - UPGRADE + output: true + - !ruby/object:Api::Type::Array + name: relatedUrl + description: | + URLs associated with this note and related metadata. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: url + description: | + Specific URL associated with the resource. + required: true + - !ruby/object:Api::Type::String + name: label + description: | + Label to describe usage of the URL + - !ruby/object:Api::Type::Time + name: expirationTime + description: | + Time of expiration for this note. Leave empty if note does not expire. + - !ruby/object:Api::Type::Time + name: createTime + description: The time this note was created. + output: true + - !ruby/object:Api::Type::Time + name: updateTime + description: The time this note was last updated. + output: true + - !ruby/object:Api::Type::Array + name: relatedNoteNames + description: | + Names of other notes related to this note. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: attestationAuthority + description: | + Note kind that represents a logical attestation "role" or "authority". + For example, an organization might have one AttestationAuthority for + "QA" and one for "build". This Note is intended to act strictly as a + grouping mechanism for the attached Occurrences (Attestations). This + grouping mechanism also provides a security boundary, since IAM ACLs + gate the ability for a principle to attach an Occurrence to a given + Note. It also provides a single point of lookup to find all attached + Attestation Occurrences, even if they don't all live in the same + project. + required: true + properties: + - !ruby/object:Api::Type::NestedObject + name: hint + description: | + This submessage provides human-readable hints about the purpose of + the AttestationAuthority. Because the name of a Note acts as its + resource reference, it is important to disambiguate the canonical + name of the Note (which might be a UUID for security purposes) + from "readable" names more suitable for debug output. Note that + these hints should NOT be used to look up AttestationAuthorities + in security sensitive contexts, such as when looking up + Attestations to verify. + required: true + properties: + - !ruby/object:Api::Type::String + name: humanReadableName + description: | + The human readable name of this Attestation Authority, for + example "qa". + required: true + diff --git a/mmv1/products/containeranalysis/Occurrence.yaml b/mmv1/products/containeranalysis/Occurrence.yaml new file mode 100644 index 000000000000..e9f69f1610cc --- /dev/null +++ b/mmv1/products/containeranalysis/Occurrence.yaml @@ -0,0 +1,123 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Occurrence' +base_url: projects/{{project}}/occurrences +self_link: projects/{{project}}/occurrences/{{name}} +update_verb: :PATCH +update_mask: true +description: | + An occurrence is an instance of a Note, or type of analysis that + can be done for a resource. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/container-analysis/' + api: 'https://cloud.google.com/container-analysis/api/reference/rest/' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The name of the occurrence. + output: true + - !ruby/object:Api::Type::String + name: resourceUri + description: | + Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: noteName + description: | + The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: kind + description: | + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + output: true + - !ruby/object:Api::Type::String + name: remediation + description: | + A description of actions that can be taken to remedy the note. + - !ruby/object:Api::Type::Time + name: createTime + description: The time when the repository was created. + output: true + - !ruby/object:Api::Type::Time + name: updateTime + description: The time when the repository was last updated. + output: true + - !ruby/object:Api::Type::NestedObject + name: attestation + description: | + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + required: true + properties: + - !ruby/object:Api::Type::String + name: serializedPayload + description: | + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + required: true + - !ruby/object:Api::Type::Array + name: signatures + description: | + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: signature + description: | + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + - !ruby/object:Api::Type::String + name: publicKeyId + required: true + description: | + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA` + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" + diff --git a/mmv1/products/containeranalysis/api.yaml b/mmv1/products/containeranalysis/api.yaml deleted file mode 100644 index ff8d62a82f3c..000000000000 --- a/mmv1/products/containeranalysis/api.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: ContainerAnalysis -display_name: Container Registry -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://containeranalysis.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://containeranalysis.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: 'Note' - base_url: projects/{{project}}/notes?noteId={{name}} - self_link: projects/{{project}}/notes/{{name}} - update_verb: :PATCH - update_mask: true - description: | - A Container Analysis note is a high-level piece of metadata that - describes a type of analysis that can be done for a resource. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/container-analysis/' - 'Creating Attestations (Occurrences)': 'https://cloud.google.com/binary-authorization/docs/making-attestations' - api: 'https://cloud.google.com/container-analysis/api/reference/rest/' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The name of the note. - required: true - input: true - - !ruby/object:Api::Type::String - name: shortDescription - description: | - A one sentence description of the note. - - !ruby/object:Api::Type::String - name: longDescription - description: | - A detailed description of the note - - !ruby/object:Api::Type::Enum - name: 'kind' - description: | - The type of analysis this note describes - values: - - NOTE_KIND_UNSPECIFIED - - VULNERABILITY - - BUILD - - IMAGE - - PACKAGE - - DEPLOYMENT - - DISCOVERY - - ATTESTATION - - UPGRADE - output: true - - !ruby/object:Api::Type::Array - name: relatedUrl - description: | - URLs associated with this note and related metadata. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: url - description: | - Specific URL associated with the resource. - required: true - - !ruby/object:Api::Type::String - name: label - description: | - Label to describe usage of the URL - - !ruby/object:Api::Type::Time - name: expirationTime - description: | - Time of expiration for this note. Leave empty if note does not expire. - - !ruby/object:Api::Type::Time - name: createTime - description: The time this note was created. - output: true - - !ruby/object:Api::Type::Time - name: updateTime - description: The time this note was last updated. - output: true - - !ruby/object:Api::Type::Array - name: relatedNoteNames - description: | - Names of other notes related to this note. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: attestationAuthority - description: | - Note kind that represents a logical attestation "role" or "authority". - For example, an organization might have one AttestationAuthority for - "QA" and one for "build". This Note is intended to act strictly as a - grouping mechanism for the attached Occurrences (Attestations). This - grouping mechanism also provides a security boundary, since IAM ACLs - gate the ability for a principle to attach an Occurrence to a given - Note. It also provides a single point of lookup to find all attached - Attestation Occurrences, even if they don't all live in the same - project. - required: true - properties: - - !ruby/object:Api::Type::NestedObject - name: hint - description: | - This submessage provides human-readable hints about the purpose of - the AttestationAuthority. Because the name of a Note acts as its - resource reference, it is important to disambiguate the canonical - name of the Note (which might be a UUID for security purposes) - from "readable" names more suitable for debug output. Note that - these hints should NOT be used to look up AttestationAuthorities - in security sensitive contexts, such as when looking up - Attestations to verify. - required: true - properties: - - !ruby/object:Api::Type::String - name: humanReadableName - description: | - The human readable name of this Attestation Authority, for - example "qa". - required: true - - - !ruby/object:Api::Resource - name: 'Occurrence' - base_url: projects/{{project}}/occurrences - self_link: projects/{{project}}/occurrences/{{name}} - update_verb: :PATCH - update_mask: true - description: | - An occurrence is an instance of a Note, or type of analysis that - can be done for a resource. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/container-analysis/' - api: 'https://cloud.google.com/container-analysis/api/reference/rest/' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The name of the occurrence. - output: true - - !ruby/object:Api::Type::String - name: resourceUri - description: | - Required. Immutable. A URI that represents the resource for which - the occurrence applies. For example, - https://gcr.io/project/image@sha256:123abc for a Docker image. - required: true - input: true - - !ruby/object:Api::Type::String - name: noteName - description: | - The analysis note associated with this occurrence, in the form of - projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a - filter in list requests. - required: true - input: true - - !ruby/object:Api::Type::String - name: kind - description: | - The note kind which explicitly denotes which of the occurrence - details are specified. This field can be used as a filter in list - requests. - output: true - - !ruby/object:Api::Type::String - name: remediation - description: | - A description of actions that can be taken to remedy the note. - - !ruby/object:Api::Type::Time - name: createTime - description: The time when the repository was created. - output: true - - !ruby/object:Api::Type::Time - name: updateTime - description: The time when the repository was last updated. - output: true - - !ruby/object:Api::Type::NestedObject - name: attestation - description: | - Occurrence that represents a single "attestation". The authenticity - of an attestation can be verified using the attached signature. - If the verifier trusts the public key of the signer, then verifying - the signature is sufficient to establish trust. In this circumstance, - the authority to which this attestation is attached is primarily - useful for lookup (how to find this attestation if you already - know the authority and artifact to be verified) and intent (for - which authority this attestation was intended to sign. - required: true - properties: - - !ruby/object:Api::Type::String - name: serializedPayload - description: | - The serialized payload that is verified by one or - more signatures. A base64-encoded string. - required: true - - !ruby/object:Api::Type::Array - name: signatures - description: | - One or more signatures over serializedPayload. - Verifier implementations should consider this attestation - message verified if at least one signature verifies - serializedPayload. See Signature in common.proto for more - details on signature structure and verification. - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: signature - description: | - The content of the signature, an opaque bytestring. - The payload that this signature verifies MUST be - unambiguously provided with the Signature during - verification. A wrapper message might provide the - payload explicitly. Alternatively, a message might - have a canonical serialization that can always be - unambiguously computed to derive the payload. - - !ruby/object:Api::Type::String - name: publicKeyId - required: true - description: | - The identifier for the public key that verifies this - signature. MUST be an RFC3986 conformant - URI. * When possible, the key id should be an - immutable reference, such as a cryptographic digest. - Examples of valid values: - - * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr - for more details on this scheme. - * `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA` - * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): - * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" diff --git a/mmv1/products/containeranalysis/product.yaml b/mmv1/products/containeranalysis/product.yaml new file mode 100644 index 000000000000..77ff9e749e7d --- /dev/null +++ b/mmv1/products/containeranalysis/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: ContainerAnalysis +display_name: Container Registry +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://containeranalysis.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://containeranalysis.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/containerattached/Cluster.yaml b/mmv1/products/containerattached/Cluster.yaml new file mode 100644 index 000000000000..400cd761f61d --- /dev/null +++ b/mmv1/products/containerattached/Cluster.yaml @@ -0,0 +1,265 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Cluster' +base_url: projects/{{project}}/locations/{{location}}/attachedClusters +create_url: projects/{{project}}/locations/{{location}}/attachedClusters?attached_cluster_id={{name}} +delete_url: projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} +update_url: projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} +self_link: projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} +update_verb: :PATCH +update_mask: true +delete_verb: :DELETE +description: | + An Anthos cluster running on customer owned infrastructure. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'API reference': 'https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters' + 'Multicloud overview': 'https://cloud.google.com/anthos/clusters/docs/multi-cloud' + api: 'https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + full_url: 'https://{{location}}-gkemulticloud.googleapis.com/v1/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: 'true' + allowed: + - 'true' + - 'false' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: location + description: | + The location for the resource + immutable: true + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: name + description: | + The name of this resource. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: description + description: | + A human readable description of this attached cluster. Cannot be longer + than 255 UTF-8 encoded bytes. + - !ruby/object:Api::Type::NestedObject + name: oidcConfig + description: | + OIDC discovery information of the target cluster. + + Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster + API server. This fields indicates how GCP services + validate KSA tokens in order to allow system workloads (such as GKE Connect + and telemetry agents) to authenticate back to GCP. + + Both clusters with public and private issuer URLs are supported. + Clusters with public issuers only need to specify the `issuer_url` field + while clusters with private issuers need to provide both + `issuer_url` and `jwks`. + required: true + properties: + - !ruby/object:Api::Type::String + name: issuerUrl + description: | + A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` + required: true + immutable: true + - !ruby/object:Api::Type::String + name: jwks + description: | + OIDC verification keys in JWKS format (RFC 7517). + immutable: true + - !ruby/object:Api::Type::String + name: platformVersion + description: | + The platform version for the cluster (e.g. `1.23.0-gke.1`). + required: true + - !ruby/object:Api::Type::String + name: distribution + description: | + The Kubernetes distribution of the underlying attached cluster. Supported values: + "eks", "aks". + required: true + immutable: true + - !ruby/object:Api::Type::String + name: clusterRegion + description: | + Output only. The region where this cluster runs. + + For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region. + output: true + - !ruby/object:Api::Type::NestedObject + name: fleet + description: | + Fleet configuration. + required: true + properties: + - !ruby/object:Api::Type::String + name: membership + description: | + The name of the managed Hub Membership resource associated to this + cluster. Membership names are formatted as + projects//locations/global/membership/. + output: true + - !ruby/object:Api::Type::String + name: project + description: | + The number of the Fleet host project where this cluster will be registered. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: state + description: | + The current state of the cluster. Possible values: + STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, + DEGRADED + output: true + - !ruby/object:Api::Type::String + name: uid + description: | + A globally unique identifier for the cluster. + output: true + - !ruby/object:Api::Type::Boolean + name: reconciling + description: | + If set, there are currently changes in flight to the cluster. + output: true + - !ruby/object:Api::Type::String + name: createTime + description: | + Output only. The time at which this cluster was created. + output: true + - !ruby/object:Api::Type::String + name: updateTime + description: | + The time at which this cluster was last updated. + output: true + - !ruby/object:Api::Type::String + name: kubernetesVersion + description: | + The Kubernetes version of the cluster. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: annotations + description: | + Optional. Annotations on the cluster. This field has the same + restrictions as Kubernetes annotations. The total size of all keys and + values combined is limited to 256k. Key can have 2 segments: prefix (optional) + and name (required), separated by a slash (/). Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + - !ruby/object:Api::Type::NestedObject + name: workloadIdentityConfig + description: | + Workload Identity settings. + output: true + properties: + - !ruby/object:Api::Type::String + name: identityProvider + description: | + The ID of the OIDC Identity Provider (IdP) associated to + the Workload Identity Pool. + - !ruby/object:Api::Type::String + name: issuerUri + description: | + The OIDC issuer URL for this cluster. + - !ruby/object:Api::Type::String + name: workloadPool + description: | + The Workload Identity Pool associated to the cluster. + - !ruby/object:Api::Type::NestedObject + name: loggingConfig + description: | + Logging configuration. + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::NestedObject + name: componentConfig + description: | + The configuration of the logging components + send_empty_value: true + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Array + name: enableComponents + description: | + The components to be enabled. + send_empty_value: true + allow_empty_object: true + item_type: !ruby/object:Api::Type::Enum + name: 'component' + description: | + The components of the logging configuration. + values: + - :SYSTEM_COMPONENTS + - :WORKLOADS + - !ruby/object:Api::Type::Array + name: errors + description: | + A set of errors found in the cluster. + output: true + item_type: !ruby/object:Api::Type::NestedObject + name: attachedClusterError + description: | + Describes errors found on attached clusters. + properties: + - !ruby/object:Api::Type::String + name: message + description: | + Human-friendly description of the error. + - !ruby/object:Api::Type::NestedObject + name: authorization + description: | + Configuration related to the cluster RBAC settings. + properties: + - !ruby/object:Api::Type::Array + name: adminUsers + description: | + Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the users. Up to ten admin users can be provided. + + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: monitoringConfig + description: | + Monitoring configuration. + allow_empty_object: true + properties: + - !ruby/object:Api::Type::NestedObject + name: managedPrometheusConfig + description: | + Enable Google Cloud Managed Service for Prometheus in the cluster. + allow_empty_object: true + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + description: | + Enable Managed Collection. + diff --git a/mmv1/products/containerattached/api.yaml b/mmv1/products/containerattached/api.yaml deleted file mode 100644 index 206cd7e200d1..000000000000 --- a/mmv1/products/containerattached/api.yaml +++ /dev/null @@ -1,274 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: ContainerAttached -display_name: ContainerAttached -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://{{location}}-gkemulticloud.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: 'Cluster' - base_url: projects/{{project}}/locations/{{location}}/attachedClusters - create_url: projects/{{project}}/locations/{{location}}/attachedClusters?attached_cluster_id={{name}} - delete_url: projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} - update_url: projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} - self_link: projects/{{project}}/locations/{{location}}/attachedClusters/{{name}} - update_verb: :PATCH - update_mask: true - delete_verb: :DELETE - description: | - An Anthos cluster running on customer owned infrastructure. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'API reference': 'https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest/v1/projects.locations.attachedClusters' - 'Multicloud overview': 'https://cloud.google.com/anthos/clusters/docs/multi-cloud' - api: 'https://cloud.google.com/anthos/clusters/docs/multi-cloud/reference/rest' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - full_url: 'https://{{location}}-gkemulticloud.googleapis.com/v1/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: 'true' - allowed: - - 'true' - - 'false' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: location - description: | - The location for the resource - input: true - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: name - description: | - The name of this resource. - required: true - input: true - - !ruby/object:Api::Type::String - name: description - description: | - A human readable description of this attached cluster. Cannot be longer - than 255 UTF-8 encoded bytes. - - !ruby/object:Api::Type::NestedObject - name: oidcConfig - description: | - OIDC discovery information of the target cluster. - - Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster - API server. This fields indicates how GCP services - validate KSA tokens in order to allow system workloads (such as GKE Connect - and telemetry agents) to authenticate back to GCP. - - Both clusters with public and private issuer URLs are supported. - Clusters with public issuers only need to specify the `issuer_url` field - while clusters with private issuers need to provide both - `issuer_url` and `jwks`. - required: true - properties: - - !ruby/object:Api::Type::String - name: issuerUrl - description: | - A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` - required: true - input: true - - !ruby/object:Api::Type::String - name: jwks - description: | - OIDC verification keys in JWKS format (RFC 7517). - input: true - - !ruby/object:Api::Type::String - name: platformVersion - description: | - The platform version for the cluster (e.g. `1.23.0-gke.1`). - required: true - - !ruby/object:Api::Type::String - name: distribution - description: | - The Kubernetes distribution of the underlying attached cluster. Supported values: - "eks", "aks". - required: true - input: true - - !ruby/object:Api::Type::String - name: clusterRegion - description: | - Output only. The region where this cluster runs. - - For EKS clusters, this is an AWS region. For AKS clusters, - this is an Azure region. - output: true - - !ruby/object:Api::Type::NestedObject - name: fleet - description: | - Fleet configuration. - required: true - properties: - - !ruby/object:Api::Type::String - name: membership - description: | - The name of the managed Hub Membership resource associated to this - cluster. Membership names are formatted as - projects//locations/global/membership/. - output: true - - !ruby/object:Api::Type::String - name: project - description: | - The number of the Fleet host project where this cluster will be registered. - required: true - input: true - - !ruby/object:Api::Type::String - name: state - description: | - The current state of the cluster. Possible values: - STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, - DEGRADED - output: true - - !ruby/object:Api::Type::String - name: uid - description: | - A globally unique identifier for the cluster. - output: true - - !ruby/object:Api::Type::Boolean - name: reconciling - description: | - If set, there are currently changes in flight to the cluster. - output: true - - !ruby/object:Api::Type::String - name: createTime - description: | - Output only. The time at which this cluster was created. - output: true - - !ruby/object:Api::Type::String - name: updateTime - description: | - The time at which this cluster was last updated. - output: true - - !ruby/object:Api::Type::String - name: kubernetesVersion - description: | - The Kubernetes version of the cluster. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: annotations - description: | - Optional. Annotations on the cluster. This field has the same - restrictions as Kubernetes annotations. The total size of all keys and - values combined is limited to 256k. Key can have 2 segments: prefix (optional) - and name (required), separated by a slash (/). Prefix must be a DNS subdomain. - Name must be 63 characters or less, begin and end with alphanumerics, - with dashes (-), underscores (_), dots (.), and alphanumerics between. - - !ruby/object:Api::Type::NestedObject - name: workloadIdentityConfig - description: | - Workload Identity settings. - output: true - properties: - - !ruby/object:Api::Type::String - name: identityProvider - description: | - The ID of the OIDC Identity Provider (IdP) associated to - the Workload Identity Pool. - - !ruby/object:Api::Type::String - name: issuerUri - description: | - The OIDC issuer URL for this cluster. - - !ruby/object:Api::Type::String - name: workloadPool - description: | - The Workload Identity Pool associated to the cluster. - - !ruby/object:Api::Type::NestedObject - name: loggingConfig - description: | - Logging configuration. - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::NestedObject - name: componentConfig - description: | - The configuration of the logging components - send_empty_value: true - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Array - name: enableComponents - description: | - The components to be enabled. - send_empty_value: true - allow_empty_object: true - item_type: !ruby/object:Api::Type::Enum - name: 'component' - description: | - The components of the logging configuration. - values: - - :SYSTEM_COMPONENTS - - :WORKLOADS - - !ruby/object:Api::Type::Array - name: errors - description: | - A set of errors found in the cluster. - output: true - item_type: !ruby/object:Api::Type::NestedObject - name: attachedClusterError - description: | - Describes errors found on attached clusters. - properties: - - !ruby/object:Api::Type::String - name: message - description: | - Human-friendly description of the error. - - !ruby/object:Api::Type::NestedObject - name: authorization - description: | - Configuration related to the cluster RBAC settings. - properties: - - !ruby/object:Api::Type::Array - name: adminUsers - description: | - Users that can perform operations as a cluster admin. A managed - ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole - to the users. Up to ten admin users can be provided. - - For more info on RBAC, see - https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: monitoringConfig - description: | - Monitoring configuration. - allow_empty_object: true - properties: - - !ruby/object:Api::Type::NestedObject - name: managedPrometheusConfig - description: | - Enable Google Cloud Managed Service for Prometheus in the cluster. - allow_empty_object: true - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - description: | - Enable Managed Collection. diff --git a/mmv1/products/containerattached/product.yaml b/mmv1/products/containerattached/product.yaml new file mode 100644 index 000000000000..0e71355cc381 --- /dev/null +++ b/mmv1/products/containerattached/product.yaml @@ -0,0 +1,22 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: ContainerAttached +display_name: ContainerAttached +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://{{location}}-gkemulticloud.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/datacatalog/Entry.yaml b/mmv1/products/datacatalog/Entry.yaml new file mode 100644 index 000000000000..1a22e449b4c3 --- /dev/null +++ b/mmv1/products/datacatalog/Entry.yaml @@ -0,0 +1,213 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Entry +base_url: '{{entry_group}}/entries' +create_url: '{{entry_group}}/entries?entryId={{entry_id}}' +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +description: | + Entry Metadata. A Data Catalog Entry resource represents another resource in Google Cloud Platform + (such as a BigQuery dataset or a Pub/Sub topic) or outside of Google Cloud Platform. Clients can use + the linkedResource field in the Entry resource to refer to the original resource ID of the source system. + + An Entry resource contains resource details, such as its schema. An Entry can also be used to attach + flexible metadata, such as a Tag. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': https://cloud.google.com/data-catalog/docs + api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries +parameters: + - !ruby/object:Api::Type::String + name: entryGroup + required: true + url_param_only: true + immutable: true + description: | + The name of the entry group this entry is in. + - !ruby/object:Api::Type::String + name: entryId + required: true + url_param_only: true + immutable: true + description: | + The id of the entry to create. +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + output: true + - !ruby/object:Api::Type::String + name: linkedResource + description: | + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. + - !ruby/object:Api::Type::String + name: displayName + description: | + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + - !ruby/object:Api::Type::String + name: description + description: | + Entry description, which can consist of several sentences or paragraphs that describe entry contents. + - !ruby/object:Api::Type::String + # This is a string instead of a NestedObject because schemas contain ColumnSchemas, which can contain nested ColumnSchemas. + # We'll have people provide the json blob for the schema instead. + name: schema + description: | + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + - !ruby/object:Api::Type::Enum + name: type + description: | + The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. + values: + - :FILESET + immutable: true + exactly_one_of: + - type + - user_specified_type + - !ruby/object:Api::Type::String + name: userSpecifiedType + description: | + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + exactly_one_of: + - type + - user_specified_type + - !ruby/object:Api::Type::String + name: integratedSystem + description: | + This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub. + output: true + - !ruby/object:Api::Type::String + name: userSpecifiedSystem + description: | + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + - !ruby/object:Api::Type::NestedObject + name: gcsFilesetSpec + description: | + Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET. + properties: + - !ruby/object:Api::Type::Array + name: filePatterns + description: | + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt + required: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: sampleGcsFileSpecs + description: | + Sample files contained in this fileset, not all files contained in this fileset are represented here. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: filePath + description: | + The full file path + output: true + - !ruby/object:Api::Type::Integer + name: sizeBytes + description: | + The size of the file, in bytes. + output: true + - !ruby/object:Api::Type::NestedObject + name: bigqueryTableSpec + description: | + Specification that applies to a BigQuery table. This is only valid on entries of type TABLE. + output: true + properties: + - !ruby/object:Api::Type::String + name: tableSourceType + description: | + The table source type. + output: true + - !ruby/object:Api::Type::NestedObject + name: viewSpec + description: | + Table view specification. This field should only be populated if tableSourceType is BIGQUERY_VIEW. + output: true + properties: + - !ruby/object:Api::Type::String + name: viewQuery + description: | + The query that defines the table view. + output: true + - !ruby/object:Api::Type::NestedObject + name: tableSpec + description: | + Spec of a BigQuery table. This field should only be populated if tableSourceType is BIGQUERY_TABLE. + output: true + properties: + - !ruby/object:Api::Type::String + name: groupedEntry + description: | + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + output: true + - !ruby/object:Api::Type::NestedObject + name: bigqueryDateShardedSpec + description: | + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + output: true + properties: + - !ruby/object:Api::Type::String + name: dataset + description: | + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId} + output: true + - !ruby/object:Api::Type::String + name: tablePrefix + description: | + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + output: true + - !ruby/object:Api::Type::Integer + name: shardCount + description: | + Total number of shards. + output: true diff --git a/mmv1/products/datacatalog/EntryGroup.yaml b/mmv1/products/datacatalog/EntryGroup.yaml new file mode 100644 index 000000000000..9fe31dcbe938 --- /dev/null +++ b/mmv1/products/datacatalog/EntryGroup.yaml @@ -0,0 +1,61 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: EntryGroup +base_url: projects/{{project}}/locations/{{region}}/entryGroups +create_url: projects/{{project}}/locations/{{region}}/entryGroups?entryGroupId={{entry_group_id}} +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +description: | + An EntryGroup resource represents a logical grouping of zero or more Data Catalog Entry resources. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': https://cloud.google.com/data-catalog/docs + api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'entry_group' + import_format: ["projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}", "{{entry_group}}"] + base_url: projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} +parameters: + - !ruby/object:Api::Type::String + name: region + url_param_only: true + immutable: true + description: | + EntryGroup location region. + - !ruby/object:Api::Type::String + name: entryGroupId + required: true + url_param_only: true + immutable: true + description: | + The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId} + output: true + - !ruby/object:Api::Type::String + name: displayName + description: | + A short name to identify the entry group, for example, "analytics data - jan 2011". + - !ruby/object:Api::Type::String + name: description + description: | + Entry group description, which can consist of several sentences or paragraphs that describe entry group contents. diff --git a/mmv1/products/datacatalog/PolicyTag.yaml b/mmv1/products/datacatalog/PolicyTag.yaml new file mode 100644 index 000000000000..a8ab0b99d483 --- /dev/null +++ b/mmv1/products/datacatalog/PolicyTag.yaml @@ -0,0 +1,74 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: PolicyTag +base_url: "{{taxonomy}}/policyTags" +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +description: | + Denotes one policy tag in a taxonomy. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': https://cloud.google.com/data-catalog/docs + api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies.policyTags +iam_policy: !ruby/object:Api::Resource::IamPolicy + skip_import_test: true + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'policy_tag' + import_format: ["{{%policy_tag}}"] + base_url: "{{%policy_tag}}" +parameters: + - !ruby/object:Api::Type::String + name: taxonomy + url_param_only: true + required: true + immutable: true + description: | + Taxonomy the policy tag is associated with +properties: + - !ruby/object:Api::Type::String + name: "name" + description: | + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}" + output: true + - !ruby/object:Api::Type::String + name: "displayName" + description: | + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + required: true + - !ruby/object:Api::Type::String + name: "description" + description: | + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + - !ruby/object:Api::Type::String + name: "parentPolicyTag" + description: | + Resource name of this policy tag's parent policy tag. + If empty, it means this policy tag is a top level policy tag. + If not set, defaults to an empty string. + - !ruby/object:Api::Type::Array + name: "childPolicyTags" + description: | + Resource names of child policy tags of this policy tag. + item_type: Api::Type::String + output: true + diff --git a/mmv1/products/datacatalog/Tag.yaml b/mmv1/products/datacatalog/Tag.yaml new file mode 100644 index 000000000000..647d7e25d320 --- /dev/null +++ b/mmv1/products/datacatalog/Tag.yaml @@ -0,0 +1,120 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Tag +base_url: '{{parent}}/tags' +self_link: '{{name}}' +update_url: '{{name}}' +update_verb: :PATCH +update_mask: true +self_link: '{{parent}}/tags' +delete_url: '{{name}}' +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - tags +description: | + Tags are used to attach custom metadata to Data Catalog resources. Tags conform to the specifications within their tag template. + + See [Data Catalog IAM](https://cloud.google.com/data-catalog/docs/concepts/iam) for information on the permissions needed to create or view tags. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': https://cloud.google.com/data-catalog/docs + api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.tags +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + output: true + - !ruby/object:Api::Type::String + name: template + description: | + The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: templateDisplayName + description: | + The display name of the tag template. + output: true + - !ruby/object:Api::Type::Map + name: fields + description: | + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + required: true + key_name: field_name + value_type: !ruby/object:Api::Type::NestedObject + name: field_value + properties: + - !ruby/object:Api::Type::String + name: display_name + description: | + The display name of this field + output: true + - !ruby/object:Api::Type::Integer + name: order + description: | + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + output: true + - !ruby/object:Api::Type::Double + name: doubleValue + description: | + Holds the value for a tag field with double type. + - !ruby/object:Api::Type::String + name: stringValue + description: | + Holds the value for a tag field with string type. + - !ruby/object:Api::Type::Boolean + name: boolValue + send_empty_value: true + description: | + Holds the value for a tag field with boolean type. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + Holds the value for a tag field with timestamp type. + - !ruby/object:Api::Type::NestedObject + name: enumValue + description: | + Holds the value for a tag field with enum type. This value must be one of the allowed values in the definition of this enum. + properties: + - !ruby/object:Api::Type::String + name: displayName + description: | + The display name of the enum value. + required: true + - !ruby/object:Api::Type::String + name: column + description: | + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use `.` to separate the column names. Example: + `outer_column.inner_column` diff --git a/mmv1/products/datacatalog/TagTemplate.yaml b/mmv1/products/datacatalog/TagTemplate.yaml new file mode 100644 index 000000000000..941655e00e19 --- /dev/null +++ b/mmv1/products/datacatalog/TagTemplate.yaml @@ -0,0 +1,131 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: TagTemplate +base_url: projects/{{project}}/locations/{{region}}/tagTemplates +self_link: "{{name}}" +create_url: projects/{{project}}/locations/{{region}}/tagTemplates?tagTemplateId={{tag_template_id}} +delete_url: "{{name}}?force={{force_delete}}" +update_verb: :PATCH +description: | + A tag template defines a tag, which can have one or more typed fields. + The template is used to create and attach the tag to GCP resources. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': https://cloud.google.com/data-catalog/docs + api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.tagTemplates +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'tag_template' + import_format: ["projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}", "{{tag_template}}"] + base_url: projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} +parameters: + - !ruby/object:Api::Type::String + name: region + url_param_only: true + immutable: true + description: | + Template location region. + - !ruby/object:Api::Type::String + name: tagTemplateId + required: true + url_param_only: true + immutable: true + description: | + The id of the tag template to create. + - !ruby/object:Api::Type::Boolean + name: forceDelete + default_value: false + url_param_only: true + description: | + This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template. +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + output: true + - !ruby/object:Api::Type::String + name: displayName + description: | + The display name for this template. + - !ruby/object:Api::Type::Map + name: fields + description: | + Map of tag template field IDs to the settings for the field. This map is an exhaustive list of the allowed fields. This map must contain at least one field and at most 500 fields. + required: true + key_name: field_id + value_type: !ruby/object:Api::Type::NestedObject + name: field + properties: + - !ruby/object:Api::Type::String + name: name + description: | + The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field} + output: true + - !ruby/object:Api::Type::String + name: displayName + description: | + The display name for this field. + - !ruby/object:Api::Type::String + name: description + description: | + A description for this field. + - !ruby/object:Api::Type::NestedObject + name: type + description: | + The type of value this tag field can contain. + required: true + properties: + - !ruby/object:Api::Type::Enum + name: primitiveType + description: | + Represents primitive types - string, bool etc. + values: + - :DOUBLE + - :STRING + - :BOOL + - :TIMESTAMP + - !ruby/object:Api::Type::NestedObject + name: enumType + description: | + Represents an enum type. + properties: + - !ruby/object:Api::Type::Array + name: allowedValues + description: | + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: displayName + description: | + The display name of the enum value. + required: true + - !ruby/object:Api::Type::Boolean + name: isRequired + description: | + Whether this is a required field. Defaults to false. + - !ruby/object:Api::Type::Integer + name: order + description: | + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. diff --git a/mmv1/products/datacatalog/Taxonomy.yaml b/mmv1/products/datacatalog/Taxonomy.yaml new file mode 100644 index 000000000000..2485a1854050 --- /dev/null +++ b/mmv1/products/datacatalog/Taxonomy.yaml @@ -0,0 +1,71 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Taxonomy +base_url: projects/{{project}}/locations/{{region}}/taxonomies +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +description: | + A collection of policy tags that classify data along a common axis. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': https://cloud.google.com/data-catalog/docs + api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies +iam_policy: !ruby/object:Api::Resource::IamPolicy + skip_import_test: true + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'taxonomy' + import_format: ["projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}", "{{taxonomy}}"] + base_url: "projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}" +parameters: + - !ruby/object:Api::Type::String + name: region + url_param_only: true + immutable: true + description: | + Taxonomy location region. +properties: + - !ruby/object:Api::Type::String + name: "name" + description: | + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + output: true + - !ruby/object:Api::Type::String + name: "displayName" + description: | + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + required: true + - !ruby/object:Api::Type::String + name: "description" + description: | + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + - !ruby/object:Api::Type::Array + name: "activatedPolicyTypes" + description: | + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. + item_type: !ruby/object:Api::Type::Enum # TOOD: should this be enum or string + name: 'policyType' + description: 'Defines policy types where policy tag can be used for' + values: + - :POLICY_TYPE_UNSPECIFIED + - :FINE_GRAINED_ACCESS_CONTROL diff --git a/mmv1/products/datacatalog/api.yaml b/mmv1/products/datacatalog/api.yaml deleted file mode 100644 index 64f26bac6741..000000000000 --- a/mmv1/products/datacatalog/api.yaml +++ /dev/null @@ -1,620 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DataCatalog -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://datacatalog.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://datacatalog.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Google Cloud Data Catalog API - url: https://console.cloud.google.com/apis/library/datacatalog.googleapis.com -objects: - - !ruby/object:Api::Resource - name: EntryGroup - base_url: projects/{{project}}/locations/{{region}}/entryGroups - create_url: projects/{{project}}/locations/{{region}}/entryGroups?entryGroupId={{entry_group_id}} - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - description: | - An EntryGroup resource represents a logical grouping of zero or more Data Catalog Entry resources. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': https://cloud.google.com/data-catalog/docs - api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'entry_group' - import_format: ["projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}", "{{entry_group}}"] - base_url: projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} - parameters: - - !ruby/object:Api::Type::String - name: region - url_param_only: true - input: true - description: | - EntryGroup location region. - - !ruby/object:Api::Type::String - name: entryGroupId - required: true - url_param_only: true - input: true - description: | - The id of the entry group to create. The id must begin with a letter or underscore, - contain only English letters, numbers and underscores, and be at most 64 characters. - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId} - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - A short name to identify the entry group, for example, "analytics data - jan 2011". - - !ruby/object:Api::Type::String - name: description - description: | - Entry group description, which can consist of several sentences or paragraphs that describe entry group contents. - - !ruby/object:Api::Resource - name: Entry - base_url: '{{entry_group}}/entries' - create_url: '{{entry_group}}/entries?entryId={{entry_id}}' - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - description: | - Entry Metadata. A Data Catalog Entry resource represents another resource in Google Cloud Platform - (such as a BigQuery dataset or a Pub/Sub topic) or outside of Google Cloud Platform. Clients can use - the linkedResource field in the Entry resource to refer to the original resource ID of the source system. - - An Entry resource contains resource details, such as its schema. An Entry can also be used to attach - flexible metadata, such as a Tag. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': https://cloud.google.com/data-catalog/docs - api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries - parameters: - - !ruby/object:Api::Type::String - name: entryGroup - required: true - url_param_only: true - input: true - description: | - The name of the entry group this entry is in. - - !ruby/object:Api::Type::String - name: entryId - required: true - url_param_only: true - input: true - description: | - The id of the entry to create. - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The Data Catalog resource name of the entry in URL format. - Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. - Note that this Entry and its child resources may not actually be stored in the location in this name. - output: true - - !ruby/object:Api::Type::String - name: linkedResource - description: | - The resource this metadata entry refers to. - For Google Cloud Platform resources, linkedResource is the full name of the resource. - For example, the linkedResource for a table resource from BigQuery is: - //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId - Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, - this field is optional and defaults to an empty string. - - !ruby/object:Api::Type::String - name: displayName - description: | - Display information such as title and description. A short name to identify the entry, - for example, "Analytics Data - Jan 2011". - - !ruby/object:Api::Type::String - name: description - description: | - Entry description, which can consist of several sentences or paragraphs that describe entry contents. - - !ruby/object:Api::Type::String - # This is a string instead of a NestedObject because schemas contain ColumnSchemas, which can contain nested ColumnSchemas. - # We'll have people provide the json blob for the schema instead. - name: schema - description: | - Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema - attached to it. See - https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema - for what fields this schema can contain. - - !ruby/object:Api::Type::Enum - name: type - description: | - The type of the entry. Only used for Entries with types in the EntryType enum. - Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. - values: - - :FILESET - input: true - exactly_one_of: - - type - - user_specified_type - - !ruby/object:Api::Type::String - name: userSpecifiedType - description: | - Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. - When creating an entry, users should check the enum values first, if nothing matches the entry - to be created, then provide a custom value, for example "my_special_type". - userSpecifiedType strings must begin with a letter or underscore and can only contain letters, - numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. - exactly_one_of: - - type - - user_specified_type - - !ruby/object:Api::Type::String - name: integratedSystem - description: | - This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub. - output: true - - !ruby/object:Api::Type::String - name: userSpecifiedSystem - description: | - This field indicates the entry's source system that Data Catalog does not integrate with. - userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, - and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. - - !ruby/object:Api::Type::NestedObject - name: gcsFilesetSpec - description: | - Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET. - properties: - - !ruby/object:Api::Type::Array - name: filePatterns - description: | - Patterns to identify a set of files in Google Cloud Storage. - See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) - for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: - - * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. - * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. - * gs://bucket_name/file*: matches files prefixed by file in bucket_name - * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name - * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name - * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name - * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b - * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt - required: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: sampleGcsFileSpecs - description: | - Sample files contained in this fileset, not all files contained in this fileset are represented here. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: filePath - description: | - The full file path - output: true - - !ruby/object:Api::Type::Integer - name: sizeBytes - description: | - The size of the file, in bytes. - output: true - - !ruby/object:Api::Type::NestedObject - name: bigqueryTableSpec - description: | - Specification that applies to a BigQuery table. This is only valid on entries of type TABLE. - output: true - properties: - - !ruby/object:Api::Type::String - name: tableSourceType - description: | - The table source type. - output: true - - !ruby/object:Api::Type::NestedObject - name: viewSpec - description: | - Table view specification. This field should only be populated if tableSourceType is BIGQUERY_VIEW. - output: true - properties: - - !ruby/object:Api::Type::String - name: viewQuery - description: | - The query that defines the table view. - output: true - - !ruby/object:Api::Type::NestedObject - name: tableSpec - description: | - Spec of a BigQuery table. This field should only be populated if tableSourceType is BIGQUERY_TABLE. - output: true - properties: - - !ruby/object:Api::Type::String - name: groupedEntry - description: | - If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the - Data Catalog resource name of the date sharded grouped entry, for example, - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. - Otherwise, groupedEntry is empty. - output: true - - !ruby/object:Api::Type::NestedObject - name: bigqueryDateShardedSpec - description: | - Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. - Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. - output: true - properties: - - !ruby/object:Api::Type::String - name: dataset - description: | - The Data Catalog resource name of the dataset entry the current table belongs to, for example, - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId} - output: true - - !ruby/object:Api::Type::String - name: tablePrefix - description: | - The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, - for example, for shard MyTable20180101, the tablePrefix is MyTable. - output: true - - !ruby/object:Api::Type::Integer - name: shardCount - description: | - Total number of shards. - output: true - - !ruby/object:Api::Resource - name: TagTemplate - base_url: projects/{{project}}/locations/{{region}}/tagTemplates - self_link: "{{name}}" - create_url: projects/{{project}}/locations/{{region}}/tagTemplates?tagTemplateId={{tag_template_id}} - delete_url: "{{name}}?force={{force_delete}}" - update_verb: :PATCH - description: | - A tag template defines a tag, which can have one or more typed fields. - The template is used to create and attach the tag to GCP resources. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': https://cloud.google.com/data-catalog/docs - api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.tagTemplates - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'tag_template' - import_format: ["projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}", "{{tag_template}}"] - base_url: projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} - parameters: - - !ruby/object:Api::Type::String - name: region - url_param_only: true - input: true - description: | - Template location region. - - !ruby/object:Api::Type::String - name: tagTemplateId - required: true - url_param_only: true - input: true - description: | - The id of the tag template to create. - - !ruby/object:Api::Type::Boolean - name: forceDelete - default_value: false - url_param_only: true - description: | - This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template. - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - The display name for this template. - - !ruby/object:Api::Type::Map - name: fields - description: | - Map of tag template field IDs to the settings for the field. This map is an exhaustive list of the allowed fields. This map must contain at least one field and at most 500 fields. - required: true - key_name: field_id - value_type: !ruby/object:Api::Type::NestedObject - name: field - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field} - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - The display name for this field. - - !ruby/object:Api::Type::String - name: description - description: | - A description for this field. - - !ruby/object:Api::Type::NestedObject - name: type - description: | - The type of value this tag field can contain. - required: true - properties: - - !ruby/object:Api::Type::Enum - name: primitiveType - description: | - Represents primitive types - string, bool etc. - values: - - :DOUBLE - - :STRING - - :BOOL - - :TIMESTAMP - - !ruby/object:Api::Type::NestedObject - name: enumType - description: | - Represents an enum type. - properties: - - !ruby/object:Api::Type::Array - name: allowedValues - description: | - The set of allowed values for this enum. The display names of the - values must be case-insensitively unique within this set. Currently, - enum values can only be added to the list of allowed values. Deletion - and renaming of enum values are not supported. - Can have up to 500 allowed values. - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: displayName - description: | - The display name of the enum value. - required: true - - !ruby/object:Api::Type::Boolean - name: isRequired - description: | - Whether this is a required field. Defaults to false. - - !ruby/object:Api::Type::Integer - name: order - description: | - The order of this field with respect to other fields in this tag template. - A higher value indicates a more important field. The value can be negative. - Multiple fields can have the same order, and field orders within a tag do not have to be sequential. - - !ruby/object:Api::Resource - name: Tag - base_url: '{{parent}}/tags' - self_link: '{{name}}' - update_url: '{{name}}' - update_verb: :PATCH - update_mask: true - self_link: '{{parent}}/tags' - delete_url: '{{name}}' - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - tags - description: | - Tags are used to attach custom metadata to Data Catalog resources. Tags conform to the specifications within their tag template. - - See [Data Catalog IAM](https://cloud.google.com/data-catalog/docs/concepts/iam) for information on the permissions needed to create or view tags. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': https://cloud.google.com/data-catalog/docs - api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.tags - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to - all entries in that group. - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The resource name of the tag in URL format. Example: - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} - where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. - output: true - - !ruby/object:Api::Type::String - name: template - description: | - The resource name of the tag template that this tag uses. Example: - projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} - This field cannot be modified after creation. - required: true - input: true - - !ruby/object:Api::Type::String - name: templateDisplayName - description: | - The display name of the tag template. - output: true - - !ruby/object:Api::Type::Map - name: fields - description: | - This maps the ID of a tag field to the value of and additional information about that field. - Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. - required: true - key_name: field_name - value_type: !ruby/object:Api::Type::NestedObject - name: field_value - properties: - - !ruby/object:Api::Type::String - name: display_name - description: | - The display name of this field - output: true - - !ruby/object:Api::Type::Integer - name: order - description: | - The order of this field with respect to other fields in this tag. For example, a higher value can indicate - a more important field. The value can be negative. Multiple fields can have the same order, and field orders - within a tag do not have to be sequential. - output: true - - !ruby/object:Api::Type::Double - name: doubleValue - description: | - Holds the value for a tag field with double type. - - !ruby/object:Api::Type::String - name: stringValue - description: | - Holds the value for a tag field with string type. - - !ruby/object:Api::Type::Boolean - name: boolValue - send_empty_value: true - description: | - Holds the value for a tag field with boolean type. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - Holds the value for a tag field with timestamp type. - - !ruby/object:Api::Type::NestedObject - name: enumValue - description: | - Holds the value for a tag field with enum type. This value must be one of the allowed values in the definition of this enum. - properties: - - !ruby/object:Api::Type::String - name: displayName - description: | - The display name of the enum value. - required: true - - !ruby/object:Api::Type::String - name: column - description: | - Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an - individual column based on that schema. - - For attaching a tag to a nested column, use `.` to separate the column names. Example: - `outer_column.inner_column` - - !ruby/object:Api::Resource - name: Taxonomy - base_url: projects/{{project}}/locations/{{region}}/taxonomies - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - description: | - A collection of policy tags that classify data along a common axis. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': https://cloud.google.com/data-catalog/docs - api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies - iam_policy: !ruby/object:Api::Resource::IamPolicy - skip_import_test: true - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'taxonomy' - import_format: ["projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}", "{{taxonomy}}"] - base_url: "projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}" - parameters: - - !ruby/object:Api::Type::String - name: region - url_param_only: true - input: true - description: | - Taxonomy location region. - properties: - - !ruby/object:Api::Type::String - name: "name" - description: | - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - output: true - - !ruby/object:Api::Type::String - name: "displayName" - description: | - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - required: true - - !ruby/object:Api::Type::String - name: "description" - description: | - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - - !ruby/object:Api::Type::Array - name: "activatedPolicyTypes" - description: | - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. - item_type: !ruby/object:Api::Type::Enum # TOOD: should this be enum or string - name: 'policyType' - description: 'Defines policy types where policy tag can be used for' - values: - - :POLICY_TYPE_UNSPECIFIED - - :FINE_GRAINED_ACCESS_CONTROL - - !ruby/object:Api::Resource - name: PolicyTag - base_url: "{{taxonomy}}/policyTags" - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - description: | - Denotes one policy tag in a taxonomy. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': https://cloud.google.com/data-catalog/docs - api: https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.taxonomies.policyTags - iam_policy: !ruby/object:Api::Resource::IamPolicy - skip_import_test: true - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'policy_tag' - import_format: ["{{%policy_tag}}"] - base_url: "{{%policy_tag}}" - parameters: - - !ruby/object:Api::Type::String - name: taxonomy - url_param_only: true - required: true - input: true - description: | - Taxonomy the policy tag is associated with - properties: - - !ruby/object:Api::Type::String - name: "name" - description: | - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}" - output: true - - !ruby/object:Api::Type::String - name: "displayName" - description: | - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. - required: true - - !ruby/object:Api::Type::String - name: "description" - description: | - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. - - !ruby/object:Api::Type::String - name: "parentPolicyTag" - description: | - Resource name of this policy tag's parent policy tag. - If empty, it means this policy tag is a top level policy tag. - If not set, defaults to an empty string. - - !ruby/object:Api::Type::Array - name: "childPolicyTags" - description: | - Resource names of child policy tags of this policy tag. - item_type: Api::Type::String - output: true diff --git a/mmv1/products/datacatalog/product.yaml b/mmv1/products/datacatalog/product.yaml new file mode 100644 index 000000000000..a44cfe0acb6f --- /dev/null +++ b/mmv1/products/datacatalog/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DataCatalog +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://datacatalog.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://datacatalog.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Google Cloud Data Catalog API + url: https://console.cloud.google.com/apis/library/datacatalog.googleapis.com diff --git a/mmv1/products/dataform/Repository.yaml b/mmv1/products/dataform/Repository.yaml new file mode 100644 index 000000000000..d7178501ba20 --- /dev/null +++ b/mmv1/products/dataform/Repository.yaml @@ -0,0 +1,60 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Repository +base_url: projects/{{project}}/locations/{{region}}/repositories +create_url: projects/{{project}}/locations/{{region}}/repositories?repositoryId={{name}} +create_verb: :POST +update_verb: :PATCH +min_version: beta +description: |- + A resource represents a Dataform Git repository +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/dataform/docs/' + api: 'https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories' +parameters: + - !ruby/object:Api::Type::String + name: 'region' + description: 'A reference to the region' + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The repository's name. + immutable: true + required: true + - !ruby/object:Api::Type::NestedObject + name: 'gitRemoteSettings' + description: Optional. If set, configures this repository to be linked to a Git remote. + properties: + - !ruby/object:Api::Type::String + name: 'url' + required: true + description: The Git remote's URL. + - !ruby/object:Api::Type::String + name: 'defaultBranch' + required: true + description: The Git remote's default branch name. + - !ruby/object:Api::Type::String + name: 'authenticationTokenSecretVersion' + required: true + description: The name of the Secret Manager secret version to use as an authentication token for Git operations. Must be in the format projects/*/secrets/*/versions/*. + - !ruby/object:Api::Type::String + name: 'tokenStatus' + output: true + description: | + Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus + diff --git a/mmv1/products/dataform/api.yaml b/mmv1/products/dataform/api.yaml deleted file mode 100644 index 1e4a264d0e38..000000000000 --- a/mmv1/products/dataform/api.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Dataform -display_name: Dataform -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://dataform.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: -# Dataform Repository - - !ruby/object:Api::Resource - name: Repository - base_url: projects/{{project}}/locations/{{region}}/repositories - create_url: projects/{{project}}/locations/{{region}}/repositories?repositoryId={{name}} - create_verb: :POST - update_verb: :PATCH - min_version: beta - description: |- - A resource represents a Dataform Git repository - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/dataform/docs/' - api: 'https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories' - parameters: - - !ruby/object:Api::Type::String - name: 'region' - description: 'A reference to the region' - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The repository's name. - input: true - required: true - - !ruby/object:Api::Type::NestedObject - name: 'gitRemoteSettings' - description: Optional. If set, configures this repository to be linked to a Git remote. - properties: - - !ruby/object:Api::Type::String - name: 'url' - required: true - description: The Git remote's URL. - - !ruby/object:Api::Type::String - name: 'defaultBranch' - required: true - description: The Git remote's default branch name. - - !ruby/object:Api::Type::String - name: 'authenticationTokenSecretVersion' - required: true - description: The name of the Secret Manager secret version to use as an authentication token for Git operations. Must be in the format projects/*/secrets/*/versions/*. - - !ruby/object:Api::Type::String - name: 'tokenStatus' - output: true - description: | - Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus diff --git a/mmv1/products/dataform/product.yaml b/mmv1/products/dataform/product.yaml new file mode 100644 index 000000000000..d24de00277d0 --- /dev/null +++ b/mmv1/products/dataform/product.yaml @@ -0,0 +1,22 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Dataform +display_name: Dataform +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://dataform.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/datafusion/Instance.yaml b/mmv1/products/datafusion/Instance.yaml new file mode 100644 index 000000000000..b049d274251d --- /dev/null +++ b/mmv1/products/datafusion/Instance.yaml @@ -0,0 +1,255 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +base_url: "projects/{{project}}/locations/{{region}}/instances" +create_url: projects/{{project}}/locations/{{region}}/instances?instanceId={{name}} +update_verb: :PATCH +description: | + Represents a Data Fusion instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/data-fusion/docs/' + api: 'https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances' +iam_policy: !ruby/object:Api::Resource::IamPolicy + parent_resource_attribute: 'name' + method_name_separator: ':' + import_format: ["projects/{{project}}/locations/{{location}}/instances/{{name}}", "{{name}}"] +parameters: + - !ruby/object:Api::Type::String + name: 'region' + url_param_only: true + immutable: true + description: | + The region of the Data Fusion instance. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + The ID of the instance or a fully qualified identifier for the instance. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of the instance. + immutable: true + - !ruby/object:Api::Type::Enum + name: 'type' + required: true + description: | + Represents the type of Data Fusion instance. Each type is configured with + the default settings for processing and memory. + - BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines + using point and click UI. However, there are certain limitations, such as fewer number + of concurrent pipelines, no support for streaming pipelines, etc. + - ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features + available, such as support for streaming pipelines, higher number of concurrent pipelines, etc. + - DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but + with restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration + pipelines at low cost. + values: + - :BASIC + - :ENTERPRISE + - :DEVELOPER + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'enableStackdriverLogging' + description: | + Option to enable Stackdriver Logging. + - !ruby/object:Api::Type::Boolean + name: 'enableStackdriverMonitoring' + description: | + Option to enable Stackdriver Monitoring. + - !ruby/object:Api::Type::Boolean + name: 'enableRbac' + description: | + Option to enable granular role-based access control. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + The resource labels for instance to use to annotate any related underlying resources, + such as Compute Engine VMs. + - !ruby/object:Api::Type::KeyValuePairs + name: 'options' + description: | + Map of additional options used to configure the behavior of Data Fusion instance. + immutable: true + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The time the instance was last updated in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + - !ruby/object:Api::Type::Enum + name: 'state' + output: true + description: | + The current state of this Data Fusion instance. + - CREATING: Instance is being created + - RUNNING: Instance is running and ready for requests + - FAILED: Instance creation failed + - DELETING: Instance is being deleted + - UPGRADING: Instance is being upgraded + - RESTARTING: Instance is being restarted + values: + - :CREATING + - :RUNNING + - :FAILED + - :DELETING + - :UPGRADING + - :RESTARTING + - !ruby/object:Api::Type::String + name: 'stateMessage' + output: true + description: | + Additional information about the current state of this Data Fusion instance if available. + - !ruby/object:Api::Type::String + name: 'serviceEndpoint' + output: true + description: | + Endpoint on which the Data Fusion UI and REST APIs are accessible. + - !ruby/object:Api::Type::String + name: 'version' + description: | + Current version of the Data Fusion. + - !ruby/object:Api::Type::String + name: 'serviceAccount' + min_version: beta # This field is deprecated and needs to be absent in GA provider. + deprecation_message: Use `tenant_project_id` instead to extract the tenant project ID. + output: true + description: | + Deprecated. Use `tenant_project_id` instead to extract the tenant project ID. + - !ruby/object:Api::Type::Boolean + name: 'privateInstance' + description: | + Specifies whether the Data Fusion instance should be private. If set to + true, all Data Fusion nodes will have private IP addresses and will not be + able to access the public internet. + immutable: true + - !ruby/object:Api::Type::String + name: 'dataprocServiceAccount' + description: | + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. + immutable: true + - !ruby/object:Api::Type::String + name: 'tenantProjectId' + description: | + The name of the tenant project. + output: true + - !ruby/object:Api::Type::String + name: 'gcsBucket' + description: | + Cloud Storage bucket generated by Data Fusion in the customer project. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'networkConfig' + description: | + Network configuration options. These are required when a private Data Fusion instance is to be created. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'ipAllocation' + description: | + The IP range in CIDR notation to use for the managed Data Fusion instance + nodes. This range must not overlap with any other ranges used in the Data Fusion instance network. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'network' + description: | + Name of the network in the project with which the tenant project + will be peered for executing pipelines. In case of shared VPC where the network resides in another host + project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'zone' + description: | + Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field. + immutable: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + Display name for an instance. + immutable: true + - !ruby/object:Api::Type::String + name: 'apiEndpoint' + description: | + Endpoint on which the REST APIs is accessible. + output: true + - !ruby/object:Api::Type::String + name: 'p4ServiceAccount' + description: | + P4 service account for the customer project. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKeyConfig' + description: | + The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'keyReference' + description: | + The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'eventPublishConfig' + description: | + Option to enable and pass metadata for event publishing. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + Option to enable Event Publishing. + required: true + - !ruby/object:Api::Type::String + name: 'topic' + description: | + The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id} + required: true + immutable: true + - !ruby/object:Api::Type::Array + name: 'accelerators' + description: | + List of accelerators enabled for this CDF instance. + + If accelerators are enabled it is possible a permadiff will be created with the Options field. + Users will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes). + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'acceleratorType' + description: | + The type of an accelator for a CDF instance. + values: + - :CDC + - :HEALTHCARE + - :CCAI_INSIGHTS + required: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The type of an accelator for a CDF instance. + values: + - :ENABLED + - :DISABLED + required: true diff --git a/mmv1/products/datafusion/api.yaml b/mmv1/products/datafusion/api.yaml deleted file mode 100644 index 61f33711d8c0..000000000000 --- a/mmv1/products/datafusion/api.yaml +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DataFusion -display_name: Cloud Data Fusion -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://datafusion.googleapis.com/v1beta1/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://datafusion.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Data Fusion API - url: https://console.cloud.google.com/apis/library/datafusion.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Instance' - base_url: "projects/{{project}}/locations/{{region}}/instances" - create_url: projects/{{project}}/locations/{{region}}/instances?instanceId={{name}} - update_verb: :PATCH - description: | - Represents a Data Fusion instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/data-fusion/docs/' - api: 'https://cloud.google.com/data-fusion/docs/reference/rest/v1beta1/projects.locations.instances' - iam_policy: !ruby/object:Api::Resource::IamPolicy - parent_resource_attribute: 'name' - method_name_separator: ':' - import_format: ["projects/{{project}}/locations/{{location}}/instances/{{name}}", "{{name}}"] - parameters: - - !ruby/object:Api::Type::String - name: 'region' - url_param_only: true - input: true - description: | - The region of the Data Fusion instance. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - The ID of the instance or a fully qualified identifier for the instance. - - !ruby/object:Api::Type::String - name: 'description' - description: | - An optional description of the instance. - input: true - - !ruby/object:Api::Type::Enum - name: 'type' - required: true - description: | - Represents the type of Data Fusion instance. Each type is configured with - the default settings for processing and memory. - - BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines - using point and click UI. However, there are certain limitations, such as fewer number - of concurrent pipelines, no support for streaming pipelines, etc. - - ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features - available, such as support for streaming pipelines, higher number of concurrent pipelines, etc. - - DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but - with restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration - pipelines at low cost. - values: - - :BASIC - - :ENTERPRISE - - :DEVELOPER - input: true - - !ruby/object:Api::Type::Boolean - name: 'enableStackdriverLogging' - description: | - Option to enable Stackdriver Logging. - - !ruby/object:Api::Type::Boolean - name: 'enableStackdriverMonitoring' - description: | - Option to enable Stackdriver Monitoring. - - !ruby/object:Api::Type::Boolean - name: 'enableRbac' - description: | - Option to enable granular role-based access control. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - The resource labels for instance to use to annotate any related underlying resources, - such as Compute Engine VMs. - - !ruby/object:Api::Type::KeyValuePairs - name: 'options' - description: | - Map of additional options used to configure the behavior of Data Fusion instance. - input: true - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The time the instance was last updated in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - - !ruby/object:Api::Type::Enum - name: 'state' - output: true - description: | - The current state of this Data Fusion instance. - - CREATING: Instance is being created - - RUNNING: Instance is running and ready for requests - - FAILED: Instance creation failed - - DELETING: Instance is being deleted - - UPGRADING: Instance is being upgraded - - RESTARTING: Instance is being restarted - values: - - :CREATING - - :RUNNING - - :FAILED - - :DELETING - - :UPGRADING - - :RESTARTING - - !ruby/object:Api::Type::String - name: 'stateMessage' - output: true - description: | - Additional information about the current state of this Data Fusion instance if available. - - !ruby/object:Api::Type::String - name: 'serviceEndpoint' - output: true - description: | - Endpoint on which the Data Fusion UI and REST APIs are accessible. - - !ruby/object:Api::Type::String - name: 'version' - description: | - Current version of the Data Fusion. - - !ruby/object:Api::Type::String - name: 'serviceAccount' - min_version: beta # This field is deprecated and needs to be absent in GA provider. - deprecation_message: Use `tenant_project_id` instead to extract the tenant project ID. - output: true - description: | - Deprecated. Use `tenant_project_id` instead to extract the tenant project ID. - - !ruby/object:Api::Type::Boolean - name: 'privateInstance' - description: | - Specifies whether the Data Fusion instance should be private. If set to - true, all Data Fusion nodes will have private IP addresses and will not be - able to access the public internet. - input: true - - !ruby/object:Api::Type::String - name: 'dataprocServiceAccount' - description: | - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. - input: true - - !ruby/object:Api::Type::String - name: 'tenantProjectId' - description: | - The name of the tenant project. - output: true - - !ruby/object:Api::Type::String - name: 'gcsBucket' - description: | - Cloud Storage bucket generated by Data Fusion in the customer project. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'networkConfig' - description: | - Network configuration options. These are required when a private Data Fusion instance is to be created. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'ipAllocation' - description: | - The IP range in CIDR notation to use for the managed Data Fusion instance - nodes. This range must not overlap with any other ranges used in the Data Fusion instance network. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'network' - description: | - Name of the network in the project with which the tenant project - will be peered for executing pipelines. In case of shared VPC where the network resides in another host - project the network should specified in the form of projects/{host-project-id}/global/networks/{network} - required: true - input: true - - !ruby/object:Api::Type::String - name: 'zone' - description: | - Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field. - input: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - Display name for an instance. - input: true - - !ruby/object:Api::Type::String - name: 'apiEndpoint' - description: | - Endpoint on which the REST APIs is accessible. - output: true - - !ruby/object:Api::Type::String - name: 'p4ServiceAccount' - description: | - P4 service account for the customer project. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKeyConfig' - description: | - The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'keyReference' - description: | - The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'eventPublishConfig' - description: | - Option to enable and pass metadata for event publishing. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - Option to enable Event Publishing. - required: true - - !ruby/object:Api::Type::String - name: 'topic' - description: | - The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id} - required: true - input: true diff --git a/mmv1/products/datafusion/product.yaml b/mmv1/products/datafusion/product.yaml new file mode 100644 index 000000000000..1e7458d4a96d --- /dev/null +++ b/mmv1/products/datafusion/product.yaml @@ -0,0 +1,46 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DataFusion +display_name: Cloud Data Fusion +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://datafusion.googleapis.com/v1beta1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://datafusion.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Data Fusion API + url: https://console.cloud.google.com/apis/library/datafusion.googleapis.com diff --git a/mmv1/products/datafusion/terraform.yaml b/mmv1/products/datafusion/terraform.yaml index b1e718382ace..b250cb6f643c 100644 --- a/mmv1/products/datafusion/terraform.yaml +++ b/mmv1/products/datafusion/terraform.yaml @@ -67,6 +67,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides instance_name: "my-instance" custom_code: !ruby/object:Provider::Terraform::CustomCode pre_update: templates/terraform/pre_update/datafusion_instance_update.go.erb + constants: templates/terraform/constants/data_fusion_instance_option.go.erb properties: region: !ruby/object:Overrides::Terraform::PropertyOverride ignore_read: true @@ -77,8 +78,11 @@ overrides: !ruby/object:Overrides::ResourceOverrides name: !ruby/object:Overrides::Terraform::PropertyOverride custom_expand: 'templates/terraform/custom_expand/shortname_to_url.go.erb' custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' - zone: !ruby/object:Overrides::Terraform::PropertyOverride + options: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true + diff_suppress_func: 'instanceOptionsDiffSuppress' + zone: !ruby/object:Overrides::Terraform::PropertyOverride + default_from_api: true # This is for copying files over files: !ruby/object:Provider::Config::Files # These files have templating (ERB) code that will be run. diff --git a/mmv1/products/dataplex/Asset.yaml b/mmv1/products/dataplex/Asset.yaml new file mode 100644 index 000000000000..05db6f8b6937 --- /dev/null +++ b/mmv1/products/dataplex/Asset.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Asset" +base_url: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}" +self_link: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}" +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + Dummy property. + diff --git a/mmv1/products/dataplex/Lake.yaml b/mmv1/products/dataplex/Lake.yaml new file mode 100644 index 000000000000..4e0df64c7fd8 --- /dev/null +++ b/mmv1/products/dataplex/Lake.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Lake" +base_url: "projects/{{project}}/locations/{{location}}/lakes/{{name}}" +self_link: "projects/{{project}}/locations/{{location}}/lakes/{{name}}" +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + Dummy property. + diff --git a/mmv1/products/dataplex/Zone.yaml b/mmv1/products/dataplex/Zone.yaml new file mode 100644 index 000000000000..bcf62add18c1 --- /dev/null +++ b/mmv1/products/dataplex/Zone.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Zone" +base_url: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}" +self_link: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}" +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + Dummy property. + diff --git a/mmv1/products/dataplex/api.yaml b/mmv1/products/dataplex/api.yaml deleted file mode 100644 index 3312cc8f7834..000000000000 --- a/mmv1/products/dataplex/api.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -!ruby/object:Api::Product -name: Dataplex -display_name: Cloud Dataplex -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://dataplex.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Dataplex API - url: https://cloud.google.com/dataplex/docs/reference/rest/ -objects: - - !ruby/object:Api::Resource - name: "Lake" - base_url: "projects/{{project}}/locations/{{location}}/lakes/{{name}}" - self_link: "projects/{{project}}/locations/{{location}}/lakes/{{name}}" - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - Dummy property. - - !ruby/object:Api::Resource - name: "Zone" - base_url: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}" - self_link: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}" - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - Dummy property. - - !ruby/object:Api::Resource - name: "Asset" - base_url: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}" - self_link: "projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}" - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - Dummy property diff --git a/mmv1/products/dataplex/product.yaml b/mmv1/products/dataplex/product.yaml new file mode 100644 index 000000000000..7d6730596016 --- /dev/null +++ b/mmv1/products/dataplex/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +!ruby/object:Api::Product +name: Dataplex +display_name: Cloud Dataplex +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://dataplex.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Dataplex API + url: https://cloud.google.com/dataplex/docs/reference/rest/ diff --git a/mmv1/products/dataproc/AutoscalingPolicy.yaml b/mmv1/products/dataproc/AutoscalingPolicy.yaml new file mode 100644 index 000000000000..b2ab3c22090e --- /dev/null +++ b/mmv1/products/dataproc/AutoscalingPolicy.yaml @@ -0,0 +1,197 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AutoscalingPolicy' +base_url: "projects/{{project}}/locations/{{location}}/autoscalingPolicies" +self_link: "projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{id}}" +collection_url_key: 'policies' +description: | + Describes an autoscaling policy for Dataproc cluster autoscaler. +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'policy_id' + fetch_iam_policy_verb: :POST + import_format: ["projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}", "{{policy_id}}"] +parameters: + - !ruby/object:Api::Type::String + name: 'location' + url_param_only: true + immutable: true + default_value: global + description: | + The location where the autoscaling policy should reside. + The default value is `global`. +properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + description: | + The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The "resource name" of the autoscaling policy. + - !ruby/object:Api::Type::NestedObject + name: 'workerConfig' + description: | + Describes how the autoscaler will operate for primary workers. + properties: + - !ruby/object:Api::Type::Integer + name: 'minInstances' + default_value: 2 + description: | + Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2. + - !ruby/object:Api::Type::Integer + name: 'maxInstances' + required: true + description: | + Maximum number of instances for this group. + - !ruby/object:Api::Type::Integer + name: 'weight' + default_value: 1 + description: | + Weight for the instance group, which is used to determine the fraction of total workers + in the cluster from this instance group. For example, if primary workers have weight 2, + and secondary workers have weight 1, the cluster will have approximately 2 primary workers + for each secondary worker. + + The cluster may not reach the specified balance if constrained by min/max bounds or other + autoscaling settings. For example, if maxInstances for secondary workers is 0, then only + primary workers will be added. The cluster can also be out of balance when created. + + If weight is not set on any instance group, the cluster will default to equal weight for + all groups: the cluster will attempt to maintain an equal number of workers in each group + within the configured size bounds for each group. If weight is set for one group only, + the cluster will default to zero weight on the unset group. For example if weight is set + only on primary workers, the cluster will use primary workers only and no secondary workers. + - !ruby/object:Api::Type::NestedObject + name: 'secondaryWorkerConfig' + description: | + Describes how the autoscaler will operate for secondary workers. + properties: + - !ruby/object:Api::Type::Integer + name: 'minInstances' + at_least_one_of: + - secondary_worker_config.0.min_instances + - secondary_worker_config.0.max_instances + - secondary_worker_config.0.weight + default_value: 0 + description: | + Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0. + - !ruby/object:Api::Type::Integer + name: 'maxInstances' + at_least_one_of: + - secondary_worker_config.0.min_instances + - secondary_worker_config.0.max_instances + - secondary_worker_config.0.weight + default_value: 0 + description: | + Maximum number of instances for this group. Note that by default, clusters will not use + secondary workers. Required for secondary workers if the minimum secondary instances is set. + Bounds: [minInstances, ). Defaults to 0. + - !ruby/object:Api::Type::Integer + name: 'weight' + at_least_one_of: + - secondary_worker_config.0.min_instances + - secondary_worker_config.0.max_instances + - secondary_worker_config.0.weight + default_value: 1 + description: | + Weight for the instance group, which is used to determine the fraction of total workers + in the cluster from this instance group. For example, if primary workers have weight 2, + and secondary workers have weight 1, the cluster will have approximately 2 primary workers + for each secondary worker. + + The cluster may not reach the specified balance if constrained by min/max bounds or other + autoscaling settings. For example, if maxInstances for secondary workers is 0, then only + primary workers will be added. The cluster can also be out of balance when created. + + If weight is not set on any instance group, the cluster will default to equal weight for + all groups: the cluster will attempt to maintain an equal number of workers in each group + within the configured size bounds for each group. If weight is set for one group only, + the cluster will default to zero weight on the unset group. For example if weight is set + only on primary workers, the cluster will use primary workers only and no secondary workers. + - !ruby/object:Api::Type::NestedObject + name: 'basicAlgorithm' + description: | + Basic algorithm for autoscaling. + properties: + - !ruby/object:Api::Type::String + name: 'cooldownPeriod' + default_value: "120s" + description: | + Duration between scaling events. A scaling period starts after the + update operation from the previous event has completed. + + Bounds: [2m, 1d]. Default: 2m. + - !ruby/object:Api::Type::NestedObject + name: 'yarnConfig' + required: true + description: | + YARN autoscaling configuration. + properties: + - !ruby/object:Api::Type::String + name: 'gracefulDecommissionTimeout' + required: true + description: | + Timeout for YARN graceful decommissioning of Node Managers. Specifies the + duration to wait for jobs to complete before forcefully removing workers + (and potentially interrupting jobs). Only applicable to downscaling operations. + + Bounds: [0s, 1d]. + - !ruby/object:Api::Type::Double + name: 'scaleUpFactor' + required: true + description: | + Fraction of average pending memory in the last cooldown period for which to + add workers. A scale-up factor of 1.0 will result in scaling up so that there + is no pending memory remaining after the update (more aggressive scaling). + A scale-up factor closer to 0 will result in a smaller magnitude of scaling up + (less aggressive scaling). + + Bounds: [0.0, 1.0]. + - !ruby/object:Api::Type::Double + name: 'scaleDownFactor' + required: true + description: | + Fraction of average pending memory in the last cooldown period for which to + remove workers. A scale-down factor of 1 will result in scaling down so that there + is no available memory remaining after the update (more aggressive scaling). + A scale-down factor of 0 disables removing workers, which can be beneficial for + autoscaling a single job. + + Bounds: [0.0, 1.0]. + - !ruby/object:Api::Type::Double + name: 'scaleUpMinWorkerFraction' + default_value: 0.0 + description: | + Minimum scale-up threshold as a fraction of total cluster size before scaling + occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster to scale. A threshold of + 0 means the autoscaler will scale up on any recommended change. + + Bounds: [0.0, 1.0]. Default: 0.0. + - !ruby/object:Api::Type::Double + name: 'scaleDownMinWorkerFraction' + default_value: 0.0 + description: | + Minimum scale-down threshold as a fraction of total cluster size before scaling occurs. + For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must + recommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0 + means the autoscaler will scale down on any recommended change. + + Bounds: [0.0, 1.0]. Default: 0.0. diff --git a/mmv1/products/dataproc/Cluster.yaml b/mmv1/products/dataproc/Cluster.yaml new file mode 100644 index 000000000000..4ed4ec09e1d4 --- /dev/null +++ b/mmv1/products/dataproc/Cluster.yaml @@ -0,0 +1,423 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Cluster' +base_url: "projects/{{project}}/regions/{{region}}/clusters" +self_link: "projects/{{project}}/regions/{{region}}/clusters/{{clusterName}}" +description: | + Describes an autoscaling policy for Dataproc cluster autoscaler. +parameters: + - !ruby/object:Api::Type::String + name: 'region' + url_param_only: true + immutable: true + description: | + The region in which the cluster and associated nodes will be created in. +properties: + - !ruby/object:Api::Type::String + name: 'clusterName' + required: true + description: | + The name of the cluster, unique within the project and region. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this cluster. A list of key->value pairs. + - !ruby/object:Api::Type::NestedObject + name: 'config' + description: | + Configuration for the cluster + properties: + - !ruby/object:Api::Type::String + name: 'configBucket' + description: | + The Cloud Storage staging bucket used to stage files, such as Hadoop jars, + between client machines and the cluster. + - !ruby/object:Api::Type::NestedObject + name: 'gceClusterConfig' + description: | + Common config settings for resources of Google Compute Engine cluster instances, + applicable to all instances in the cluster. + properties: + - !ruby/object:Api::Type::String + name: 'zoneUri' + description: | + The zone where the Compute Engine cluster will be located + - !ruby/object:Api::Type::String + name: 'networkUri' + description: | + The Compute Engine network to be used for machine communications + - !ruby/object:Api::Type::String + name: 'subnetworkUri' + description: | + The Compute Engine subnetwork to be used for machine communications + - !ruby/object:Api::Type::Boolean + name: 'internalIpOnly' + description: | + If true, all instances int he cluster will only have internal IP addresses + - !ruby/object:Api::Type::Array + name: 'serviceAccountScopes' + item_type: Api::Type::String + description: | + The URIs of service account scopes to be included in Compute Engine instances + The following base set of scopes is always included: + + https://www.googleapis.com/auth/cloud.useraccounts.readonly + + https://www.googleapis.com/auth/devstorage.read_write + + https://www.googleapis.com/auth/logging.write + - !ruby/object:Api::Type::Array + name: 'tags' + item_type: Api::Type::String + description: | + The Compute Engine tags to add to all instances + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + The map of metadata entries to add to all instances + - !ruby/object:Api::Type::NestedObject + name: 'masterConfig' + description: | + The config settings for Compute Engine resources in an instance group, such as a + master or worker group. + properties: + - !ruby/object:Api::Type::Integer + name: 'numInstances' + description: | + The number of VM instances in the instance group. For master instance groups, + must be set to 1. + - !ruby/object:Api::Type::Array + name: 'instanceNames' + output: true + item_type: Api::Type::String + description: | + The list of instance names. + - !ruby/object:Api::Type::String + name: 'imageUri' + description: | + The Compute Engine image resource used for cluster instances. + - !ruby/object:Api::Type::String + name: 'machineTypeUri' + description: | + The Compute Engine machine type used for cluster instances + - !ruby/object:Api::Type::NestedObject + name: 'diskConfig' + description: | + Disk option config settings + properties: + - !ruby/object:Api::Type::String + name: 'bootDiskType' + description: | + Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" + - !ruby/object:Api::Type::Integer + name: 'bootDiskSizeGb' + description: | + Size in GB of the boot disk. + - !ruby/object:Api::Type::Integer + name: 'numLocalSsds' + description: | + Number of attached SSDs, from 0 to 4. + - !ruby/object:Api::Type::Boolean + name: 'isPreemptible' + output: true + description: | + Specifies if this instance group contains preemptible instances. + - !ruby/object:Api::Type::Enum + name: 'preemptibility' + description: | + Specifies the preemptibility of the instance group. + The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. + The default value for secondary instances is PREEMPTIBLE. + values: + - :PREEMPTIBILITY_UNSPECIFIED + - :NON_PREEMPTIBLE + - :PREEMPTIBLE + - !ruby/object:Api::Type::NestedObject + name: 'managedGroupConfig' + output: true + description: | + The config for Compute Engine Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + - !ruby/object:Api::Type::String + name: 'instanceTemplateName' + description: | + The name of the Instance Template used for the Managed Instance Group. + - !ruby/object:Api::Type::String + name: instanceGroupManagerName + description: | + The name of the Instance Group Manager for this group + - !ruby/object:Api::Type::NestedObject + name: 'workerConfig' + description: | + The config settings for Compute Engine resources in an instance group, such as a + master or worker group. + properties: + - !ruby/object:Api::Type::Integer + name: 'numInstances' + description: | + The number of VM instances in the instance group. For master instance groups, + must be set to 1. + - !ruby/object:Api::Type::Array + name: 'instanceNames' + output: true + item_type: Api::Type::String + description: | + The list of instance names. + - !ruby/object:Api::Type::String + name: 'imageUri' + description: | + The Compute Engine image resource used for cluster instances. + - !ruby/object:Api::Type::String + name: 'machineTypeUri' + description: | + The Compute Engine machine type used for cluster instances + - !ruby/object:Api::Type::NestedObject + name: 'diskConfig' + description: | + Disk option config settings + properties: + - !ruby/object:Api::Type::String + name: 'bootDiskType' + description: | + Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" + - !ruby/object:Api::Type::Integer + name: 'bootDiskSizeGb' + description: | + Size in GB of the boot disk. + - !ruby/object:Api::Type::Integer + name: 'numLocalSsds' + description: | + Number of attached SSDs, from 0 to 4. + - !ruby/object:Api::Type::Boolean + name: 'isPreemptible' + output: true + description: | + Specifies if this instance group contains preemptible instances. + - !ruby/object:Api::Type::Enum + name: 'preemptibility' + description: | + Specifies the preemptibility of the instance group. + The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. + The default value for secondary instances is PREEMPTIBLE. + values: + - :PREEMPTIBILITY_UNSPECIFIED + - :NON_PREEMPTIBLE + - :PREEMPTIBLE + - !ruby/object:Api::Type::NestedObject + name: 'managedGroupConfig' + output: true + description: | + The config for Compute Engine Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + - !ruby/object:Api::Type::String + name: 'instanceTemplateName' + description: | + The name of the Instance Template used for the Managed Instance Group. + - !ruby/object:Api::Type::String + name: instanceGroupManagerName + description: | + The name of the Instance Group Manager for this group + - !ruby/object:Api::Type::NestedObject + name: 'secondaryWorkerConfig' + description: | + The config settings for Compute Engine resources in an instance group, such as a + master or worker group. + properties: + - !ruby/object:Api::Type::Integer + name: 'numInstances' + description: | + The number of VM instances in the instance group. For master instance groups, + must be set to 1. + - !ruby/object:Api::Type::Array + name: 'instanceNames' + output: true + item_type: Api::Type::String + description: | + The list of instance names. + - !ruby/object:Api::Type::String + name: 'imageUri' + description: | + The Compute Engine image resource used for cluster instances. + - !ruby/object:Api::Type::String + name: 'machineTypeUri' + description: | + The Compute Engine machine type used for cluster instances + - !ruby/object:Api::Type::NestedObject + name: 'diskConfig' + description: | + Disk option config settings + properties: + - !ruby/object:Api::Type::String + name: 'bootDiskType' + description: | + Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" + - !ruby/object:Api::Type::Integer + name: 'bootDiskSizeGb' + description: | + Size in GB of the boot disk. + - !ruby/object:Api::Type::Integer + name: 'numLocalSsds' + description: | + Number of attached SSDs, from 0 to 4. + - !ruby/object:Api::Type::Boolean + name: 'isPreemptible' + output: true + description: | + Specifies if this instance group contains preemptible instances. + - !ruby/object:Api::Type::Enum + name: 'preemptibility' + description: | + Specifies the preemptibility of the instance group. + The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. + The default value for secondary instances is PREEMPTIBLE. + values: + - :PREEMPTIBILITY_UNSPECIFIED + - :NON_PREEMPTIBLE + - :PREEMPTIBLE + - !ruby/object:Api::Type::NestedObject + name: 'managedGroupConfig' + output: true + description: | + The config for Compute Engine Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + - !ruby/object:Api::Type::String + name: 'instanceTemplateName' + description: | + The name of the Instance Template used for the Managed Instance Group. + - !ruby/object:Api::Type::String + name: instanceGroupManagerName + description: | + The name of the Instance Group Manager for this group + - !ruby/object:Api::Type::NestedObject + name: 'softwareConfig' + description: | + Specifies the selection and config of software inside the cluster + properties: + - !ruby/object:Api::Type::String + name: 'imageVersion' + description: | + The version of software inside the cluster. It must be one of the supported Cloud Dataproc + Versions, such as "1.2" (including a subminor version, such as "1.2.29"), or the "preview" + version. + - !ruby/object:Api::Type::KeyValuePairs + name: 'properties' + description: | + The properties to set on daemon config files. + Property keys are specified in the prefix:property format, for example `core:hadoop.tmp.dir` + - !ruby/object:Api::Type::Enum + name: 'optionalComponents' + description: | + The set of optional components to activate on the cluster. + + Possible values include: COMPONENT_UNSPECIFIED, ANACONDA, HIVE_WEBHCAT, JUPYTER, ZEPPELIN, HBASE, SOLR, and RANGER + values: + - :COMPONENT_UNSPECIFIED + - :ANACONDA + - :HBASE + - :RANGER + - :SOLR + - :HIVE_WEBHCAT + - :JUPYTER + - :ZEPPELIN + - !ruby/object:Api::Type::Array + name: 'initializationActions' + description: | + Specifies an executable to run on a fully configured node and a timeout period for executable completion. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'executableFile' + description: | + Cloud Storage URI of the executable file + - !ruby/object:Api::Type::String + name: 'executionTimeout' + description: | + Amount of time executable has to complete + - !ruby/object:Api::Type::NestedObject + name: 'encryptionConfig' + description: | + Encryption settings for the cluster. + properties: + - !ruby/object:Api::Type::String + name: 'gcePdKmsKeyName' + description: | + The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + - !ruby/object:Api::Type::NestedObject + name: 'securityConfig' + description: | + Kerberos config holder. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'kerberosConfig' + description: | + Kerberos related configuration. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enableKerberos' + description: | + Flag to indicate whether to Kerberize the cluster. + - !ruby/object:Api::Type::String + name: 'rootprincipalPasswordUri' + description: | + The cloud Storage URI of a KMS encrypted file containing the root principal password. + - !ruby/object:Api::Type::String + name: 'kmsKeyUri' + description: | + The uri of the KMS key used to encrypt various sensitive files. + - !ruby/object:Api::Type::String + name: 'keystoreUri' + description: | + The Cloud Storage URI of the keystore file used for SSL encryption. + - !ruby/object:Api::Type::String + name: 'truststoreUri' + description: | + The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. + - !ruby/object:Api::Type::String + name: 'keyPasswordUri' + description: | + The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. + - !ruby/object:Api::Type::String + name: 'truststorePasswordUri' + description: | + The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. + - !ruby/object:Api::Type::String + name: 'crossRealmTrustRealm' + description: | + The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust. + - !ruby/object:Api::Type::String + name: 'crossRealmTrustAdminServer' + description: | + The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship. + - !ruby/object:Api::Type::String + name: 'crossRealmTrustSharedPasswordUri' + description: | + The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster + Kerberos realm and the remote trusted realm, in a cross realm trust relationship. + - !ruby/object:Api::Type::String + name: 'kdcDbKeyUri' + description: | + The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. + - !ruby/object:Api::Type::String + name: 'tgtLifetimeHours' + description: | + The lifetime of the ticket granting ticket, in hours. + - !ruby/object:Api::Type::String + name: 'realm' + description: | + The name of the on-cluster Kerberos realm. + diff --git a/mmv1/products/dataproc/api.yaml b/mmv1/products/dataproc/api.yaml deleted file mode 100644 index e22753df275e..000000000000 --- a/mmv1/products/dataproc/api.yaml +++ /dev/null @@ -1,622 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Dataproc -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://dataproc.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://dataproc.googleapis.com/v1beta2/ -scopes: - - https://www.googleapis.com/auth/cloud-identity -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Dataproc API - url: https://console.cloud.google.com/apis/library/dataproc.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'AutoscalingPolicy' - base_url: "projects/{{project}}/locations/{{location}}/autoscalingPolicies" - self_link: "projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{id}}" - collection_url_key: 'policies' - description: | - Describes an autoscaling policy for Dataproc cluster autoscaler. - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'policy_id' - fetch_iam_policy_verb: :POST - import_format: ["projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}", "{{policy_id}}"] - parameters: - - !ruby/object:Api::Type::String - name: 'location' - url_param_only: true - input: true - default_value: global - description: | - The location where the autoscaling policy should reside. - The default value is `global`. - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - description: | - The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The "resource name" of the autoscaling policy. - - !ruby/object:Api::Type::NestedObject - name: 'workerConfig' - description: | - Describes how the autoscaler will operate for primary workers. - properties: - - !ruby/object:Api::Type::Integer - name: 'minInstances' - default_value: 2 - description: | - Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2. - - !ruby/object:Api::Type::Integer - name: 'maxInstances' - required: true - description: | - Maximum number of instances for this group. - - !ruby/object:Api::Type::Integer - name: 'weight' - default_value: 1 - description: | - Weight for the instance group, which is used to determine the fraction of total workers - in the cluster from this instance group. For example, if primary workers have weight 2, - and secondary workers have weight 1, the cluster will have approximately 2 primary workers - for each secondary worker. - - The cluster may not reach the specified balance if constrained by min/max bounds or other - autoscaling settings. For example, if maxInstances for secondary workers is 0, then only - primary workers will be added. The cluster can also be out of balance when created. - - If weight is not set on any instance group, the cluster will default to equal weight for - all groups: the cluster will attempt to maintain an equal number of workers in each group - within the configured size bounds for each group. If weight is set for one group only, - the cluster will default to zero weight on the unset group. For example if weight is set - only on primary workers, the cluster will use primary workers only and no secondary workers. - - !ruby/object:Api::Type::NestedObject - name: 'secondaryWorkerConfig' - description: | - Describes how the autoscaler will operate for secondary workers. - properties: - - !ruby/object:Api::Type::Integer - name: 'minInstances' - at_least_one_of: - - secondary_worker_config.0.min_instances - - secondary_worker_config.0.max_instances - - secondary_worker_config.0.weight - default_value: 0 - description: | - Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0. - - !ruby/object:Api::Type::Integer - name: 'maxInstances' - at_least_one_of: - - secondary_worker_config.0.min_instances - - secondary_worker_config.0.max_instances - - secondary_worker_config.0.weight - default_value: 0 - description: | - Maximum number of instances for this group. Note that by default, clusters will not use - secondary workers. Required for secondary workers if the minimum secondary instances is set. - Bounds: [minInstances, ). Defaults to 0. - - !ruby/object:Api::Type::Integer - name: 'weight' - at_least_one_of: - - secondary_worker_config.0.min_instances - - secondary_worker_config.0.max_instances - - secondary_worker_config.0.weight - default_value: 1 - description: | - Weight for the instance group, which is used to determine the fraction of total workers - in the cluster from this instance group. For example, if primary workers have weight 2, - and secondary workers have weight 1, the cluster will have approximately 2 primary workers - for each secondary worker. - - The cluster may not reach the specified balance if constrained by min/max bounds or other - autoscaling settings. For example, if maxInstances for secondary workers is 0, then only - primary workers will be added. The cluster can also be out of balance when created. - - If weight is not set on any instance group, the cluster will default to equal weight for - all groups: the cluster will attempt to maintain an equal number of workers in each group - within the configured size bounds for each group. If weight is set for one group only, - the cluster will default to zero weight on the unset group. For example if weight is set - only on primary workers, the cluster will use primary workers only and no secondary workers. - - !ruby/object:Api::Type::NestedObject - name: 'basicAlgorithm' - description: | - Basic algorithm for autoscaling. - properties: - - !ruby/object:Api::Type::String - name: 'cooldownPeriod' - default_value: "120s" - description: | - Duration between scaling events. A scaling period starts after the - update operation from the previous event has completed. - - Bounds: [2m, 1d]. Default: 2m. - - !ruby/object:Api::Type::NestedObject - name: 'yarnConfig' - required: true - description: | - YARN autoscaling configuration. - properties: - - !ruby/object:Api::Type::String - name: 'gracefulDecommissionTimeout' - required: true - description: | - Timeout for YARN graceful decommissioning of Node Managers. Specifies the - duration to wait for jobs to complete before forcefully removing workers - (and potentially interrupting jobs). Only applicable to downscaling operations. - - Bounds: [0s, 1d]. - - !ruby/object:Api::Type::Double - name: 'scaleUpFactor' - required: true - description: | - Fraction of average pending memory in the last cooldown period for which to - add workers. A scale-up factor of 1.0 will result in scaling up so that there - is no pending memory remaining after the update (more aggressive scaling). - A scale-up factor closer to 0 will result in a smaller magnitude of scaling up - (less aggressive scaling). - - Bounds: [0.0, 1.0]. - - !ruby/object:Api::Type::Double - name: 'scaleDownFactor' - required: true - description: | - Fraction of average pending memory in the last cooldown period for which to - remove workers. A scale-down factor of 1 will result in scaling down so that there - is no available memory remaining after the update (more aggressive scaling). - A scale-down factor of 0 disables removing workers, which can be beneficial for - autoscaling a single job. - - Bounds: [0.0, 1.0]. - - !ruby/object:Api::Type::Double - name: 'scaleUpMinWorkerFraction' - default_value: 0.0 - description: | - Minimum scale-up threshold as a fraction of total cluster size before scaling - occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster to scale. A threshold of - 0 means the autoscaler will scale up on any recommended change. - - Bounds: [0.0, 1.0]. Default: 0.0. - - !ruby/object:Api::Type::Double - name: 'scaleDownMinWorkerFraction' - default_value: 0.0 - description: | - Minimum scale-down threshold as a fraction of total cluster size before scaling occurs. - For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must - recommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0 - means the autoscaler will scale down on any recommended change. - - Bounds: [0.0, 1.0]. Default: 0.0. - - !ruby/object:Api::Resource - name: 'Cluster' - base_url: "projects/{{project}}/regions/{{region}}/clusters" - self_link: "projects/{{project}}/regions/{{region}}/clusters/{{clusterName}}" - description: | - Describes an autoscaling policy for Dataproc cluster autoscaler. - parameters: - - !ruby/object:Api::Type::String - name: 'region' - url_param_only: true - input: true - description: | - The region in which the cluster and associated nodes will be created in. - properties: - - !ruby/object:Api::Type::String - name: 'clusterName' - required: true - description: | - The name of the cluster, unique within the project and region. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this cluster. A list of key->value pairs. - - !ruby/object:Api::Type::NestedObject - name: 'config' - description: | - Configuration for the cluster - properties: - - !ruby/object:Api::Type::String - name: 'configBucket' - description: | - The Cloud Storage staging bucket used to stage files, such as Hadoop jars, - between client machines and the cluster. - - !ruby/object:Api::Type::NestedObject - name: 'gceClusterConfig' - description: | - Common config settings for resources of Google Compute Engine cluster instances, - applicable to all instances in the cluster. - properties: - - !ruby/object:Api::Type::String - name: 'zoneUri' - description: | - The zone where the Compute Engine cluster will be located - - !ruby/object:Api::Type::String - name: 'networkUri' - description: | - The Compute Engine network to be used for machine communications - - !ruby/object:Api::Type::String - name: 'subnetworkUri' - description: | - The Compute Engine subnetwork to be used for machine communications - - !ruby/object:Api::Type::Boolean - name: 'internalIpOnly' - description: | - If true, all instances int he cluster will only have internal IP addresses - - !ruby/object:Api::Type::Array - name: 'serviceAccountScopes' - item_type: Api::Type::String - description: | - The URIs of service account scopes to be included in Compute Engine instances - The following base set of scopes is always included: - - https://www.googleapis.com/auth/cloud.useraccounts.readonly - - https://www.googleapis.com/auth/devstorage.read_write - - https://www.googleapis.com/auth/logging.write - - !ruby/object:Api::Type::Array - name: 'tags' - item_type: Api::Type::String - description: | - The Compute Engine tags to add to all instances - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - The map of metadata entries to add to all instances - - !ruby/object:Api::Type::NestedObject - name: 'masterConfig' - description: | - The config settings for Compute Engine resources in an instance group, such as a - master or worker group. - properties: - - !ruby/object:Api::Type::Integer - name: 'numInstances' - description: | - The number of VM instances in the instance group. For master instance groups, - must be set to 1. - - !ruby/object:Api::Type::Array - name: 'instanceNames' - output: true - item_type: Api::Type::String - description: | - The list of instance names. - - !ruby/object:Api::Type::String - name: 'imageUri' - description: | - The Compute Engine image resource used for cluster instances. - - !ruby/object:Api::Type::String - name: 'machineTypeUri' - description: | - The Compute Engine machine type used for cluster instances - - !ruby/object:Api::Type::NestedObject - name: 'diskConfig' - description: | - Disk option config settings - properties: - - !ruby/object:Api::Type::String - name: 'bootDiskType' - description: | - Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" - - !ruby/object:Api::Type::Integer - name: 'bootDiskSizeGb' - description: | - Size in GB of the boot disk. - - !ruby/object:Api::Type::Integer - name: 'numLocalSsds' - description: | - Number of attached SSDs, from 0 to 4. - - !ruby/object:Api::Type::Boolean - name: 'isPreemptible' - output: true - description: | - Specifies if this instance group contains preemptible instances. - - !ruby/object:Api::Type::Enum - name: 'preemptibility' - description: | - Specifies the preemptibility of the instance group. - The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. - The default value for secondary instances is PREEMPTIBLE. - values: - - :PREEMPTIBILITY_UNSPECIFIED - - :NON_PREEMPTIBLE - - :PREEMPTIBLE - - !ruby/object:Api::Type::NestedObject - name: 'managedGroupConfig' - output: true - description: | - The config for Compute Engine Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - - !ruby/object:Api::Type::String - name: 'instanceTemplateName' - description: | - The name of the Instance Template used for the Managed Instance Group. - - !ruby/object:Api::Type::String - name: instanceGroupManagerName - description: | - The name of the Instance Group Manager for this group - - !ruby/object:Api::Type::NestedObject - name: 'workerConfig' - description: | - The config settings for Compute Engine resources in an instance group, such as a - master or worker group. - properties: - - !ruby/object:Api::Type::Integer - name: 'numInstances' - description: | - The number of VM instances in the instance group. For master instance groups, - must be set to 1. - - !ruby/object:Api::Type::Array - name: 'instanceNames' - output: true - item_type: Api::Type::String - description: | - The list of instance names. - - !ruby/object:Api::Type::String - name: 'imageUri' - description: | - The Compute Engine image resource used for cluster instances. - - !ruby/object:Api::Type::String - name: 'machineTypeUri' - description: | - The Compute Engine machine type used for cluster instances - - !ruby/object:Api::Type::NestedObject - name: 'diskConfig' - description: | - Disk option config settings - properties: - - !ruby/object:Api::Type::String - name: 'bootDiskType' - description: | - Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" - - !ruby/object:Api::Type::Integer - name: 'bootDiskSizeGb' - description: | - Size in GB of the boot disk. - - !ruby/object:Api::Type::Integer - name: 'numLocalSsds' - description: | - Number of attached SSDs, from 0 to 4. - - !ruby/object:Api::Type::Boolean - name: 'isPreemptible' - output: true - description: | - Specifies if this instance group contains preemptible instances. - - !ruby/object:Api::Type::Enum - name: 'preemptibility' - description: | - Specifies the preemptibility of the instance group. - The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. - The default value for secondary instances is PREEMPTIBLE. - values: - - :PREEMPTIBILITY_UNSPECIFIED - - :NON_PREEMPTIBLE - - :PREEMPTIBLE - - !ruby/object:Api::Type::NestedObject - name: 'managedGroupConfig' - output: true - description: | - The config for Compute Engine Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - - !ruby/object:Api::Type::String - name: 'instanceTemplateName' - description: | - The name of the Instance Template used for the Managed Instance Group. - - !ruby/object:Api::Type::String - name: instanceGroupManagerName - description: | - The name of the Instance Group Manager for this group - - !ruby/object:Api::Type::NestedObject - name: 'secondaryWorkerConfig' - description: | - The config settings for Compute Engine resources in an instance group, such as a - master or worker group. - properties: - - !ruby/object:Api::Type::Integer - name: 'numInstances' - description: | - The number of VM instances in the instance group. For master instance groups, - must be set to 1. - - !ruby/object:Api::Type::Array - name: 'instanceNames' - output: true - item_type: Api::Type::String - description: | - The list of instance names. - - !ruby/object:Api::Type::String - name: 'imageUri' - description: | - The Compute Engine image resource used for cluster instances. - - !ruby/object:Api::Type::String - name: 'machineTypeUri' - description: | - The Compute Engine machine type used for cluster instances - - !ruby/object:Api::Type::NestedObject - name: 'diskConfig' - description: | - Disk option config settings - properties: - - !ruby/object:Api::Type::String - name: 'bootDiskType' - description: | - Type of the boot disk. Valid values are "pd-ssd" or "pd-standard" - - !ruby/object:Api::Type::Integer - name: 'bootDiskSizeGb' - description: | - Size in GB of the boot disk. - - !ruby/object:Api::Type::Integer - name: 'numLocalSsds' - description: | - Number of attached SSDs, from 0 to 4. - - !ruby/object:Api::Type::Boolean - name: 'isPreemptible' - output: true - description: | - Specifies if this instance group contains preemptible instances. - - !ruby/object:Api::Type::Enum - name: 'preemptibility' - description: | - Specifies the preemptibility of the instance group. - The default value for master and worker groups is NON_PREEMPTIBLE. This default cannot be changed. - The default value for secondary instances is PREEMPTIBLE. - values: - - :PREEMPTIBILITY_UNSPECIFIED - - :NON_PREEMPTIBLE - - :PREEMPTIBLE - - !ruby/object:Api::Type::NestedObject - name: 'managedGroupConfig' - output: true - description: | - The config for Compute Engine Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - - !ruby/object:Api::Type::String - name: 'instanceTemplateName' - description: | - The name of the Instance Template used for the Managed Instance Group. - - !ruby/object:Api::Type::String - name: instanceGroupManagerName - description: | - The name of the Instance Group Manager for this group - - !ruby/object:Api::Type::NestedObject - name: 'softwareConfig' - description: | - Specifies the selection and config of software inside the cluster - properties: - - !ruby/object:Api::Type::String - name: 'imageVersion' - description: | - The version of software inside the cluster. It must be one of the supported Cloud Dataproc - Versions, such as "1.2" (including a subminor version, such as "1.2.29"), or the "preview" - version. - - !ruby/object:Api::Type::KeyValuePairs - name: 'properties' - description: | - The properties to set on daemon config files. - Property keys are specified in the prefix:property format, for example `core:hadoop.tmp.dir` - - !ruby/object:Api::Type::Enum - name: 'optionalComponents' - description: | - The set of optional components to activate on the cluster. - - Possible values include: COMPONENT_UNSPECIFIED, ANACONDA, HIVE_WEBHCAT, JUPYTER, ZEPPELIN, HBASE, SOLR, and RANGER - values: - - :COMPONENT_UNSPECIFIED - - :ANACONDA - - :HBASE - - :RANGER - - :SOLR - - :HIVE_WEBHCAT - - :JUPYTER - - :ZEPPELIN - - !ruby/object:Api::Type::Array - name: 'initializationActions' - description: | - Specifies an executable to run on a fully configured node and a timeout period for executable completion. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'executableFile' - description: | - Cloud Storage URI of the executable file - - !ruby/object:Api::Type::String - name: 'executionTimeout' - description: | - Amount of time executable has to complete - - !ruby/object:Api::Type::NestedObject - name: 'encryptionConfig' - description: | - Encryption settings for the cluster. - properties: - - !ruby/object:Api::Type::String - name: 'gcePdKmsKeyName' - description: | - The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - !ruby/object:Api::Type::NestedObject - name: 'securityConfig' - description: | - Kerberos config holder. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'kerberosConfig' - description: | - Kerberos related configuration. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enableKerberos' - description: | - Flag to indicate whether to Kerberize the cluster. - - !ruby/object:Api::Type::String - name: 'rootprincipalPasswordUri' - description: | - The cloud Storage URI of a KMS encrypted file containing the root principal password. - - !ruby/object:Api::Type::String - name: 'kmsKeyUri' - description: | - The uri of the KMS key used to encrypt various sensitive files. - - !ruby/object:Api::Type::String - name: 'keystoreUri' - description: | - The Cloud Storage URI of the keystore file used for SSL encryption. - - !ruby/object:Api::Type::String - name: 'truststoreUri' - description: | - The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. - - !ruby/object:Api::Type::String - name: 'keyPasswordUri' - description: | - The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. - - !ruby/object:Api::Type::String - name: 'truststorePasswordUri' - description: | - The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. - - !ruby/object:Api::Type::String - name: 'crossRealmTrustRealm' - description: | - The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust. - - !ruby/object:Api::Type::String - name: 'crossRealmTrustAdminServer' - description: | - The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship. - - !ruby/object:Api::Type::String - name: 'crossRealmTrustSharedPasswordUri' - description: | - The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster - Kerberos realm and the remote trusted realm, in a cross realm trust relationship. - - !ruby/object:Api::Type::String - name: 'kdcDbKeyUri' - description: | - The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database. - - !ruby/object:Api::Type::String - name: 'tgtLifetimeHours' - description: | - The lifetime of the ticket granting ticket, in hours. - - !ruby/object:Api::Type::String - name: 'realm' - description: | - The name of the on-cluster Kerberos realm. diff --git a/mmv1/products/dataproc/product.yaml b/mmv1/products/dataproc/product.yaml new file mode 100644 index 000000000000..ffe1034b0291 --- /dev/null +++ b/mmv1/products/dataproc/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Dataproc +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://dataproc.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://dataproc.googleapis.com/v1beta2/ +scopes: + - https://www.googleapis.com/auth/cloud-identity +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Dataproc API + url: https://console.cloud.google.com/apis/library/dataproc.googleapis.com diff --git a/mmv1/products/datastore/Index.yaml b/mmv1/products/datastore/Index.yaml new file mode 100644 index 000000000000..4b07694b62ea --- /dev/null +++ b/mmv1/products/datastore/Index.yaml @@ -0,0 +1,67 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Index' +base_url: "projects/{{project}}/indexes" +self_link: "projects/{{project}}/indexes/{{indexId}}" +immutable: true +collection_url_key: indexes +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/datastore/docs/concepts/indexes' + api: 'https://cloud.google.com/datastore/docs/reference/admin/rest/v1/projects.indexes' +identity: + - indexId +description: | + Describes a composite index for Cloud Datastore. +properties: + - !ruby/object:Api::Type::String + name: 'indexId' + output: true + description: | + The index id. + - !ruby/object:Api::Type::String + name: 'kind' + required: true + description: | + The entity kind which the index applies to. + - !ruby/object:Api::Type::Enum + name: 'ancestor' + default_value: :NONE + values: + - :NONE + - :ALL_ANCESTORS + description: | + Policy for including ancestors in the index. + - !ruby/object:Api::Type::Array + name: 'properties' + description: | + An ordered list of properties to index on. + min_size: 1 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The property name to index. + - !ruby/object:Api::Type::Enum + name: 'direction' + required: true + values: + - :ASCENDING + - :DESCENDING + description: | + The direction the index should optimize for sorting. + diff --git a/mmv1/products/datastore/api.yaml b/mmv1/products/datastore/api.yaml deleted file mode 100644 index b041e7a372b0..000000000000 --- a/mmv1/products/datastore/api.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Datastore -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://datastore.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/datastore -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Datastore API - url: https://console.cloud.google.com/apis/library/datastore.googleapis.com -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Index' - base_url: "projects/{{project}}/indexes" - self_link: "projects/{{project}}/indexes/{{indexId}}" - input: true - collection_url_key: indexes - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/datastore/docs/concepts/indexes' - api: 'https://cloud.google.com/datastore/docs/reference/admin/rest/v1/projects.indexes' - identity: - - indexId - description: | - Describes a composite index for Cloud Datastore. - properties: - - !ruby/object:Api::Type::String - name: 'indexId' - output: true - description: | - The index id. - - !ruby/object:Api::Type::String - name: 'kind' - required: true - description: | - The entity kind which the index applies to. - - !ruby/object:Api::Type::Enum - name: 'ancestor' - default_value: :NONE - values: - - :NONE - - :ALL_ANCESTORS - description: | - Policy for including ancestors in the index. - - !ruby/object:Api::Type::Array - name: 'properties' - description: | - An ordered list of properties to index on. - min_size: 1 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The property name to index. - - !ruby/object:Api::Type::Enum - name: 'direction' - required: true - values: - - :ASCENDING - - :DESCENDING - description: | - The direction the index should optimize for sorting. diff --git a/mmv1/products/datastore/product.yaml b/mmv1/products/datastore/product.yaml new file mode 100644 index 000000000000..837d2a1a840f --- /dev/null +++ b/mmv1/products/datastore/product.yaml @@ -0,0 +1,42 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Datastore +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://datastore.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/datastore +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Datastore API + url: https://console.cloud.google.com/apis/library/datastore.googleapis.com +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/datastream/ConnectionProfile.yaml b/mmv1/products/datastream/ConnectionProfile.yaml new file mode 100644 index 000000000000..322e3ef5bebd --- /dev/null +++ b/mmv1/products/datastream/ConnectionProfile.yaml @@ -0,0 +1,282 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ConnectionProfile' +base_url: "projects/{{project}}/locations/{{location}}/connectionProfiles" +create_url: "projects/{{project}}/locations/{{location}}/connectionProfiles?connectionProfileId={{connection_profile_id}}" +self_link: "projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}" +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-connection-profiles' + api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.connectionProfiles' +description: | + A set of reusable connection configurations to be used as a source or destination for a stream. +parameters: + - !ruby/object:Api::Type::String + name: connectionProfileId + description: |- + The connection profile identifier. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location this connection profile is located in. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: The resource's name. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: Display name. + - !ruby/object:Api::Type::NestedObject + name: 'oracleProfile' + exactly_one_of: + - oracle_profile + - gcs_profile + - mysql_profile + - bigquery_profile + - postgresql_profile + description: | + Oracle database profile. + properties: + - !ruby/object:Api::Type::String + name: 'hostname' + required: true + description: | + Hostname for the Oracle connection. + - !ruby/object:Api::Type::Integer + name: 'port' + default_value: 1521 + description: | + Port for the Oracle connection. + - !ruby/object:Api::Type::String + name: 'username' + required: true + description: | + Username for the Oracle connection. + - !ruby/object:Api::Type::String + name: 'password' + required: true + description: | + Password for the Oracle connection. + - !ruby/object:Api::Type::String + name: 'databaseService' + required: true + description: | + Database for the Oracle connection. + - !ruby/object:Api::Type::KeyValuePairs + name: 'connectionAttributes' + description: Connection string attributes + - !ruby/object:Api::Type::NestedObject + name: 'gcsProfile' + exactly_one_of: + - oracle_profile + - gcs_profile + - mysql_profile + - bigquery_profile + - postgresql_profile + description: | + Cloud Storage bucket profile. + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + The Cloud Storage bucket name. + - !ruby/object:Api::Type::String + name: 'rootPath' + description: | + The root path inside the Cloud Storage bucket. + - !ruby/object:Api::Type::NestedObject + name: 'mysqlProfile' + exactly_one_of: + - oracle_profile + - gcs_profile + - mysql_profile + - bigquery_profile + - postgresql_profile + description: | + MySQL database profile. + properties: + - !ruby/object:Api::Type::String + name: 'hostname' + required: true + description: | + Hostname for the MySQL connection. + - !ruby/object:Api::Type::Integer + name: 'port' + default_value: 3306 + description: | + Port for the MySQL connection. + - !ruby/object:Api::Type::String + name: 'username' + required: true + description: | + Username for the MySQL connection. + - !ruby/object:Api::Type::String + name: 'password' + required: true + immutable: true + description: | + Password for the MySQL connection. + - !ruby/object:Api::Type::NestedObject + name: 'sslConfig' + description: | + SSL configuration for the MySQL connection. + properties: + - !ruby/object:Api::Type::String + name: 'clientKey' + immutable: true + description: | + PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + - !ruby/object:Api::Type::Boolean + name: 'clientKeySet' + output: true + description: | + Indicates whether the clientKey field is set. + - !ruby/object:Api::Type::String + name: 'clientCertificate' + immutable: true + description: | + PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + - !ruby/object:Api::Type::Boolean + name: 'clientCertificateSet' + output: true + description: | + Indicates whether the clientCertificate field is set. + - !ruby/object:Api::Type::String + name: 'caCertificate' + immutable: true + description: | + PEM-encoded certificate of the CA that signed the source database + server's certificate. + - !ruby/object:Api::Type::Boolean + name: 'caCertificateSet' + output: true + description: | + Indicates whether the clientKey field is set. + - !ruby/object:Api::Type::NestedObject + name: 'bigqueryProfile' + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - oracle_profile + - gcs_profile + - mysql_profile + - bigquery_profile + - postgresql_profile + description: | + BigQuery warehouse profile. + properties: [] + - !ruby/object:Api::Type::NestedObject + name: 'postgresqlProfile' + exactly_one_of: + - oracle_profile + - gcs_profile + - mysql_profile + - bigquery_profile + - postgresql_profile + description: | + PostgreSQL database profile. + properties: + - !ruby/object:Api::Type::String + name: 'hostname' + required: true + description: | + Hostname for the PostgreSQL connection. + - !ruby/object:Api::Type::Integer + name: 'port' + default_value: 5432 + description: | + Port for the PostgreSQL connection. + - !ruby/object:Api::Type::String + name: 'username' + required: true + description: | + Username for the PostgreSQL connection. + - !ruby/object:Api::Type::String + name: 'password' + required: true + description: | + Password for the PostgreSQL connection. + - !ruby/object:Api::Type::String + name: 'database' + required: true + description: | + Database for the PostgreSQL connection. + - !ruby/object:Api::Type::NestedObject + name: 'forwardSshConnectivity' + description: | + Forward SSH tunnel connectivity. + conflicts: + - private_connectivity + properties: + - !ruby/object:Api::Type::String + name: 'hostname' + required: true + description: | + Hostname for the SSH tunnel. + - !ruby/object:Api::Type::String + name: 'username' + required: true + description: | + Username for the SSH tunnel. + - !ruby/object:Api::Type::Integer + name: 'port' + default_value: 22 + description: | + Port for the SSH tunnel. + - !ruby/object:Api::Type::String + name: 'password' + immutable: true + description: | + SSH password. + conflicts: + - forward_ssh_connectivity.0.private_key + - !ruby/object:Api::Type::String + name: 'privateKey' + immutable: true + description: | + SSH private key. + conflicts: + - forward_ssh_connectivity.0.password + - !ruby/object:Api::Type::NestedObject + name: 'privateConnectivity' + description: | + Private connectivity. + conflicts: + - forward_ssh_connectivity + properties: + - !ruby/object:Api::Type::String + name: 'privateConnection' + required: true + description: | + A reference to a private connection resource. Format: `projects/{project}/locations/{location}/privateConnections/{name}` diff --git a/mmv1/products/datastream/PrivateConnection.yaml b/mmv1/products/datastream/PrivateConnection.yaml new file mode 100644 index 000000000000..c91a7ed37d3b --- /dev/null +++ b/mmv1/products/datastream/PrivateConnection.yaml @@ -0,0 +1,95 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'PrivateConnection' +base_url: "projects/{{project}}/locations/{{location}}/privateConnections" +create_url: "projects/{{project}}/locations/{{location}}/privateConnections?privateConnectionId={{private_connection_id}}" +self_link: "projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}" +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-a-private-connectivity-configuration' + api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.privateConnections' +description: | + The PrivateConnection resource is used to establish private connectivity between Datastream and a customer's network. +immutable: true +parameters: + - !ruby/object:Api::Type::String + name: privateConnectionId + description: |- + The private connectivity identifier. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location this private connection is located in. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: The resource's name. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: Display name. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + State of the PrivateConnection. + output: true + values: + - :CREATING + - :CREATED + - :FAILED + - :DELETING + - :FAILED_TO_DELETE + - !ruby/object:Api::Type::NestedObject + name: 'error' + output: true + description: | + The PrivateConnection error in case of failure. + properties: + - !ruby/object:Api::Type::String + name: 'message' + description: | + A message containing more information about the error that occurred. + - !ruby/object:Api::Type::KeyValuePairs + name: 'details' + description: | + A list of messages that carry the error details. + - !ruby/object:Api::Type::NestedObject + name: 'vpcPeeringConfig' + required: true + description: | + The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + - !ruby/object:Api::Type::String + name: 'vpc' + required: true + description: | + Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name} + - !ruby/object:Api::Type::String + name: 'subnet' + required: true + description: | + A free subnet for peering. (CIDR of /29) diff --git a/mmv1/products/datastream/Stream.yaml b/mmv1/products/datastream/Stream.yaml new file mode 100644 index 000000000000..451f1f44e339 --- /dev/null +++ b/mmv1/products/datastream/Stream.yaml @@ -0,0 +1,1025 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Stream' +base_url: "projects/{{project}}/locations/{{location}}/streams" +create_url: "projects/{{project}}/locations/{{location}}/streams?streamId={{stream_id}}" +self_link: "projects/{{project}}/locations/{{location}}/streams/{{stream_id}}" +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-a-stream' + api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.streams' +description: | + A resource representing streaming data from a source to a destination. +parameters: + - !ruby/object:Api::Type::String + name: streamId + description: |- + The stream identifier. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location this stream is located in. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: The stream's name. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Labels. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: Display name. + - !ruby/object:Api::Type::NestedObject + name: 'sourceConfig' + required: true + description: | + Source connection profile configuration. + properties: + - !ruby/object:Api::Type::String + name: 'sourceConnectionProfile' + immutable: true + required: true + description: | + Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name} + - !ruby/object:Api::Type::NestedObject + name: 'mysqlSourceConfig' + allow_empty_object: true + send_empty_value: true + exactly_one_of: + - source_config.0.mysql_source_config + - source_config.0.oracle_source_config + - source_config.0.postgresql_source_config + description: | + MySQL data source configuration. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'includeObjects' + description: | + MySQL objects to retrieve from the source. + properties: + - !ruby/object:Api::Type::Array + name: 'mysqlDatabases' + required: true + min_size: 1 + description: | + MySQL databases on the server + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL database. + properties: + - !ruby/object:Api::Type::String + name: 'database' + required: true + description: | + Database name. + - !ruby/object:Api::Type::Array + name: 'mysqlTables' + min_size: 1 + description: | + Tables in the database. + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'mysqlColumns' + min_size: 1 + description: | + MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::String + name: 'collation' + description: | + Column collation. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::NestedObject + name: 'excludeObjects' + description: | + MySQL objects to exclude from the stream. + properties: + - !ruby/object:Api::Type::Array + name: 'mysqlDatabases' + required: true + min_size: 1 + description: | + MySQL databases on the server + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL database. + properties: + - !ruby/object:Api::Type::String + name: 'database' + required: true + description: | + Database name. + - !ruby/object:Api::Type::Array + name: 'mysqlTables' + min_size: 1 + description: | + Tables in the database. + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'mysqlColumns' + min_size: 1 + description: | + MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::String + name: 'collation' + description: | + Column collation. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::Integer + name: 'maxConcurrentCdcTasks' + send_empty_value: true + description: | + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + - !ruby/object:Api::Type::NestedObject + name: 'oracleSourceConfig' + allow_empty_object: true + send_empty_value: true + exactly_one_of: + - source_config.0.mysql_source_config + - source_config.0.oracle_source_config + - source_config.0.postgresql_source_config + description: | + MySQL data source configuration. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'includeObjects' + description: | + Oracle objects to retrieve from the source. + properties: + - !ruby/object:Api::Type::Array + name: 'oracleSchemas' + required: true + min_size: 1 + description: | + Oracle schemas/databases in the database server + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL database. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + required: true + description: | + Schema name. + - !ruby/object:Api::Type::Array + name: 'oracleTables' + min_size: 1 + description: | + Tables in the database. + item_type: !ruby/object:Api::Type::NestedObject + description: | + Oracle table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'oracleColumns' + min_size: 1 + description: | + Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + Oracle Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::Integer + name: 'precision' + output: true + description: | + Column precision. + - !ruby/object:Api::Type::Integer + name: 'scale' + output: true + description: | + Column scale. + - !ruby/object:Api::Type::String + name: 'encoding' + output: true + description: | + Column encoding. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + output: true + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + output: true + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + output: true + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::NestedObject + name: 'excludeObjects' + description: | + Oracle objects to exclude from the stream. + properties: + - !ruby/object:Api::Type::Array + name: 'oracleSchemas' + required: true + min_size: 1 + description: | + Oracle schemas/databases in the database server + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL database. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + required: true + description: | + Schema name. + - !ruby/object:Api::Type::Array + name: 'oracleTables' + min_size: 1 + description: | + Tables in the database. + item_type: !ruby/object:Api::Type::NestedObject + description: | + Oracle table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'oracleColumns' + min_size: 1 + description: | + Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + Oracle Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::Integer + name: 'precision' + output: true + description: | + Column precision. + - !ruby/object:Api::Type::Integer + name: 'scale' + output: true + description: | + Column scale. + - !ruby/object:Api::Type::String + name: 'encoding' + output: true + description: | + Column encoding. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + output: true + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + output: true + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + output: true + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::Integer + name: 'maxConcurrentCdcTasks' + send_empty_value: true + description: | + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + - !ruby/object:Api::Type::Integer + name: 'maxConcurrentBackfillTasks' + send_empty_value: true + description: | + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + - !ruby/object:Api::Type::NestedObject + name: 'dropLargeObjects' + allow_empty_object: true + send_empty_value: true + description: | + Configuration to drop large object values. + properties: [] + - !ruby/object:Api::Type::NestedObject + name: 'streamLargeObjects' + allow_empty_object: true + send_empty_value: true + description: | + Configuration to drop large object values. + properties: [ ] + - !ruby/object:Api::Type::NestedObject + name: 'postgresqlSourceConfig' + allow_empty_object: true + send_empty_value: true + exactly_one_of: + - source_config.0.mysql_source_config + - source_config.0.oracle_source_config + - source_config.0.postgresql_source_config + description: | + PostgreSQL data source configuration. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'includeObjects' + description: | + PostgreSQL objects to retrieve from the source. + properties: + - !ruby/object:Api::Type::Array + name: 'postgresqlSchemas' + required: true + min_size: 1 + description: | + PostgreSQL schemas on the server + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL schema. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + required: true + description: | + Database name. + - !ruby/object:Api::Type::Array + name: 'postgresqlTables' + min_size: 1 + description: | + Tables in the schema. + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'postgresqlColumns' + min_size: 1 + description: | + PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::Integer + name: 'precision' + output: true + description: | + Column precision. + - !ruby/object:Api::Type::Integer + name: 'scale' + output: true + description: | + Column scale. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::NestedObject + name: 'excludeObjects' + description: | + PostgreSQL objects to exclude from the stream. + properties: + - !ruby/object:Api::Type::Array + name: 'postgresqlSchemas' + required: true + min_size: 1 + description: | + PostgreSQL schemas on the server + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL schema. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + required: true + description: | + Database name. + - !ruby/object:Api::Type::Array + name: 'postgresqlTables' + min_size: 1 + description: | + Tables in the schema. + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'postgresqlColumns' + min_size: 1 + description: | + PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::Integer + name: 'precision' + output: true + description: | + Column precision. + - !ruby/object:Api::Type::Integer + name: 'scale' + output: true + description: | + Column scale. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::String + name: 'replicationSlot' + required: true + description: | + The name of the logical replication slot that's configured with + the pgoutput plugin. + - !ruby/object:Api::Type::String + name: 'publication' + required: true + description: | + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + - !ruby/object:Api::Type::Integer + name: 'maxConcurrentBackfillTasks' + send_empty_value: true + description: | + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + - !ruby/object:Api::Type::NestedObject + name: 'destinationConfig' + required: true + description: | + Destination connection profile configuration. + properties: + - !ruby/object:Api::Type::String + name: 'destinationConnectionProfile' + immutable: true + required: true + description: | + Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name} + - !ruby/object:Api::Type::NestedObject + name: 'gcsDestinationConfig' + exactly_one_of: + - destination_config.0.gcs_destination_config + - destination_config.0.bigquery_destination_config + description: | + A configuration for how data should be loaded to Cloud Storage. + properties: + - !ruby/object:Api::Type::String + name: 'path' + description: | + Path inside the Cloud Storage bucket to write data to. + - !ruby/object:Api::Type::Integer + name: 'fileRotationMb' + description: | + The maximum file size to be saved in the bucket. + - !ruby/object:Api::Type::String + name: 'fileRotationInterval' + description: | + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + - !ruby/object:Api::Type::NestedObject + name: 'avroFileFormat' + exactly_one_of: + - destination_config.0.gcs_destination_config.0.avro_file_format + - destination_config.0.gcs_destination_config.0.json_file_format + allow_empty_object: true + send_empty_value: true + description: | + AVRO file format configuration. + properties: [] + - !ruby/object:Api::Type::NestedObject + name: 'jsonFileFormat' + exactly_one_of: + - destination_config.0.gcs_destination_config.0.avro_file_format + - destination_config.0.gcs_destination_config.0.json_file_format + description: | + JSON file format configuration. + properties: + - !ruby/object:Api::Type::Enum + name: 'schemaFileFormat' + description: | + The schema file format along JSON data files. + values: + - NO_SCHEMA_FILE + - AVRO_SCHEMA_FILE + - !ruby/object:Api::Type::Enum + name: 'compression' + description: | + Compression of the loaded JSON file. + values: + - NO_COMPRESSION + - GZIP + - !ruby/object:Api::Type::NestedObject + name: 'bigqueryDestinationConfig' + exactly_one_of: + - destination_config.0.gcs_destination_config + - destination_config.0.bigquery_destination_config + description: | + A configuration for how data should be loaded to Cloud Storage. + properties: + - !ruby/object:Api::Type::String + name: 'dataFreshness' + description: | + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + - !ruby/object:Api::Type::NestedObject + name: 'singleTargetDataset' + exactly_one_of: + - destination_config.0.bigquery_destination_config.0.single_target_dataset + - destination_config.0.bigquery_destination_config.0.source_hierarchy_datasets + description: | + A single target dataset to which all data will be streamed. + properties: + - !ruby/object:Api::Type::String + name: 'datasetId' + required: true + description: | + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id} + custom_expand: 'templates/terraform/custom_expand/datastream_stream_dataset_id.go.erb' + diff_suppress_func: resourceDatastreamStreamDatabaseIdDiffSuppress + - !ruby/object:Api::Type::NestedObject + name: 'sourceHierarchyDatasets' + exactly_one_of: + - destination_config.0.bigquery_destination_config.0.single_target_dataset + - destination_config.0.bigquery_destination_config.0.source_hierarchy_datasets + description: | + Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'datasetTemplate' + required: true + description: | + Dataset template used for dynamic dataset creation. + properties: + - !ruby/object:Api::Type::String + name: 'location' + required: true + description: | + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. + - !ruby/object:Api::Type::String + name: 'datasetIdPrefix' + description: | + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + immutable: true + description: | + Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + - !ruby/object:Api::Type::String + name: 'state' + description: The state of the stream. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'backfillAll' + exactly_one_of: + - backfill_all + - backfill_none + allow_empty_object: true + send_empty_value: true + description: | + Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'mysqlExcludedObjects' + description: | + MySQL data source objects to avoid backfilling. + properties: + - !ruby/object:Api::Type::Array + name: 'mysqlDatabases' + required: true + min_size: 1 + description: | + MySQL databases on the server + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL database. + properties: + - !ruby/object:Api::Type::String + name: 'database' + required: true + description: | + Database name. + - !ruby/object:Api::Type::Array + name: 'mysqlTables' + min_size: 1 + description: | + Tables in the database. + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'mysqlColumns' + min_size: 1 + description: | + MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::String + name: 'collation' + description: | + Column collation. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::NestedObject + name: 'postgresqlExcludedObjects' + description: | + PostgreSQL data source objects to avoid backfilling. + properties: + - !ruby/object:Api::Type::Array + name: 'postgresqlSchemas' + required: true + min_size: 1 + description: | + PostgreSQL schemas on the server + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL schema. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + required: true + description: | + Database name. + - !ruby/object:Api::Type::Array + name: 'postgresqlTables' + min_size: 1 + description: | + Tables in the schema. + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'postgresqlColumns' + min_size: 1 + description: | + PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + PostgreSQL Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::Integer + name: 'precision' + output: true + description: | + Column precision. + - !ruby/object:Api::Type::Integer + name: 'scale' + output: true + description: | + Column scale. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::NestedObject + name: 'oracleExcludedObjects' + description: | + PostgreSQL data source objects to avoid backfilling. + properties: + - !ruby/object:Api::Type::Array + name: 'oracleSchemas' + required: true + min_size: 1 + description: | + Oracle schemas/databases in the database server + item_type: !ruby/object:Api::Type::NestedObject + description: | + MySQL database. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + required: true + description: | + Schema name. + - !ruby/object:Api::Type::Array + name: 'oracleTables' + min_size: 1 + description: | + Tables in the database. + item_type: !ruby/object:Api::Type::NestedObject + description: | + Oracle table. + properties: + - !ruby/object:Api::Type::String + name: 'table' + required: true + description: | + Table name. + - !ruby/object:Api::Type::Array + name: 'oracleColumns' + min_size: 1 + description: | + Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. + item_type: !ruby/object:Api::Type::NestedObject + description: | + Oracle Column. + properties: + - !ruby/object:Api::Type::String + name: 'column' + description: | + Column name. + - !ruby/object:Api::Type::String + name: 'dataType' + description: | + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html + - !ruby/object:Api::Type::Integer + name: 'length' + output: true + description: | + Column length. + - !ruby/object:Api::Type::Integer + name: 'precision' + output: true + description: | + Column precision. + - !ruby/object:Api::Type::Integer + name: 'scale' + output: true + description: | + Column scale. + - !ruby/object:Api::Type::String + name: 'encoding' + output: true + description: | + Column encoding. + - !ruby/object:Api::Type::Boolean + name: 'primaryKey' + output: true + description: | + Whether or not the column represents a primary key. + - !ruby/object:Api::Type::Boolean + name: 'nullable' + output: true + description: | + Whether or not the column can accept a null value. + - !ruby/object:Api::Type::Integer + name: 'ordinalPosition' + output: true + description: | + The ordinal position of the column in the table. + - !ruby/object:Api::Type::NestedObject + name: 'backfillNone' + exactly_one_of: + - backfill_all + - backfill_none + allow_empty_object: true + send_empty_value: true + description: | + Backfill strategy to disable automatic backfill for the Stream's objects. + properties: [] + - !ruby/object:Api::Type::String + name: 'customerManagedEncryptionKey' + immutable: true + description: | + A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + diff --git a/mmv1/products/datastream/api.yaml b/mmv1/products/datastream/api.yaml deleted file mode 100644 index 06120d5fe261..000000000000 --- a/mmv1/products/datastream/api.yaml +++ /dev/null @@ -1,1402 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Datastream -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://datastream.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Datastream API - url: https://console.cloud.google.com/apis/library/datastream.googleapis.com -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'ConnectionProfile' - base_url: "projects/{{project}}/locations/{{location}}/connectionProfiles" - create_url: "projects/{{project}}/locations/{{location}}/connectionProfiles?connectionProfileId={{connection_profile_id}}" - self_link: "projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}" - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-connection-profiles' - api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.connectionProfiles' - description: | - A set of reusable connection configurations to be used as a source or destination for a stream. - parameters: - - !ruby/object:Api::Type::String - name: connectionProfileId - description: |- - The connection profile identifier. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location this connection profile is located in. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: The resource's name. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: Display name. - - !ruby/object:Api::Type::NestedObject - name: 'oracleProfile' - exactly_one_of: - - oracle_profile - - gcs_profile - - mysql_profile - - bigquery_profile - - postgresql_profile - description: | - Oracle database profile. - properties: - - !ruby/object:Api::Type::String - name: 'hostname' - required: true - description: | - Hostname for the Oracle connection. - - !ruby/object:Api::Type::Integer - name: 'port' - default_value: 1521 - description: | - Port for the Oracle connection. - - !ruby/object:Api::Type::String - name: 'username' - required: true - description: | - Username for the Oracle connection. - - !ruby/object:Api::Type::String - name: 'password' - required: true - description: | - Password for the Oracle connection. - - !ruby/object:Api::Type::String - name: 'databaseService' - required: true - description: | - Database for the Oracle connection. - - !ruby/object:Api::Type::KeyValuePairs - name: 'connectionAttributes' - description: Connection string attributes - - !ruby/object:Api::Type::NestedObject - name: 'gcsProfile' - exactly_one_of: - - oracle_profile - - gcs_profile - - mysql_profile - - bigquery_profile - - postgresql_profile - description: | - Cloud Storage bucket profile. - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - required: true - description: | - The Cloud Storage bucket name. - - !ruby/object:Api::Type::String - name: 'rootPath' - description: | - The root path inside the Cloud Storage bucket. - - !ruby/object:Api::Type::NestedObject - name: 'mysqlProfile' - exactly_one_of: - - oracle_profile - - gcs_profile - - mysql_profile - - bigquery_profile - - postgresql_profile - description: | - MySQL database profile. - properties: - - !ruby/object:Api::Type::String - name: 'hostname' - required: true - description: | - Hostname for the MySQL connection. - - !ruby/object:Api::Type::Integer - name: 'port' - default_value: 3306 - description: | - Port for the MySQL connection. - - !ruby/object:Api::Type::String - name: 'username' - required: true - description: | - Username for the MySQL connection. - - !ruby/object:Api::Type::String - name: 'password' - required: true - input: true - description: | - Password for the MySQL connection. - - !ruby/object:Api::Type::NestedObject - name: 'sslConfig' - description: | - SSL configuration for the MySQL connection. - properties: - - !ruby/object:Api::Type::String - name: 'clientKey' - input: true - description: | - PEM-encoded private key associated with the Client Certificate. - If this field is used then the 'client_certificate' and the - 'ca_certificate' fields are mandatory. - - !ruby/object:Api::Type::Boolean - name: 'clientKeySet' - output: true - description: | - Indicates whether the clientKey field is set. - - !ruby/object:Api::Type::String - name: 'clientCertificate' - input: true - description: | - PEM-encoded certificate that will be used by the replica to - authenticate against the source database server. If this field - is used then the 'clientKey' and the 'caCertificate' fields are - mandatory. - - !ruby/object:Api::Type::Boolean - name: 'clientCertificateSet' - output: true - description: | - Indicates whether the clientCertificate field is set. - - !ruby/object:Api::Type::String - name: 'caCertificate' - input: true - description: | - PEM-encoded certificate of the CA that signed the source database - server's certificate. - - !ruby/object:Api::Type::Boolean - name: 'caCertificateSet' - output: true - description: | - Indicates whether the clientKey field is set. - - !ruby/object:Api::Type::NestedObject - name: 'bigqueryProfile' - send_empty_value: true - allow_empty_object: true - exactly_one_of: - - oracle_profile - - gcs_profile - - mysql_profile - - bigquery_profile - - postgresql_profile - description: | - BigQuery warehouse profile. - properties: [] - - !ruby/object:Api::Type::NestedObject - name: 'postgresqlProfile' - exactly_one_of: - - oracle_profile - - gcs_profile - - mysql_profile - - bigquery_profile - - postgresql_profile - description: | - PostgreSQL database profile. - properties: - - !ruby/object:Api::Type::String - name: 'hostname' - required: true - description: | - Hostname for the PostgreSQL connection. - - !ruby/object:Api::Type::Integer - name: 'port' - default_value: 5432 - description: | - Port for the PostgreSQL connection. - - !ruby/object:Api::Type::String - name: 'username' - required: true - description: | - Username for the PostgreSQL connection. - - !ruby/object:Api::Type::String - name: 'password' - required: true - description: | - Password for the PostgreSQL connection. - - !ruby/object:Api::Type::String - name: 'database' - required: true - description: | - Database for the PostgreSQL connection. - - !ruby/object:Api::Type::NestedObject - name: 'forwardSshConnectivity' - description: | - Forward SSH tunnel connectivity. - conflicts: - - private_connectivity - properties: - - !ruby/object:Api::Type::String - name: 'hostname' - required: true - description: | - Hostname for the SSH tunnel. - - !ruby/object:Api::Type::String - name: 'username' - required: true - description: | - Username for the SSH tunnel. - - !ruby/object:Api::Type::Integer - name: 'port' - default_value: 22 - description: | - Port for the SSH tunnel. - - !ruby/object:Api::Type::String - name: 'password' - input: true - description: | - SSH password. - conflicts: - - forward_ssh_connectivity.0.private_key - - !ruby/object:Api::Type::String - name: 'privateKey' - input: true - description: | - SSH private key. - conflicts: - - forward_ssh_connectivity.0.password - - !ruby/object:Api::Type::NestedObject - name: 'privateConnectivity' - description: | - Private connectivity. - conflicts: - - forward_ssh_connectivity - properties: - - !ruby/object:Api::Type::String - name: 'privateConnection' - required: true - description: | - A reference to a private connection resource. Format: `projects/{project}/locations/{location}/privateConnections/{name}` - - !ruby/object:Api::Resource - name: 'PrivateConnection' - base_url: "projects/{{project}}/locations/{{location}}/privateConnections" - create_url: "projects/{{project}}/locations/{{location}}/privateConnections?privateConnectionId={{private_connection_id}}" - self_link: "projects/{{project}}/locations/{{location}}/privateConnections/{{private_connection_id}}" - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-a-private-connectivity-configuration' - api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.privateConnections' - description: | - The PrivateConnection resource is used to establish private connectivity between Datastream and a customer's network. - input: true - parameters: - - !ruby/object:Api::Type::String - name: privateConnectionId - description: |- - The private connectivity identifier. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location this private connection is located in. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: The resource's name. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: Display name. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - State of the PrivateConnection. - output: true - values: - - :CREATING - - :CREATED - - :FAILED - - :DELETING - - :FAILED_TO_DELETE - - !ruby/object:Api::Type::NestedObject - name: 'error' - output: true - description: | - The PrivateConnection error in case of failure. - properties: - - !ruby/object:Api::Type::String - name: 'message' - description: | - A message containing more information about the error that occurred. - - !ruby/object:Api::Type::KeyValuePairs - name: 'details' - description: | - A list of messages that carry the error details. - - !ruby/object:Api::Type::NestedObject - name: 'vpcPeeringConfig' - required: true - description: | - The VPC Peering configuration is used to create VPC peering - between Datastream and the consumer's VPC. - properties: - - !ruby/object:Api::Type::String - name: 'vpc' - required: true - description: | - Fully qualified name of the VPC that Datastream will peer to. - Format: projects/{project}/global/{networks}/{name} - - !ruby/object:Api::Type::String - name: 'subnet' - required: true - description: | - A free subnet for peering. (CIDR of /29) - - !ruby/object:Api::Resource - name: 'Stream' - base_url: "projects/{{project}}/locations/{{location}}/streams" - create_url: "projects/{{project}}/locations/{{location}}/streams?streamId={{stream_id}}" - self_link: "projects/{{project}}/locations/{{location}}/streams/{{stream_id}}" - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/datastream/docs/create-a-stream' - api: 'https://cloud.google.com/datastream/docs/reference/rest/v1/projects.locations.streams' - description: | - A resource representing streaming data from a source to a destination. - parameters: - - !ruby/object:Api::Type::String - name: streamId - description: |- - The stream identifier. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location this stream is located in. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: The stream's name. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Labels. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: Display name. - - !ruby/object:Api::Type::NestedObject - name: 'sourceConfig' - required: true - description: | - Source connection profile configuration. - properties: - - !ruby/object:Api::Type::String - name: 'sourceConnectionProfile' - input: true - required: true - description: | - Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name} - - !ruby/object:Api::Type::NestedObject - name: 'mysqlSourceConfig' - allow_empty_object: true - send_empty_value: true - exactly_one_of: - - source_config.0.mysql_source_config - - source_config.0.oracle_source_config - - source_config.0.postgresql_source_config - description: | - MySQL data source configuration. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'includeObjects' - description: | - MySQL objects to retrieve from the source. - properties: - - !ruby/object:Api::Type::Array - name: 'mysqlDatabases' - required: true - min_size: 1 - description: | - MySQL databases on the server - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL database. - properties: - - !ruby/object:Api::Type::String - name: 'database' - required: true - description: | - Database name. - - !ruby/object:Api::Type::Array - name: 'mysqlTables' - min_size: 1 - description: | - Tables in the database. - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'mysqlColumns' - min_size: 1 - description: | - MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The MySQL data type. Full data types list can be found here: - https://dev.mysql.com/doc/refman/8.0/en/data-types.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::String - name: 'collation' - description: | - Column collation. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::NestedObject - name: 'excludeObjects' - description: | - MySQL objects to exclude from the stream. - properties: - - !ruby/object:Api::Type::Array - name: 'mysqlDatabases' - required: true - min_size: 1 - description: | - MySQL databases on the server - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL database. - properties: - - !ruby/object:Api::Type::String - name: 'database' - required: true - description: | - Database name. - - !ruby/object:Api::Type::Array - name: 'mysqlTables' - min_size: 1 - description: | - Tables in the database. - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'mysqlColumns' - min_size: 1 - description: | - MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The MySQL data type. Full data types list can be found here: - https://dev.mysql.com/doc/refman/8.0/en/data-types.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::String - name: 'collation' - description: | - Column collation. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::Integer - name: 'maxConcurrentCdcTasks' - send_empty_value: true - description: | - Maximum number of concurrent CDC tasks. The number should be non negative. - If not set (or set to 0), the system's default value will be used. - - !ruby/object:Api::Type::NestedObject - name: 'oracleSourceConfig' - allow_empty_object: true - send_empty_value: true - exactly_one_of: - - source_config.0.mysql_source_config - - source_config.0.oracle_source_config - - source_config.0.postgresql_source_config - description: | - MySQL data source configuration. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'includeObjects' - description: | - Oracle objects to retrieve from the source. - properties: - - !ruby/object:Api::Type::Array - name: 'oracleSchemas' - required: true - min_size: 1 - description: | - Oracle schemas/databases in the database server - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL database. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - required: true - description: | - Schema name. - - !ruby/object:Api::Type::Array - name: 'oracleTables' - min_size: 1 - description: | - Tables in the database. - item_type: !ruby/object:Api::Type::NestedObject - description: | - Oracle table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'oracleColumns' - min_size: 1 - description: | - Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - Oracle Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The Oracle data type. Full data types list can be found here: - https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::Integer - name: 'precision' - output: true - description: | - Column precision. - - !ruby/object:Api::Type::Integer - name: 'scale' - output: true - description: | - Column scale. - - !ruby/object:Api::Type::String - name: 'encoding' - output: true - description: | - Column encoding. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - output: true - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - output: true - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - output: true - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::NestedObject - name: 'excludeObjects' - description: | - Oracle objects to exclude from the stream. - properties: - - !ruby/object:Api::Type::Array - name: 'oracleSchemas' - required: true - min_size: 1 - description: | - Oracle schemas/databases in the database server - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL database. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - required: true - description: | - Schema name. - - !ruby/object:Api::Type::Array - name: 'oracleTables' - min_size: 1 - description: | - Tables in the database. - item_type: !ruby/object:Api::Type::NestedObject - description: | - Oracle table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'oracleColumns' - min_size: 1 - description: | - Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - Oracle Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The Oracle data type. Full data types list can be found here: - https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::Integer - name: 'precision' - output: true - description: | - Column precision. - - !ruby/object:Api::Type::Integer - name: 'scale' - output: true - description: | - Column scale. - - !ruby/object:Api::Type::String - name: 'encoding' - output: true - description: | - Column encoding. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - output: true - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - output: true - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - output: true - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::Integer - name: 'maxConcurrentCdcTasks' - send_empty_value: true - description: | - Maximum number of concurrent CDC tasks. The number should be non negative. - If not set (or set to 0), the system's default value will be used. - - !ruby/object:Api::Type::Integer - name: 'maxConcurrentBackfillTasks' - send_empty_value: true - description: | - Maximum number of concurrent backfill tasks. The number should be non negative. - If not set (or set to 0), the system's default value will be used. - - !ruby/object:Api::Type::NestedObject - name: 'dropLargeObjects' - allow_empty_object: true - send_empty_value: true - description: | - Configuration to drop large object values. - properties: [] - - !ruby/object:Api::Type::NestedObject - name: 'streamLargeObjects' - allow_empty_object: true - send_empty_value: true - description: | - Configuration to drop large object values. - properties: [ ] - - !ruby/object:Api::Type::NestedObject - name: 'postgresqlSourceConfig' - allow_empty_object: true - send_empty_value: true - exactly_one_of: - - source_config.0.mysql_source_config - - source_config.0.oracle_source_config - - source_config.0.postgresql_source_config - description: | - PostgreSQL data source configuration. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'includeObjects' - description: | - PostgreSQL objects to retrieve from the source. - properties: - - !ruby/object:Api::Type::Array - name: 'postgresqlSchemas' - required: true - min_size: 1 - description: | - PostgreSQL schemas on the server - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL schema. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - required: true - description: | - Database name. - - !ruby/object:Api::Type::Array - name: 'postgresqlTables' - min_size: 1 - description: | - Tables in the schema. - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'postgresqlColumns' - min_size: 1 - description: | - PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The PostgreSQL data type. Full data types list can be found here: - https://www.postgresql.org/docs/current/datatype.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::Integer - name: 'precision' - output: true - description: | - Column precision. - - !ruby/object:Api::Type::Integer - name: 'scale' - output: true - description: | - Column scale. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::NestedObject - name: 'excludeObjects' - description: | - PostgreSQL objects to exclude from the stream. - properties: - - !ruby/object:Api::Type::Array - name: 'postgresqlSchemas' - required: true - min_size: 1 - description: | - PostgreSQL schemas on the server - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL schema. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - required: true - description: | - Database name. - - !ruby/object:Api::Type::Array - name: 'postgresqlTables' - min_size: 1 - description: | - Tables in the schema. - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'postgresqlColumns' - min_size: 1 - description: | - PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The PostgreSQL data type. Full data types list can be found here: - https://www.postgresql.org/docs/current/datatype.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::Integer - name: 'precision' - output: true - description: | - Column precision. - - !ruby/object:Api::Type::Integer - name: 'scale' - output: true - description: | - Column scale. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::String - name: 'replicationSlot' - required: true - description: | - The name of the logical replication slot that's configured with - the pgoutput plugin. - - !ruby/object:Api::Type::String - name: 'publication' - required: true - description: | - The name of the publication that includes the set of all tables - that are defined in the stream's include_objects. - - !ruby/object:Api::Type::Integer - name: 'maxConcurrentBackfillTasks' - send_empty_value: true - description: | - Maximum number of concurrent backfill tasks. The number should be non - negative. If not set (or set to 0), the system's default value will be used. - - !ruby/object:Api::Type::NestedObject - name: 'destinationConfig' - required: true - description: | - Destination connection profile configuration. - properties: - - !ruby/object:Api::Type::String - name: 'destinationConnectionProfile' - input: true - required: true - description: | - Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name} - - !ruby/object:Api::Type::NestedObject - name: 'gcsDestinationConfig' - exactly_one_of: - - destination_config.0.gcs_destination_config - - destination_config.0.bigquery_destination_config - description: | - A configuration for how data should be loaded to Cloud Storage. - properties: - - !ruby/object:Api::Type::String - name: 'path' - description: | - Path inside the Cloud Storage bucket to write data to. - - !ruby/object:Api::Type::Integer - name: 'fileRotationMb' - description: | - The maximum file size to be saved in the bucket. - - !ruby/object:Api::Type::String - name: 'fileRotationInterval' - description: | - The maximum duration for which new events are added before a file is closed and a new file is created. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. - - !ruby/object:Api::Type::NestedObject - name: 'avroFileFormat' - exactly_one_of: - - destination_config.0.gcs_destination_config.0.avro_file_format - - destination_config.0.gcs_destination_config.0.json_file_format - allow_empty_object: true - send_empty_value: true - description: | - AVRO file format configuration. - properties: [] - - !ruby/object:Api::Type::NestedObject - name: 'jsonFileFormat' - exactly_one_of: - - destination_config.0.gcs_destination_config.0.avro_file_format - - destination_config.0.gcs_destination_config.0.json_file_format - description: | - JSON file format configuration. - properties: - - !ruby/object:Api::Type::Enum - name: 'schemaFileFormat' - description: | - The schema file format along JSON data files. - values: - - NO_SCHEMA_FILE - - AVRO_SCHEMA_FILE - - !ruby/object:Api::Type::Enum - name: 'compression' - description: | - Compression of the loaded JSON file. - values: - - NO_COMPRESSION - - GZIP - - !ruby/object:Api::Type::NestedObject - name: 'bigqueryDestinationConfig' - exactly_one_of: - - destination_config.0.gcs_destination_config - - destination_config.0.bigquery_destination_config - description: | - A configuration for how data should be loaded to Cloud Storage. - properties: - - !ruby/object:Api::Type::String - name: 'dataFreshness' - description: | - The guaranteed data freshness (in seconds) when querying tables created by the stream. - Editing this field will only affect new tables created in the future, but existing tables - will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. - - !ruby/object:Api::Type::NestedObject - name: 'singleTargetDataset' - exactly_one_of: - - destination_config.0.bigquery_destination_config.0.single_target_dataset - - destination_config.0.bigquery_destination_config.0.source_hierarchy_datasets - description: | - A single target dataset to which all data will be streamed. - properties: - - !ruby/object:Api::Type::String - name: 'datasetId' - required: true - description: | - Dataset ID in the format projects/{project}/datasets/{dataset_id} - - !ruby/object:Api::Type::NestedObject - name: 'sourceHierarchyDatasets' - exactly_one_of: - - destination_config.0.bigquery_destination_config.0.single_target_dataset - - destination_config.0.bigquery_destination_config.0.source_hierarchy_datasets - description: | - Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'datasetTemplate' - required: true - description: | - Dataset template used for dynamic dataset creation. - properties: - - !ruby/object:Api::Type::String - name: 'location' - required: true - description: | - The geographic location where the dataset should reside. - See https://cloud.google.com/bigquery/docs/locations for supported locations. - - !ruby/object:Api::Type::String - name: 'datasetIdPrefix' - description: | - If supplied, every created dataset will have its name prefixed by the provided value. - The prefix and name will be separated by an underscore. i.e. _. - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - input: true - description: | - Describes the Cloud KMS encryption key that will be used to protect destination BigQuery - table. The BigQuery Service Account associated with your project requires access to this - encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. - See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. - - !ruby/object:Api::Type::String - name: 'state' - description: The state of the stream. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'backfillAll' - exactly_one_of: - - backfill_all - - backfill_none - allow_empty_object: true - send_empty_value: true - description: | - Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'mysqlExcludedObjects' - description: | - MySQL data source objects to avoid backfilling. - properties: - - !ruby/object:Api::Type::Array - name: 'mysqlDatabases' - required: true - min_size: 1 - description: | - MySQL databases on the server - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL database. - properties: - - !ruby/object:Api::Type::String - name: 'database' - required: true - description: | - Database name. - - !ruby/object:Api::Type::Array - name: 'mysqlTables' - min_size: 1 - description: | - Tables in the database. - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'mysqlColumns' - min_size: 1 - description: | - MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The MySQL data type. Full data types list can be found here: - https://dev.mysql.com/doc/refman/8.0/en/data-types.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::String - name: 'collation' - description: | - Column collation. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::NestedObject - name: 'postgresqlExcludedObjects' - description: | - PostgreSQL data source objects to avoid backfilling. - properties: - - !ruby/object:Api::Type::Array - name: 'postgresqlSchemas' - required: true - min_size: 1 - description: | - PostgreSQL schemas on the server - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL schema. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - required: true - description: | - Database name. - - !ruby/object:Api::Type::Array - name: 'postgresqlTables' - min_size: 1 - description: | - Tables in the schema. - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'postgresqlColumns' - min_size: 1 - description: | - PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - PostgreSQL Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The PostgreSQL data type. Full data types list can be found here: - https://www.postgresql.org/docs/current/datatype.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::Integer - name: 'precision' - output: true - description: | - Column precision. - - !ruby/object:Api::Type::Integer - name: 'scale' - output: true - description: | - Column scale. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::NestedObject - name: 'oracleExcludedObjects' - description: | - PostgreSQL data source objects to avoid backfilling. - properties: - - !ruby/object:Api::Type::Array - name: 'oracleSchemas' - required: true - min_size: 1 - description: | - Oracle schemas/databases in the database server - item_type: !ruby/object:Api::Type::NestedObject - description: | - MySQL database. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - required: true - description: | - Schema name. - - !ruby/object:Api::Type::Array - name: 'oracleTables' - min_size: 1 - description: | - Tables in the database. - item_type: !ruby/object:Api::Type::NestedObject - description: | - Oracle table. - properties: - - !ruby/object:Api::Type::String - name: 'table' - required: true - description: | - Table name. - - !ruby/object:Api::Type::Array - name: 'oracleColumns' - min_size: 1 - description: | - Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything. - item_type: !ruby/object:Api::Type::NestedObject - description: | - Oracle Column. - properties: - - !ruby/object:Api::Type::String - name: 'column' - description: | - Column name. - - !ruby/object:Api::Type::String - name: 'dataType' - description: | - The Oracle data type. Full data types list can be found here: - https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html - - !ruby/object:Api::Type::Integer - name: 'length' - output: true - description: | - Column length. - - !ruby/object:Api::Type::Integer - name: 'precision' - output: true - description: | - Column precision. - - !ruby/object:Api::Type::Integer - name: 'scale' - output: true - description: | - Column scale. - - !ruby/object:Api::Type::String - name: 'encoding' - output: true - description: | - Column encoding. - - !ruby/object:Api::Type::Boolean - name: 'primaryKey' - output: true - description: | - Whether or not the column represents a primary key. - - !ruby/object:Api::Type::Boolean - name: 'nullable' - output: true - description: | - Whether or not the column can accept a null value. - - !ruby/object:Api::Type::Integer - name: 'ordinalPosition' - output: true - description: | - The ordinal position of the column in the table. - - !ruby/object:Api::Type::NestedObject - name: 'backfillNone' - exactly_one_of: - - backfill_all - - backfill_none - allow_empty_object: true - send_empty_value: true - description: | - Backfill strategy to disable automatic backfill for the Stream's objects. - properties: [] - - !ruby/object:Api::Type::String - name: 'customerManagedEncryptionKey' - input: true - description: | - A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data - will be encrypted using an internal Stream-specific encryption key provisioned through KMS. diff --git a/mmv1/products/datastream/product.yaml b/mmv1/products/datastream/product.yaml new file mode 100644 index 000000000000..d5a3f720158d --- /dev/null +++ b/mmv1/products/datastream/product.yaml @@ -0,0 +1,42 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Datastream +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://datastream.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Datastream API + url: https://console.cloud.google.com/apis/library/datastream.googleapis.com +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/datastream/terraform.yaml b/mmv1/products/datastream/terraform.yaml index 4ec6f080c87a..cf73207c75be 100644 --- a/mmv1/products/datastream/terraform.yaml +++ b/mmv1/products/datastream/terraform.yaml @@ -193,6 +193,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides stream_id: "my-stream" source_connection_profile_id: "source-profile" destination_connection_profile_id: "destination-profile" + - !ruby/object:Provider::Terraform::Examples + name: "datastream_stream_postgresql_bigquery_dataset_id" + primary_resource_id: "default" + pull_external: true + # Random provider + skip_vcr: true - !ruby/object:Provider::Terraform::Examples name: "datastream_stream_bigquery" pull_external: true diff --git a/mmv1/products/deploymentmanager/Deployment.yaml b/mmv1/products/deploymentmanager/Deployment.yaml new file mode 100644 index 000000000000..6b4cfee139ee --- /dev/null +++ b/mmv1/products/deploymentmanager/Deployment.yaml @@ -0,0 +1,181 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Deployment' +kind: 'deploymentmanager#deployment' +base_url: projects/{{project}}/global/deployments +self_link: projects/{{project}}/global/deployments/{{name}} +create_url: projects/{{project}}/global/deployments?preview={{preview}}&createPolicy={{create_policy}} +delete_url: projects/{{project}}/global/deployments/{{name}}?deletePolicy={{delete_policy}} +# A deployment is updatable, but we need to have custom update behavior. +immutable: true +update_verb: :PATCH +update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} +description: | + A collection of resources that are deployed and managed together using + a configuration file +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'deploymentmanager#operation' + path: 'name' + full_url: 'selfLink' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: + # These properties are query parameters given on create/update/delete. + # They should be tracked and updatable. + - !ruby/object:Api::Type::Enum + name: 'createPolicy' + description: | + Set the policy to use for creating new resources. Only used on + create and update. Valid values are `CREATE_OR_ACQUIRE` (default) or + `ACQUIRE`. If set to `ACQUIRE` and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. + url_param_only: true + default_value: :CREATE_OR_ACQUIRE + values: + - :ACQUIRE + - :CREATE_OR_ACQUIRE + - !ruby/object:Api::Type::Enum + name: 'deletePolicy' + description: | + Set the policy to use for deleting new resources on update/delete. + Valid values are `DELETE` (default) or `ABANDON`. If `DELETE`, + resource is deleted after removal from Deployment Manager. If + `ABANDON`, the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. + url_param_only: true + default_value: :DELETE + values: + - :ABANDON + - :DELETE + - !ruby/object:Api::Type::Boolean + name: 'preview' + description: | + If set to true, a deployment is created with "shell" resources + that are not actually instantiated. This allows you to preview a + deployment. It can be updated to false to actually deploy + with real resources. + default_value: false + url_param_only: true + # Custom Update + update_id: '0_preview' + fingerprint_name: 'fingerprint' + update_verb: :PATCH + update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Unique name for the deployment + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + Optional user-provided description of deployment. + # Custom Update + fingerprint_name: 'fingerprint' + update_id: '1_non-preview' + update_verb: :PATCH + update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} + - !ruby/object:Api::Type::Array + name: 'labels' + description: | + Key-value pairs to apply to this labels. + send_empty_value: true + # Custom Update + fingerprint_name: 'fingerprint' + update_id: '1_non-preview' + update_verb: :PATCH + update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'key' + description: | + Key for label. + - !ruby/object:Api::Type::String + name: 'value' + description: | + Value of label. + - !ruby/object:Api::Type::NestedObject + name: 'target' + required: true + description: | + Parameters that define your deployment, including the deployment + configuration and relevant templates. + # Custom Update + fingerprint_name: 'fingerprint' + update_id: '1_non-preview' + update_verb: :PATCH + update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} + properties: + - !ruby/object:Api::Type::NestedObject + name: 'config' + required: true + description: | + The root configuration file to use for this deployment. + properties: + - !ruby/object:Api::Type::String + name: 'content' + required: true + description: | + The full YAML contents of your configuration file. + - !ruby/object:Api::Type::Array + name: 'imports' + description: | + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'content' + description: | + The full contents of the template that you want to import. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the template to import, as declared in the YAML + configuration. + - !ruby/object:Api::Type::String + name: 'id' + output: true + description: | + Unique identifier for deployment. Output only. + - !ruby/object:Api::Type::String + name: 'manifest' + output: true + description: | + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + - !ruby/object:Api::Type::String + name: 'selfLink' + output: true + description: | + Output only. Server defined URL for the resource. + diff --git a/mmv1/products/deploymentmanager/api.yaml b/mmv1/products/deploymentmanager/api.yaml deleted file mode 100644 index 42bdfb144370..000000000000 --- a/mmv1/products/deploymentmanager/api.yaml +++ /dev/null @@ -1,194 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DeploymentManager -display_name: Cloud Deployment Manager -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://www.googleapis.com/deploymentmanager/v2/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Deployment Manager API - url: https://console.cloud.google.com/apis/library/deploymentmanager.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Deployment' - kind: 'deploymentmanager#deployment' - base_url: projects/{{project}}/global/deployments - self_link: projects/{{project}}/global/deployments/{{name}} - create_url: projects/{{project}}/global/deployments?preview={{preview}}&createPolicy={{create_policy}} - delete_url: projects/{{project}}/global/deployments/{{name}}?deletePolicy={{delete_policy}} - # A deployment is updatable, but we need to have custom update behavior. - input: true - update_verb: :PATCH - update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} - description: | - A collection of resources that are deployed and managed together using - a configuration file - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'deploymentmanager#operation' - path: 'name' - full_url: 'selfLink' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - # These properties are query parameters given on create/update/delete. - # They should be tracked and updatable. - - !ruby/object:Api::Type::Enum - name: 'createPolicy' - description: | - Set the policy to use for creating new resources. Only used on - create and update. Valid values are `CREATE_OR_ACQUIRE` (default) or - `ACQUIRE`. If set to `ACQUIRE` and resources do not already exist, - the deployment will fail. Note that updating this field does not - actually affect the deployment, just how it is updated. - url_param_only: true - default_value: :CREATE_OR_ACQUIRE - values: - - :ACQUIRE - - :CREATE_OR_ACQUIRE - - !ruby/object:Api::Type::Enum - name: 'deletePolicy' - description: | - Set the policy to use for deleting new resources on update/delete. - Valid values are `DELETE` (default) or `ABANDON`. If `DELETE`, - resource is deleted after removal from Deployment Manager. If - `ABANDON`, the resource is only removed from Deployment Manager - and is not actually deleted. Note that updating this field does not - actually change the deployment, just how it is updated. - url_param_only: true - default_value: :DELETE - values: - - :ABANDON - - :DELETE - - !ruby/object:Api::Type::Boolean - name: 'preview' - description: | - If set to true, a deployment is created with "shell" resources - that are not actually instantiated. This allows you to preview a - deployment. It can be updated to false to actually deploy - with real resources. - default_value: false - url_param_only: true - # Custom Update - update_id: '0_preview' - fingerprint_name: 'fingerprint' - update_verb: :PATCH - update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Unique name for the deployment - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - Optional user-provided description of deployment. - # Custom Update - fingerprint_name: 'fingerprint' - update_id: '1_non-preview' - update_verb: :PATCH - update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} - - !ruby/object:Api::Type::Array - name: 'labels' - description: | - Key-value pairs to apply to this labels. - send_empty_value: true - # Custom Update - fingerprint_name: 'fingerprint' - update_id: '1_non-preview' - update_verb: :PATCH - update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'key' - description: | - Key for label. - - !ruby/object:Api::Type::String - name: 'value' - description: | - Value of label. - - !ruby/object:Api::Type::NestedObject - name: 'target' - required: true - description: | - Parameters that define your deployment, including the deployment - configuration and relevant templates. - # Custom Update - fingerprint_name: 'fingerprint' - update_id: '1_non-preview' - update_verb: :PATCH - update_url: projects/{{project}}/global/deployments/{{name}}?preview={{preview}}&createPolicy={{create_policy}}&deletePolicy={{delete_policy}} - properties: - - !ruby/object:Api::Type::NestedObject - name: 'config' - required: true - description: | - The root configuration file to use for this deployment. - properties: - - !ruby/object:Api::Type::String - name: 'content' - required: true - description: | - The full YAML contents of your configuration file. - - !ruby/object:Api::Type::Array - name: 'imports' - description: | - Specifies import files for this configuration. This can be - used to import templates or other files. For example, you might - import a text file in order to use the file in a template. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'content' - description: | - The full contents of the template that you want to import. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the template to import, as declared in the YAML - configuration. - - !ruby/object:Api::Type::String - name: 'id' - output: true - description: | - Unique identifier for deployment. Output only. - - !ruby/object:Api::Type::String - name: 'manifest' - output: true - description: | - Output only. URL of the manifest representing the last manifest that - was successfully deployed. - - !ruby/object:Api::Type::String - name: 'selfLink' - output: true - description: | - Output only. Server defined URL for the resource. diff --git a/mmv1/products/deploymentmanager/product.yaml b/mmv1/products/deploymentmanager/product.yaml new file mode 100644 index 000000000000..3fe1235ed41f --- /dev/null +++ b/mmv1/products/deploymentmanager/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DeploymentManager +display_name: Cloud Deployment Manager +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://www.googleapis.com/deploymentmanager/v2/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Deployment Manager API + url: https://console.cloud.google.com/apis/library/deploymentmanager.googleapis.com/ diff --git a/mmv1/products/dialogflow/Agent.yaml b/mmv1/products/dialogflow/Agent.yaml new file mode 100644 index 000000000000..ad3ea744fec7 --- /dev/null +++ b/mmv1/products/dialogflow/Agent.yaml @@ -0,0 +1,117 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Agent' +base_url: "projects/{{project}}/agent" +self_link: "projects/{{project}}/agent" +update_verb: :POST +description: | + A Dialogflow agent is a virtual agent that handles conversations with your end-users. It is a natural language + understanding module that understands the nuances of human language. Dialogflow translates end-user text or audio + during a conversation to structured data that your apps and services can understand. You design and build a Dialogflow + agent to handle the types of conversations required for your system. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/docs/' + api: 'https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects/agent' +properties: + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The name of this agent. + - !ruby/object:Api::Type::String + name: 'defaultLanguageCode' + description: | + The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + immutable: true + required: true + - !ruby/object:Api::Type::Array + name: 'supportedLanguageCodes' + item_type: Api::Type::String + description: | + The list of all languages supported by this agent (except for the defaultLanguageCode). + - !ruby/object:Api::Type::String + name: 'timeZone' + description: | + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. + - !ruby/object:Api::Type::String + name: 'avatarUri' + description: | + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + - !ruby/object:Api::Type::String + name: 'avatarUriBackend' + description: | + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + output: true + - !ruby/object:Api::Type::Boolean + name: 'enableLogging' + description: | + Determines whether this agent should log conversation queries. + - !ruby/object:Api::Type::Enum + name: 'matchMode' + description: | + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. + values: + - :MATCH_MODE_HYBRID + - :MATCH_MODE_ML_ONLY + - !ruby/object:Api::Type::Double + name: 'classificationThreshold' + description: | + To filter out false positive results and still get variety in matched natural language inputs for your agent, + you can tune the machine learning classification threshold. If the returned score value is less than the threshold + value, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be + triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the + default of 0.3 is used. + - !ruby/object:Api::Type::Enum + name: 'apiVersion' + description: | + API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query + different service endpoints for different API versions. However, bots connectors and webhook calls will follow + the specified API version. + * API_VERSION_V1: Legacy V1 API. + * API_VERSION_V2: V2 API. + * API_VERSION_V2_BETA_1: V2beta1 API. + values: + - :API_VERSION_V1 + - :API_VERSION_V2 + - :API_VERSION_V2_BETA_1 + - !ruby/object:Api::Type::Enum + name: 'tier' + description: | + The agent tier. If not specified, TIER_STANDARD is assumed. + * TIER_STANDARD: Standard tier. + * TIER_ENTERPRISE: Enterprise tier (Essentials). + * TIER_ENTERPRISE_PLUS: Enterprise tier (Plus). + NOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between + the Terraform state and Dialogflow if the agent tier is changed outside of Terraform. + values: + - :TIER_STANDARD + - :TIER_ENTERPRISE + - :TIER_ENTERPRISE_PLUS diff --git a/mmv1/products/dialogflow/EntityType.yaml b/mmv1/products/dialogflow/EntityType.yaml new file mode 100644 index 000000000000..3dbd7ec3942d --- /dev/null +++ b/mmv1/products/dialogflow/EntityType.yaml @@ -0,0 +1,79 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EntityType' +base_url: "projects/{{project}}/agent/entityTypes/" +self_link: "{{name}}" +update_verb: :PATCH +description: | + Represents an entity type. Entity types serve as a tool for extracting parameter values from natural language queries. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/docs/' + api: 'https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.entityTypes' +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the entity type. + Format: projects//agent/entityTypes/. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The name of this entity type to be displayed on the console. + - !ruby/object:Api::Type::Enum + name: 'kind' + required: true + description: | + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. + values: + - :KIND_MAP + - :KIND_LIST + - :KIND_REGEXP + - !ruby/object:Api::Type::Boolean + name: 'enableFuzzyExtraction' + description: | + Enables fuzzy entity extraction during classification. + - !ruby/object:Api::Type::Array + name: 'entities' + description: | + The collection of entity entries associated with the entity type. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'value' + required: true + description: | + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + - !ruby/object:Api::Type::Array + name: 'synonyms' + required: true + item_type: Api::Type::String + description: | + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. diff --git a/mmv1/products/dialogflow/Fulfillment.yaml b/mmv1/products/dialogflow/Fulfillment.yaml new file mode 100644 index 000000000000..96fce8025793 --- /dev/null +++ b/mmv1/products/dialogflow/Fulfillment.yaml @@ -0,0 +1,83 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Fulfillment' +base_url: "projects/{{project}}/agent/fulfillment/" +self_link: "{{name}}" +update_verb: :PATCH +delete_verb: :PATCH +create_verb: :PATCH +create_url: projects/{{project}}/agent/fulfillment/?updateMask=name,displayName,enabled,genericWebService,features +update_url: projects/{{project}}/agent/fulfillment/ +delete_url: projects/{{project}}/agent/fulfillment/?updateMask=name,displayName,enabled,genericWebService,features +update_mask: true +description: | + By default, your agent responds to a matched intent with a static response. If you're using one of the integration options, you can provide a more dynamic response by using fulfillment. When you enable fulfillment for an intent, Dialogflow responds to that intent by calling a service that you define. For example, if an end-user wants to schedule a haircut on Friday, your service can check your database and respond to the end-user with availability information for Friday. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/es/docs/fulfillment-overview' + api: 'https://cloud.google.com/dialogflow/es/docs/reference/rest/v2/projects.agent/getFulfillment' +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the fulfillment. + Format: projects//agent/fulfillment - projects//locations//agent/fulfillment + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the fulfillment, unique within the agent. + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + Whether fulfillment is enabled. + - !ruby/object:Api::Type::Array + name: 'features' + description: | + The field defines whether the fulfillment is enabled for certain features. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'type' + required: true + description: | + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. + values: + - :SMALLTALK + - !ruby/object:Api::Type::NestedObject + name: 'genericWebService' + description: | + Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers. + properties: + - !ruby/object:Api::Type::String + name: 'uri' + required: true + description: | + The fulfillment URI for receiving POST requests. It must use https protocol. + - !ruby/object:Api::Type::String + name: 'username' + description: | + The user name for HTTP Basic authentication. + - !ruby/object:Api::Type::String + name: 'password' + description: | + The password for HTTP Basic authentication. + - !ruby/object:Api::Type::KeyValuePairs + name: 'requestHeaders' + description: | + The HTTP request headers to send together with fulfillment requests. diff --git a/mmv1/products/dialogflow/Intent.yaml b/mmv1/products/dialogflow/Intent.yaml new file mode 100644 index 000000000000..e839dfc00ff1 --- /dev/null +++ b/mmv1/products/dialogflow/Intent.yaml @@ -0,0 +1,137 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Intent' +base_url: "projects/{{project}}/agent/intents/" +self_link: "{{name}}" +update_verb: :PATCH +description: | + Represents a Dialogflow intent. Intents convert a number of user expressions or patterns into an action. An action + is an extraction of a user command or sentence semantics. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/docs/' + api: 'https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.intents' +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of this intent. + Format: projects//agent/intents/. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The name of this intent to be displayed on the console. + - !ruby/object:Api::Type::Enum + name: 'webhookState' + description: | + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. + values: + - :WEBHOOK_STATE_ENABLED + - :WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING + - !ruby/object:Api::Type::Integer + name: 'priority' + description: | + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + - !ruby/object:Api::Type::Boolean + name: 'isFallback' + description: | + Indicates whether this is a fallback intent. + - !ruby/object:Api::Type::Boolean + name: 'mlDisabled' + description: | + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + - !ruby/object:Api::Type::Array + name: 'inputContextNames' + item_type: Api::Type::String + description: | + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + - !ruby/object:Api::Type::Array + name: 'events' + item_type: Api::Type::String + description: | + The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of + the contexts must be present in the active user session for an event to trigger this intent. See the + [events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details. + - !ruby/object:Api::Type::String + name: 'action' + description: | + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + - !ruby/object:Api::Type::Boolean + name: 'resetContexts' + description: | + Indicates whether to delete all contexts in the current session when this intent is matched. + - !ruby/object:Api::Type::Array + name: 'defaultResponsePlatforms' + description: | + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). + item_type: !ruby/object:Api::Type::Enum + name: 'platform' + description: | + Represents different platforms that a rich message can be intended for. + values: + - :FACEBOOK + - :SLACK + - :TELEGRAM + - :KIK + - :SKYPE + - :LINE + - :VIBER + - :ACTIONS_ON_GOOGLE + - :GOOGLE_HANGOUTS + - !ruby/object:Api::Type::String + name: 'rootFollowupIntentName' + description: | + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + output: true + - !ruby/object:Api::Type::String + name: 'parentFollowupIntentName' + description: | + The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + immutable: true + - !ruby/object:Api::Type::Array + name: 'followupIntentInfo' + output: true + description: | + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'followupIntentName' + description: | + The unique identifier of the followup intent. + Format: projects//agent/intents/. + - !ruby/object:Api::Type::String + name: 'parentFollowupIntentName' + description: | + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. diff --git a/mmv1/products/dialogflow/api.yaml b/mmv1/products/dialogflow/api.yaml deleted file mode 100644 index 9e41f1fd6f48..000000000000 --- a/mmv1/products/dialogflow/api.yaml +++ /dev/null @@ -1,391 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Dialogflow -display_name: Dialogflow -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://dialogflow.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Dialogflow API - url: https://console.cloud.google.com/apis/library/dialogflow.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Agent' - base_url: "projects/{{project}}/agent" - self_link: "projects/{{project}}/agent" - update_verb: :POST - description: | - A Dialogflow agent is a virtual agent that handles conversations with your end-users. It is a natural language - understanding module that understands the nuances of human language. Dialogflow translates end-user text or audio - during a conversation to structured data that your apps and services can understand. You design and build a Dialogflow - agent to handle the types of conversations required for your system. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/docs/' - api: 'https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects/agent' - properties: - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The name of this agent. - - !ruby/object:Api::Type::String - name: 'defaultLanguageCode' - description: | - The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) - for a list of the currently supported language codes. This field cannot be updated after creation. - input: true - required: true - - !ruby/object:Api::Type::Array - name: 'supportedLanguageCodes' - item_type: Api::Type::String - description: | - The list of all languages supported by this agent (except for the defaultLanguageCode). - - !ruby/object:Api::Type::String - name: 'timeZone' - description: | - The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, - Europe/Paris. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. - - !ruby/object:Api::Type::String - name: 'avatarUri' - description: | - The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered - into this field, the Dialogflow will save the image in the backend. The address of the backend image returned - from the API will be shown in the [avatarUriBackend] field. - - !ruby/object:Api::Type::String - name: 'avatarUriBackend' - description: | - The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, - the [avatarUri] field can be used. - output: true - - !ruby/object:Api::Type::Boolean - name: 'enableLogging' - description: | - Determines whether this agent should log conversation queries. - - !ruby/object:Api::Type::Enum - name: 'matchMode' - description: | - Determines how intents are detected from user queries. - * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates - syntax and composite entities. - * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones - using @sys.any or very large developer entities. - values: - - :MATCH_MODE_HYBRID - - :MATCH_MODE_ML_ONLY - - !ruby/object:Api::Type::Double - name: 'classificationThreshold' - description: | - To filter out false positive results and still get variety in matched natural language inputs for your agent, - you can tune the machine learning classification threshold. If the returned score value is less than the threshold - value, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be - triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the - default of 0.3 is used. - - !ruby/object:Api::Type::Enum - name: 'apiVersion' - description: | - API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query - different service endpoints for different API versions. However, bots connectors and webhook calls will follow - the specified API version. - * API_VERSION_V1: Legacy V1 API. - * API_VERSION_V2: V2 API. - * API_VERSION_V2_BETA_1: V2beta1 API. - values: - - :API_VERSION_V1 - - :API_VERSION_V2 - - :API_VERSION_V2_BETA_1 - - !ruby/object:Api::Type::Enum - name: 'tier' - description: | - The agent tier. If not specified, TIER_STANDARD is assumed. - * TIER_STANDARD: Standard tier. - * TIER_ENTERPRISE: Enterprise tier (Essentials). - * TIER_ENTERPRISE_PLUS: Enterprise tier (Plus). - NOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between - the Terraform state and Dialogflow if the agent tier is changed outside of Terraform. - values: - - :TIER_STANDARD - - :TIER_ENTERPRISE - - :TIER_ENTERPRISE_PLUS - - !ruby/object:Api::Resource - name: 'Intent' - base_url: "projects/{{project}}/agent/intents/" - self_link: "{{name}}" - update_verb: :PATCH - description: | - Represents a Dialogflow intent. Intents convert a number of user expressions or patterns into an action. An action - is an extraction of a user command or sentence semantics. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/docs/' - api: 'https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.intents' - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of this intent. - Format: projects//agent/intents/. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The name of this intent to be displayed on the console. - - !ruby/object:Api::Type::Enum - name: 'webhookState' - description: | - Indicates whether webhooks are enabled for the intent. - * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. - * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot - filling prompt is forwarded to the webhook. - values: - - :WEBHOOK_STATE_ENABLED - - :WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING - - !ruby/object:Api::Type::Integer - name: 'priority' - description: | - The priority of this intent. Higher numbers represent higher priorities. - - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds - to the Normal priority in the console. - - If the supplied value is negative, the intent is ignored in runtime detect intent requests. - - !ruby/object:Api::Type::Boolean - name: 'isFallback' - description: | - Indicates whether this is a fallback intent. - - !ruby/object:Api::Type::Boolean - name: 'mlDisabled' - description: | - Indicates whether Machine Learning is disabled for the intent. - Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML - ONLY match mode. Also, auto-markup in the UI is turned off. - - !ruby/object:Api::Type::Array - name: 'inputContextNames' - item_type: Api::Type::String - description: | - The list of context names required for this intent to be triggered. - Format: projects//agent/sessions/-/contexts/. - - !ruby/object:Api::Type::Array - name: 'events' - item_type: Api::Type::String - description: | - The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of - the contexts must be present in the active user session for an event to trigger this intent. See the - [events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details. - - !ruby/object:Api::Type::String - name: 'action' - description: | - The name of the action associated with the intent. - Note: The action name must not contain whitespaces. - - !ruby/object:Api::Type::Boolean - name: 'resetContexts' - description: | - Indicates whether to delete all contexts in the current session when this intent is matched. - - !ruby/object:Api::Type::Array - name: 'defaultResponsePlatforms' - description: | - The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED - (i.e. default platform). - item_type: !ruby/object:Api::Type::Enum - name: 'platform' - description: | - Represents different platforms that a rich message can be intended for. - values: - - :FACEBOOK - - :SLACK - - :TELEGRAM - - :KIK - - :SKYPE - - :LINE - - :VIBER - - :ACTIONS_ON_GOOGLE - - :GOOGLE_HANGOUTS - - !ruby/object:Api::Type::String - name: 'rootFollowupIntentName' - description: | - The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup - intents chain for this intent. - Format: projects//agent/intents/. - output: true - - !ruby/object:Api::Type::String - name: 'parentFollowupIntentName' - description: | - The unique identifier of the parent intent in the chain of followup intents. - Format: projects//agent/intents/. - input: true - - !ruby/object:Api::Type::Array - name: 'followupIntentInfo' - output: true - description: | - Information about all followup intents that have this intent as a direct or indirect parent. We populate this field - only in the output. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'followupIntentName' - description: | - The unique identifier of the followup intent. - Format: projects//agent/intents/. - - !ruby/object:Api::Type::String - name: 'parentFollowupIntentName' - description: | - The unique identifier of the followup intent's parent. - Format: projects//agent/intents/. - - !ruby/object:Api::Resource - name: 'EntityType' - base_url: "projects/{{project}}/agent/entityTypes/" - self_link: "{{name}}" - update_verb: :PATCH - description: | - Represents an entity type. Entity types serve as a tool for extracting parameter values from natural language queries. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/docs/' - api: 'https://cloud.google.com/dialogflow/docs/reference/rest/v2/projects.agent.entityTypes' - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the entity type. - Format: projects//agent/entityTypes/. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The name of this entity type to be displayed on the console. - - !ruby/object:Api::Type::Enum - name: 'kind' - required: true - description: | - Indicates the kind of entity type. - * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. - * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity - types can contain references to other entity types (with or without aliases). - * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. - values: - - :KIND_MAP - - :KIND_LIST - - :KIND_REGEXP - - !ruby/object:Api::Type::Boolean - name: 'enableFuzzyExtraction' - description: | - Enables fuzzy entity extraction during classification. - - !ruby/object:Api::Type::Array - name: 'entities' - description: | - The collection of entity entries associated with the entity type. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'value' - required: true - description: | - The primary value associated with this entity entry. For example, if the entity type is vegetable, the value - could be scallions. - For KIND_MAP entity types: - * A reference value to be used in place of synonyms. - For KIND_LIST entity types: - * A string that can contain references to other entity types (with or without aliases). - - !ruby/object:Api::Type::Array - name: 'synonyms' - required: true - item_type: Api::Type::String - description: | - A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym - could be green onions. - For KIND_LIST entity types: - * This collection must contain exactly one synonym equal to value. - - !ruby/object:Api::Resource - name: 'Fulfillment' - base_url: "projects/{{project}}/agent/fulfillment/" - self_link: "{{name}}" - update_verb: :PATCH - delete_verb: :PATCH - create_verb: :PATCH - create_url: projects/{{project}}/agent/fulfillment/?updateMask=name,displayName,enabled,genericWebService,features - update_url: projects/{{project}}/agent/fulfillment/ - delete_url: projects/{{project}}/agent/fulfillment/?updateMask=name,displayName,enabled,genericWebService,features - update_mask: true - description: | - By default, your agent responds to a matched intent with a static response. If you're using one of the integration options, you can provide a more dynamic response by using fulfillment. When you enable fulfillment for an intent, Dialogflow responds to that intent by calling a service that you define. For example, if an end-user wants to schedule a haircut on Friday, your service can check your database and respond to the end-user with availability information for Friday. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/es/docs/fulfillment-overview' - api: 'https://cloud.google.com/dialogflow/es/docs/reference/rest/v2/projects.agent/getFulfillment' - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the fulfillment. - Format: projects//agent/fulfillment - projects//locations//agent/fulfillment - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the fulfillment, unique within the agent. - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - Whether fulfillment is enabled. - - !ruby/object:Api::Type::Array - name: 'features' - description: | - The field defines whether the fulfillment is enabled for certain features. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'type' - required: true - description: | - The type of the feature that enabled for fulfillment. - * SMALLTALK: Fulfillment is enabled for SmallTalk. - values: - - :SMALLTALK - - !ruby/object:Api::Type::NestedObject - name: 'genericWebService' - description: | - Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers. - properties: - - !ruby/object:Api::Type::String - name: 'uri' - required: true - description: | - The fulfillment URI for receiving POST requests. It must use https protocol. - - !ruby/object:Api::Type::String - name: 'username' - description: | - The user name for HTTP Basic authentication. - - !ruby/object:Api::Type::String - name: 'password' - description: | - The password for HTTP Basic authentication. - - !ruby/object:Api::Type::KeyValuePairs - name: 'requestHeaders' - description: | - The HTTP request headers to send together with fulfillment requests. \ No newline at end of file diff --git a/mmv1/products/dialogflow/product.yaml b/mmv1/products/dialogflow/product.yaml new file mode 100644 index 000000000000..234d46d7597e --- /dev/null +++ b/mmv1/products/dialogflow/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Dialogflow +display_name: Dialogflow +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://dialogflow.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Dialogflow API + url: https://console.cloud.google.com/apis/library/dialogflow.googleapis.com diff --git a/mmv1/products/dialogflowcx/Agent.yaml b/mmv1/products/dialogflowcx/Agent.yaml new file mode 100644 index 000000000000..46db7355eee2 --- /dev/null +++ b/mmv1/products/dialogflowcx/Agent.yaml @@ -0,0 +1,99 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Agent' +base_url: "projects/{{project}}/locations/{{location}}/agents" +update_verb: :PATCH +update_mask: true +description: | + Agents are best described as Natural Language Understanding (NLU) modules that transform user requests into actionable data. You can include agents in your app, product, or service to determine user intent and respond to the user in a natural way. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents' +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the agent. + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location this agent is located in. + + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the agent, unique within the location. + - !ruby/object:Api::Type::String + name: 'defaultLanguageCode' + description: | + The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + immutable: true + required: true + - !ruby/object:Api::Type::Array + name: 'supportedLanguageCodes' + item_type: Api::Type::String + description: | + The list of all languages supported by this agent (except for the default_language_code). + - !ruby/object:Api::Type::String + name: 'timeZone' + description: | + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. + - !ruby/object:Api::Type::String + name: 'avatarUri' + description: | + The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. + - !ruby/object:Api::Type::NestedObject + name: 'speechToTextSettings' + description: | + Settings related to speech recognition. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enableSpeechAdaptation' + description: | + Whether to use speech adaptation for speech recognition. + - !ruby/object:Api::Type::String + name: 'startFlow' + output: true + description: | + Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::String + name: 'securitySettings' + description: | + Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/. + - !ruby/object:Api::Type::Boolean + name: 'enableStackdriverLogging' + description: | + Determines whether this agent should log conversation queries. + - !ruby/object:Api::Type::Boolean + name: 'enableSpellCorrection' + description: | + Indicates if automatic spell correction is enabled in detect intent requests. diff --git a/mmv1/products/dialogflowcx/EntityType.yaml b/mmv1/products/dialogflowcx/EntityType.yaml new file mode 100644 index 000000000000..ab21e17904b7 --- /dev/null +++ b/mmv1/products/dialogflowcx/EntityType.yaml @@ -0,0 +1,115 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EntityType' +base_url: "{{parent}}/entityTypes" +update_verb: :PATCH +update_mask: true +description: | + Entities are extracted from user input and represent parameters that are meaningful to your application. + For example, a date range, a proper name such as a geographic location or landmark, and so on. Entities represent actionable data for your application. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.entityTypes' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The agent to create a entity type for. + Format: projects//locations//agents/. + - !ruby/object:Api::Type::String + name: 'languageCode' + description: | + The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the entity type, unique within the agent. + - !ruby/object:Api::Type::Enum + name: 'kind' + required: true + description: | + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. + values: + - :KIND_MAP + - :KIND_LIST + - :KIND_REGEXP + - !ruby/object:Api::Type::Enum + name: 'autoExpansionMode' + description: | + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. + values: + - :AUTO_EXPANSION_MODE_DEFAULT + - :AUTO_EXPANSION_MODE_UNSPECIFIED + - !ruby/object:Api::Type::Array + name: 'entities' + required: true + description: | + The collection of entity entries associated with the entity type. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'value' + description: | + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + - !ruby/object:Api::Type::Array + name: 'synonyms' + item_type: Api::Type::String + description: | + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + - !ruby/object:Api::Type::Array + name: 'excludedPhrases' + description: | + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'value' + description: | + The word or phrase to be excluded. + - !ruby/object:Api::Type::Boolean + name: 'enableFuzzyExtraction' + description: | + Enables fuzzy entity extraction during classification. + - !ruby/object:Api::Type::Boolean + name: 'redact' + description: | + Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging. diff --git a/mmv1/products/dialogflowcx/Environment.yaml b/mmv1/products/dialogflowcx/Environment.yaml new file mode 100644 index 000000000000..11f55b1d9671 --- /dev/null +++ b/mmv1/products/dialogflowcx/Environment.yaml @@ -0,0 +1,87 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Environment' +base_url: "{{parent}}/environments" +update_verb: :PATCH +update_mask: true +description: | + Represents an environment for an agent. You can create multiple versions of your agent and publish them to separate environments. + When you edit an agent, you are editing the draft agent. At any point, you can save the draft agent as an agent version, which is an immutable snapshot of your agent. + When you save the draft agent, it is published to the default environment. When you create agent versions, you can publish them to custom environments. You can create a variety of custom environments for testing, development, production, etc. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.environments' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + full_url: 'https://{{location}}-dialogflow.googleapis.com/v3/{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The Agent to create an Environment for. + Format: projects//locations//agents/. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The name of the environment. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the environment (unique in an agent). Limit of 64 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: | + The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected. + - !ruby/object:Api::Type::Array + name: 'versionConfigs' + required: true + description: | + A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'version' + required: true + description: | + Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}. + - !ruby/object:Api::Type::Time + name: 'updateTime' + output: true + description: 'Update time of this environment. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' diff --git a/mmv1/products/dialogflowcx/Flow.yaml b/mmv1/products/dialogflowcx/Flow.yaml new file mode 100644 index 000000000000..b20f264270ee --- /dev/null +++ b/mmv1/products/dialogflowcx/Flow.yaml @@ -0,0 +1,237 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Flow' +base_url: "{{parent}}/flows" +update_verb: :PATCH +update_mask: true +description: | + Flows represents the conversation flows when you build your chatbot agent. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The agent to create a flow for. + Format: projects//locations//agents/. + - !ruby/object:Api::Type::String + name: 'languageCode' + description: | + The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the flow. + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. + - !ruby/object:Api::Type::Array + name: 'transitionRoutes' + description: | + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of this transition route. + - !ruby/object:Api::Type::String + name: 'intent' + description: | + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - !ruby/object:Api::Type::String + name: 'condition' + description: | + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - !ruby/object:Api::Type::NestedObject + name: 'triggerFulfillment' + description: | + The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. + properties: + - !ruby/object:Api::Type::Array + name: 'messages' + description: | + The list of rich message responses to present to the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'text' + description: | + The text response message. + properties: + - !ruby/object:Api::Type::Array + name: 'text' + description: | + A collection of text responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'allowPlaybackInterruption' + output: true + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + - !ruby/object:Api::Type::String + name: 'webhook' + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::Boolean + name: 'returnPartialResponses' + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - !ruby/object:Api::Type::String + name: 'targetPage' + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - !ruby/object:Api::Type::String + name: 'targetFlow' + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::Array + name: 'eventHandlers' + description: | + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of this event handler. + - !ruby/object:Api::Type::String + name: 'event' + description: | + The name of the event to handle. + - !ruby/object:Api::Type::NestedObject + name: 'triggerFulfillment' + description: | + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + properties: + - !ruby/object:Api::Type::Array + name: 'messages' + description: | + The list of rich message responses to present to the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'text' + description: | + The text response message. + properties: + - !ruby/object:Api::Type::Array + name: 'text' + description: | + A collection of text responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'allowPlaybackInterruption' + output: true + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + - !ruby/object:Api::Type::String + name: 'webhook' + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::Boolean + name: 'returnPartialResponses' + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - !ruby/object:Api::Type::String + name: 'targetPage' + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - !ruby/object:Api::Type::String + name: 'targetFlow' + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::Array + name: 'transitionRouteGroups' + description: | + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'nluSettings' + description: | + NLU related settings of the flow. + properties: + - !ruby/object:Api::Type::Enum + name: 'modelType' + description: | + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. + values: + - :MODEL_TYPE_STANDARD + - :MODEL_TYPE_ADVANCED + - !ruby/object:Api::Type::Double + name: 'classificationThreshold' + description: | + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + - !ruby/object:Api::Type::Enum + name: 'modelTrainingMode' + description: | + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. + values: + - :MODEL_TRAINING_MODE_AUTOMATIC + - :MODEL_TRAINING_MODE_MANUAL diff --git a/mmv1/products/dialogflowcx/Intent.yaml b/mmv1/products/dialogflowcx/Intent.yaml new file mode 100644 index 000000000000..a8bec0f40ba9 --- /dev/null +++ b/mmv1/products/dialogflowcx/Intent.yaml @@ -0,0 +1,136 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Intent' +base_url: "{{parent}}/intents" +update_verb: :PATCH +update_mask: true +description: | + An intent represents a user's intent to interact with a conversational agent. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The agent to create an intent for. + Format: projects//locations//agents/. + - !ruby/object:Api::Type::String + name: 'languageCode' + description: | + The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the intent, unique within the agent. + - !ruby/object:Api::Type::Array + name: 'trainingPhrases' + description: | + The collection of training phrases the agent is trained on to identify the intent. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'id' + output: true + description: | + The unique identifier of the training phrase. + - !ruby/object:Api::Type::Array + name: 'parts' + required: true + description: | + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'text' + required: true + description: | + The text for this part. + - !ruby/object:Api::Type::String + name: 'parameterId' + description: | + The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase. + - !ruby/object:Api::Type::Integer + name: 'repeatCount' + description: | + Indicates how many times this example was added to the intent. + - !ruby/object:Api::Type::Array + name: 'parameters' + description: | + The collection of parameters associated with the intent. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + description: | + The unique identifier of the parameter. This field is used by training phrases to annotate their parts. + - !ruby/object:Api::Type::String + name: 'entityType' + required: true + description: | + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + - !ruby/object:Api::Type::Boolean + name: 'isList' + description: | + Indicates whether the parameter represents a list of values. + - !ruby/object:Api::Type::Boolean + name: 'redact' + description: | + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + - !ruby/object:Api::Type::Integer + name: 'priority' + description: | + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + - !ruby/object:Api::Type::Boolean + name: 'isFallback' + description: | + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes. + Prefix "sys-" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. "sys-head" means the intent is a head intent. "sys.contextual" means the intent is a contextual intent. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters. diff --git a/mmv1/products/dialogflowcx/Page.yaml b/mmv1/products/dialogflowcx/Page.yaml new file mode 100644 index 000000000000..ca8fffd48d8a --- /dev/null +++ b/mmv1/products/dialogflowcx/Page.yaml @@ -0,0 +1,324 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Page' +base_url: "{{parent}}/pages" +update_verb: :PATCH +update_mask: true +description: | + A Dialogflow CX conversation (session) can be described and visualized as a state machine. The states of a CX session are represented by pages. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The flow to create a page for. + Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::String + name: 'languageCode' + description: | + The language of the following fields in page: + + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the page, unique within the agent. + - !ruby/object:Api::Type::NestedObject + name: 'entryFulfillment' + description: | + The fulfillment to call when the session is entering the page. + properties: + - !ruby/object:Api::Type::Array + name: 'messages' + description: | + The list of rich message responses to present to the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'text' + description: | + The text response message. + properties: + - !ruby/object:Api::Type::Array + name: 'text' + description: | + A collection of text responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'allowPlaybackInterruption' + output: true + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + - !ruby/object:Api::Type::String + name: 'webhook' + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::Boolean + name: 'returnPartialResponses' + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - !ruby/object:Api::Type::NestedObject + name: 'form' + description: | + The form associated with the page, used for collecting parameters relevant to the page. + properties: + - !ruby/object:Api::Type::Array + name: 'parameters' + description: | + Parameters to collect from the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The human-readable name of the parameter, unique within the form. + - !ruby/object:Api::Type::Boolean + name: 'required' + description: | + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + - !ruby/object:Api::Type::String + name: 'entityType' + description: | + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + - !ruby/object:Api::Type::Boolean + name: 'isList' + description: | + Indicates whether the parameter represents a list of values. + - !ruby/object:Api::Type::NestedObject + name: 'fillBehavior' + description: | + Defines fill behavior for the parameter. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'initialPromptFulfillment' + description: | + The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. + properties: + - !ruby/object:Api::Type::Array + name: 'messages' + description: | + The list of rich message responses to present to the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'text' + description: | + The text response message. + properties: + - !ruby/object:Api::Type::Array + name: 'text' + description: | + A collection of text responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'allowPlaybackInterruption' + output: true + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + - !ruby/object:Api::Type::String + name: 'webhook' + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::Boolean + name: 'returnPartialResponses' + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - !ruby/object:Api::Type::Boolean + name: 'redact' + description: | + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + - !ruby/object:Api::Type::Array + name: 'transitionRouteGroups' + description: | + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'transitionRoutes' + description: | + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of this transition route. + - !ruby/object:Api::Type::String + name: 'intent' + description: | + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - !ruby/object:Api::Type::String + name: 'condition' + description: | + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + - !ruby/object:Api::Type::NestedObject + name: 'triggerFulfillment' + description: | + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + properties: + - !ruby/object:Api::Type::Array + name: 'messages' + description: | + The list of rich message responses to present to the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'text' + description: | + The text response message. + properties: + - !ruby/object:Api::Type::Array + name: 'text' + description: | + A collection of text responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'allowPlaybackInterruption' + output: true + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + - !ruby/object:Api::Type::String + name: 'webhook' + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::Boolean + name: 'returnPartialResponses' + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - !ruby/object:Api::Type::String + name: 'targetPage' + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - !ruby/object:Api::Type::String + name: 'targetFlow' + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::Array + name: 'eventHandlers' + description: | + Handlers associated with the page to handle events such as webhook errors, no match or no input. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of this event handler. + - !ruby/object:Api::Type::String + name: 'event' + description: | + The name of the event to handle. + - !ruby/object:Api::Type::NestedObject + name: 'triggerFulfillment' + description: | + The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. + properties: + - !ruby/object:Api::Type::Array + name: 'messages' + description: | + The list of rich message responses to present to the user. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'text' + description: | + The text response message. + properties: + - !ruby/object:Api::Type::Array + name: 'text' + description: | + A collection of text responses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'allowPlaybackInterruption' + output: true + description: | + Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. + - !ruby/object:Api::Type::String + name: 'webhook' + description: | + The webhook to call. Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::Boolean + name: 'returnPartialResponses' + description: | + Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. + - !ruby/object:Api::Type::String + name: 'targetPage' + description: | + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + - !ruby/object:Api::Type::String + name: 'targetFlow' + description: | + The target flow to transition to. + Format: projects//locations//agents//flows/. diff --git a/mmv1/products/dialogflowcx/Version.yaml b/mmv1/products/dialogflowcx/Version.yaml new file mode 100644 index 000000000000..767b8ac8146d --- /dev/null +++ b/mmv1/products/dialogflowcx/Version.yaml @@ -0,0 +1,115 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Version' +base_url: "{{parent}}/versions" +update_verb: :PATCH +update_mask: true +description: | + You can create multiple versions of your agent flows and deploy them to separate serving environments. + When you edit a flow, you are editing a draft flow. At any point, you can save a draft flow as a flow version. A flow version is an immutable snapshot of your flow data and associated agent data like intents, entities, webhooks, pages, route groups, etc. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.versions' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + full_url: 'https://dialogflow.googleapis.com/v3/{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The Flow to create an Version for. + Format: projects//locations//agents//flows/. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The human-readable name of the version. Limit of 64 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected. + - !ruby/object:Api::Type::NestedObject + name: 'nluSettings' + output: true + description: | + The NLU settings of the flow at version creation. + properties: + - !ruby/object:Api::Type::Enum + name: 'modelType' + description: | + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. + values: + - :MODEL_TYPE_STANDARD + - :MODEL_TYPE_ADVANCED + - !ruby/object:Api::Type::Double + name: 'classificationThreshold' + description: | + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. If the returned score value is less than the threshold value, then a no-match event will be triggered. + The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + - !ruby/object:Api::Type::Enum + name: 'modelTrainingMode' + description: | + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. + values: + - :MODEL_TRAINING_MODE_AUTOMATIC + - :MODEL_TRAINING_MODE_MANUAL + - !ruby/object:Api::Type::Time + name: 'createTime' + output: true + description: 'A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' + - !ruby/object:Api::Type::Enum + name: 'state' + output: true + description: | + The state of this version. + * RUNNING: Version is not ready to serve (e.g. training is running). + * SUCCEEDED: Training has succeeded and this version is ready to serve. + * FAILED: Version training failed. + values: + - :RUNNING + - :SUCCEEDED + - :FAILED diff --git a/mmv1/products/dialogflowcx/Webhook.yaml b/mmv1/products/dialogflowcx/Webhook.yaml new file mode 100644 index 000000000000..49fe905345c4 --- /dev/null +++ b/mmv1/products/dialogflowcx/Webhook.yaml @@ -0,0 +1,121 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Webhook' +base_url: "{{parent}}/webhooks" +update_verb: :PATCH +update_mask: true +description: | + Webhooks host the developer's business logic. During a session, webhooks allow the developer to use the data extracted by Dialogflow's natural language processing to generate dynamic responses, validate collected data, or trigger actions on the backend. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dialogflow/cx/docs' + api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.webhooks' +parameters: + - !ruby/object:Api::Type::String + name: parent + url_param_only: true + immutable: true + description: | + The agent to create a webhook for. + Format: projects//locations//agents/. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The human-readable name of the webhook, unique within the agent. + required: true + - !ruby/object:Api::Type::String + name: 'timeout' + description: | + Webhook execution timeout. + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Indicates whether the webhook is disabled. + - !ruby/object:Api::Type::NestedObject + name: 'genericWebService' + description: | + Configuration for a generic web service. + properties: + - !ruby/object:Api::Type::String + name: 'uri' + description: | + Whether to use speech adaptation for speech recognition. + required: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'requestHeaders' + description: | + The HTTP request headers to send together with webhook requests. + immutable: true + - !ruby/object:Api::Type::Array + name: 'allowedCaCerts' + description: | + Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'serviceDirectory' + description: | + Configuration for a Service Directory service. + properties: + - !ruby/object:Api::Type::String + name: 'service' + description: | + The name of Service Directory service. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'genericWebService' + description: | + The name of Service Directory service. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'uri' + description: | + Whether to use speech adaptation for speech recognition. + required: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'requestHeaders' + description: | + The HTTP request headers to send together with webhook requests. + immutable: true + - !ruby/object:Api::Type::Array + name: 'allowedCaCerts' + description: | + Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'startFlow' + output: true + description: | + Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/. + - !ruby/object:Api::Type::String + name: 'securitySettings' + description: | + Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/. + - !ruby/object:Api::Type::Boolean + name: 'enableStackdriverLogging' + description: | + Determines whether this agent should log conversation queries. + - !ruby/object:Api::Type::Boolean + name: 'enableSpellCorrection' + description: | + Indicates if automatic spell correction is enabled in detect intent requests. diff --git a/mmv1/products/dialogflowcx/api.yaml b/mmv1/products/dialogflowcx/api.yaml deleted file mode 100644 index 1087bb4f52e0..000000000000 --- a/mmv1/products/dialogflowcx/api.yaml +++ /dev/null @@ -1,1157 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DialogflowCX -display_name: Dialogflow CX -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://{{location}}-dialogflow.googleapis.com/v3/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Dialogflow API - url: https://console.cloud.google.com/apis/library/dialogflow.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Agent' - base_url: "projects/{{project}}/locations/{{location}}/agents" - update_verb: :PATCH - update_mask: true - description: | - Agents are best described as Natural Language Understanding (NLU) modules that transform user requests into actionable data. You can include agents in your app, product, or service to determine user intent and respond to the user in a natural way. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents' - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the agent. - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location this agent is located in. - - ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. - This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. - Another options is to use global location so you don't need to manually configure location settings. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the agent, unique within the location. - - !ruby/object:Api::Type::String - name: 'defaultLanguageCode' - description: | - The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) - for a list of the currently supported language codes. This field cannot be updated after creation. - input: true - required: true - - !ruby/object:Api::Type::Array - name: 'supportedLanguageCodes' - item_type: Api::Type::String - description: | - The list of all languages supported by this agent (except for the default_language_code). - - !ruby/object:Api::Type::String - name: 'timeZone' - description: | - The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, - Europe/Paris. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected. - - !ruby/object:Api::Type::String - name: 'avatarUri' - description: | - The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration. - - !ruby/object:Api::Type::NestedObject - name: 'speechToTextSettings' - description: | - Settings related to speech recognition. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enableSpeechAdaptation' - description: | - Whether to use speech adaptation for speech recognition. - - !ruby/object:Api::Type::String - name: 'startFlow' - output: true - description: | - Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::String - name: 'securitySettings' - description: | - Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/. - - !ruby/object:Api::Type::Boolean - name: 'enableStackdriverLogging' - description: | - Determines whether this agent should log conversation queries. - - !ruby/object:Api::Type::Boolean - name: 'enableSpellCorrection' - description: | - Indicates if automatic spell correction is enabled in detect intent requests. - - !ruby/object:Api::Resource - name: 'Intent' - base_url: "{{parent}}/intents" - update_verb: :PATCH - update_mask: true - description: | - An intent represents a user's intent to interact with a conversational agent. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The agent to create an intent for. - Format: projects//locations//agents/. - - !ruby/object:Api::Type::String - name: 'languageCode' - description: | - The language of the following fields in intent: - Intent.training_phrases.parts.text - If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the intent. - Format: projects//locations//agents//intents/. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the intent, unique within the agent. - - !ruby/object:Api::Type::Array - name: 'trainingPhrases' - description: | - The collection of training phrases the agent is trained on to identify the intent. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'id' - output: true - description: | - The unique identifier of the training phrase. - - !ruby/object:Api::Type::Array - name: 'parts' - required: true - description: | - The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. - Note: The API does not automatically annotate training phrases like the Dialogflow Console does. - Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. - If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. - If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: - Part.text is set to a part of the phrase that has no parameters. - Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'text' - required: true - description: | - The text for this part. - - !ruby/object:Api::Type::String - name: 'parameterId' - description: | - The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase. - - !ruby/object:Api::Type::Integer - name: 'repeatCount' - description: | - Indicates how many times this example was added to the intent. - - !ruby/object:Api::Type::Array - name: 'parameters' - description: | - The collection of parameters associated with the intent. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - description: | - The unique identifier of the parameter. This field is used by training phrases to annotate their parts. - - !ruby/object:Api::Type::String - name: 'entityType' - required: true - description: | - The entity type of the parameter. - Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. - - !ruby/object:Api::Type::Boolean - name: 'isList' - description: | - Indicates whether the parameter represents a list of values. - - !ruby/object:Api::Type::Boolean - name: 'redact' - description: | - Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. - Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. - - !ruby/object:Api::Type::Integer - name: 'priority' - description: | - The priority of this intent. Higher numbers represent higher priorities. - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. - If the supplied value is negative, the intent is ignored in runtime detect intent requests. - - !ruby/object:Api::Type::Boolean - name: 'isFallback' - description: | - Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. - Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes. - Prefix "sys-" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. "sys-head" means the intent is a head intent. "sys.contextual" means the intent is a contextual intent. - An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters. - - !ruby/object:Api::Resource - name: 'Flow' - base_url: "{{parent}}/flows" - update_verb: :PATCH - update_mask: true - description: | - Flows represents the conversation flows when you build your chatbot agent. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The agent to create a flow for. - Format: projects//locations//agents/. - - !ruby/object:Api::Type::String - name: 'languageCode' - description: | - The language of the following fields in flow: - Flow.event_handlers.trigger_fulfillment.messages - Flow.event_handlers.trigger_fulfillment.conditional_cases - Flow.transition_routes.trigger_fulfillment.messages - Flow.transition_routes.trigger_fulfillment.conditional_cases - If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the flow. - Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the flow. - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected. - - !ruby/object:Api::Type::Array - name: 'transitionRoutes' - description: | - A flow's transition routes serve two purposes: - They are responsible for matching the user's first utterances in the flow. - They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. - - TransitionRoutes are evalauted in the following order: - TransitionRoutes with intent specified. - TransitionRoutes with only condition specified. - TransitionRoutes with intent specified are inherited by pages in the flow. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of this transition route. - - !ruby/object:Api::Type::String - name: 'intent' - description: | - The unique identifier of an Intent. - Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. - - !ruby/object:Api::Type::String - name: 'condition' - description: | - The condition to evaluate against form parameters or session parameters. - At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. - - !ruby/object:Api::Type::NestedObject - name: 'triggerFulfillment' - description: | - The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first. - properties: - - !ruby/object:Api::Type::Array - name: 'messages' - description: | - The list of rich message responses to present to the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'text' - description: | - The text response message. - properties: - - !ruby/object:Api::Type::Array - name: 'text' - description: | - A collection of text responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'allowPlaybackInterruption' - output: true - description: | - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - - !ruby/object:Api::Type::String - name: 'webhook' - description: | - The webhook to call. Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::Boolean - name: 'returnPartialResponses' - description: | - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - - !ruby/object:Api::Type::String - name: 'targetPage' - description: | - The target page to transition to. - Format: projects//locations//agents//flows//pages/. - - !ruby/object:Api::Type::String - name: 'targetFlow' - description: | - The target flow to transition to. - Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::Array - name: 'eventHandlers' - description: | - A flow's event handlers serve two purposes: - They are responsible for handling events (e.g. no match, webhook errors) in the flow. - They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. - Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of this event handler. - - !ruby/object:Api::Type::String - name: 'event' - description: | - The name of the event to handle. - - !ruby/object:Api::Type::NestedObject - name: 'triggerFulfillment' - description: | - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. - properties: - - !ruby/object:Api::Type::Array - name: 'messages' - description: | - The list of rich message responses to present to the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'text' - description: | - The text response message. - properties: - - !ruby/object:Api::Type::Array - name: 'text' - description: | - A collection of text responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'allowPlaybackInterruption' - output: true - description: | - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - - !ruby/object:Api::Type::String - name: 'webhook' - description: | - The webhook to call. Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::Boolean - name: 'returnPartialResponses' - description: | - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - - !ruby/object:Api::Type::String - name: 'targetPage' - description: | - The target page to transition to. - Format: projects//locations//agents//flows//pages/. - - !ruby/object:Api::Type::String - name: 'targetFlow' - description: | - The target flow to transition to. - Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::Array - name: 'transitionRouteGroups' - description: | - A flow's transition route group serve two purposes: - They are responsible for matching the user's first utterances in the flow. - They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. - Format:projects//locations//agents//flows//transitionRouteGroups/. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'nluSettings' - description: | - NLU related settings of the flow. - properties: - - !ruby/object:Api::Type::Enum - name: 'modelType' - description: | - Indicates the type of NLU model. - * MODEL_TYPE_STANDARD: Use standard NLU model. - * MODEL_TYPE_ADVANCED: Use advanced NLU model. - values: - - :MODEL_TYPE_STANDARD - - :MODEL_TYPE_ADVANCED - - !ruby/object:Api::Type::Double - name: 'classificationThreshold' - description: | - To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. - If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. - - !ruby/object:Api::Type::Enum - name: 'modelTrainingMode' - description: | - Indicates NLU model training mode. - * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. - * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. - values: - - :MODEL_TRAINING_MODE_AUTOMATIC - - :MODEL_TRAINING_MODE_MANUAL - - !ruby/object:Api::Resource - name: 'Version' - base_url: "{{parent}}/versions" - update_verb: :PATCH - update_mask: true - description: | - You can create multiple versions of your agent flows and deploy them to separate serving environments. - When you edit a flow, you are editing a draft flow. At any point, you can save a draft flow as a flow version. A flow version is an immutable snapshot of your flow data and associated agent data like intents, entities, webhooks, pages, route groups, etc. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.versions' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - full_url: 'https://dialogflow.googleapis.com/v3/{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 60 - update_minutes: 60 - delete_minutes: 60 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The Flow to create an Version for. - Format: projects//locations//agents//flows/. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the version. Limit of 64 characters. - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected. - - !ruby/object:Api::Type::NestedObject - name: 'nluSettings' - output: true - description: | - The NLU settings of the flow at version creation. - properties: - - !ruby/object:Api::Type::Enum - name: 'modelType' - description: | - Indicates the type of NLU model. - * MODEL_TYPE_STANDARD: Use standard NLU model. - * MODEL_TYPE_ADVANCED: Use advanced NLU model. - values: - - :MODEL_TYPE_STANDARD - - :MODEL_TYPE_ADVANCED - - !ruby/object:Api::Type::Double - name: 'classificationThreshold' - description: | - To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. If the returned score value is less than the threshold value, then a no-match event will be triggered. - The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. - - !ruby/object:Api::Type::Enum - name: 'modelTrainingMode' - description: | - Indicates NLU model training mode. - * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. - * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. - values: - - :MODEL_TRAINING_MODE_AUTOMATIC - - :MODEL_TRAINING_MODE_MANUAL - - !ruby/object:Api::Type::Time - name: 'createTime' - output: true - description: 'A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' - - !ruby/object:Api::Type::Enum - name: 'state' - output: true - description: | - The state of this version. - * RUNNING: Version is not ready to serve (e.g. training is running). - * SUCCEEDED: Training has succeeded and this version is ready to serve. - * FAILED: Version training failed. - values: - - :RUNNING - - :SUCCEEDED - - :FAILED - - !ruby/object:Api::Resource - name: 'Page' - base_url: "{{parent}}/pages" - update_verb: :PATCH - update_mask: true - description: | - A Dialogflow CX conversation (session) can be described and visualized as a state machine. The states of a CX session are represented by pages. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The flow to create a page for. - Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::String - name: 'languageCode' - description: | - The language of the following fields in page: - - Page.entry_fulfillment.messages - Page.entry_fulfillment.conditional_cases - Page.event_handlers.trigger_fulfillment.messages - Page.event_handlers.trigger_fulfillment.conditional_cases - Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages - Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases - Page.form.parameters.fill_behavior.reprompt_event_handlers.messages - Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases - Page.transition_routes.trigger_fulfillment.messages - Page.transition_routes.trigger_fulfillment.conditional_cases - If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the page. - Format: projects//locations//agents//flows//pages/. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the page, unique within the agent. - - !ruby/object:Api::Type::NestedObject - name: 'entryFulfillment' - description: | - The fulfillment to call when the session is entering the page. - properties: - - !ruby/object:Api::Type::Array - name: 'messages' - description: | - The list of rich message responses to present to the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'text' - description: | - The text response message. - properties: - - !ruby/object:Api::Type::Array - name: 'text' - description: | - A collection of text responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'allowPlaybackInterruption' - output: true - description: | - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - - !ruby/object:Api::Type::String - name: 'webhook' - description: | - The webhook to call. Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::Boolean - name: 'returnPartialResponses' - description: | - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - - !ruby/object:Api::Type::NestedObject - name: 'form' - description: | - The form associated with the page, used for collecting parameters relevant to the page. - properties: - - !ruby/object:Api::Type::Array - name: 'parameters' - description: | - Parameters to collect from the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The human-readable name of the parameter, unique within the form. - - !ruby/object:Api::Type::Boolean - name: 'required' - description: | - Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. - Required parameters must be filled before form filling concludes. - - !ruby/object:Api::Type::String - name: 'entityType' - description: | - The entity type of the parameter. - Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. - - !ruby/object:Api::Type::Boolean - name: 'isList' - description: | - Indicates whether the parameter represents a list of values. - - !ruby/object:Api::Type::NestedObject - name: 'fillBehavior' - description: | - Defines fill behavior for the parameter. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'initialPromptFulfillment' - description: | - The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter. - properties: - - !ruby/object:Api::Type::Array - name: 'messages' - description: | - The list of rich message responses to present to the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'text' - description: | - The text response message. - properties: - - !ruby/object:Api::Type::Array - name: 'text' - description: | - A collection of text responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'allowPlaybackInterruption' - output: true - description: | - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - - !ruby/object:Api::Type::String - name: 'webhook' - description: | - The webhook to call. Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::Boolean - name: 'returnPartialResponses' - description: | - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - - !ruby/object:Api::Type::Boolean - name: 'redact' - description: | - Indicates whether the parameter content should be redacted in log. - If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. - - !ruby/object:Api::Type::Array - name: 'transitionRouteGroups' - description: | - Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. - If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. - If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. - Format:projects//locations//agents//flows//transitionRouteGroups/. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'transitionRoutes' - description: | - A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. - When we are in a certain page, the TransitionRoutes are evalauted in the following order: - TransitionRoutes defined in the page with intent specified. - TransitionRoutes defined in the transition route groups with intent specified. - TransitionRoutes defined in flow with intent specified. - TransitionRoutes defined in the transition route groups with intent specified. - TransitionRoutes defined in the page with only condition specified. - TransitionRoutes defined in the transition route groups with only condition specified. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of this transition route. - - !ruby/object:Api::Type::String - name: 'intent' - description: | - The unique identifier of an Intent. - Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. - - !ruby/object:Api::Type::String - name: 'condition' - description: | - The condition to evaluate against form parameters or session parameters. - At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. - - !ruby/object:Api::Type::NestedObject - name: 'triggerFulfillment' - description: | - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. - properties: - - !ruby/object:Api::Type::Array - name: 'messages' - description: | - The list of rich message responses to present to the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'text' - description: | - The text response message. - properties: - - !ruby/object:Api::Type::Array - name: 'text' - description: | - A collection of text responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'allowPlaybackInterruption' - output: true - description: | - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - - !ruby/object:Api::Type::String - name: 'webhook' - description: | - The webhook to call. Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::Boolean - name: 'returnPartialResponses' - description: | - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - - !ruby/object:Api::Type::String - name: 'targetPage' - description: | - The target page to transition to. - Format: projects//locations//agents//flows//pages/. - - !ruby/object:Api::Type::String - name: 'targetFlow' - description: | - The target flow to transition to. - Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::Array - name: 'eventHandlers' - description: | - Handlers associated with the page to handle events such as webhook errors, no match or no input. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of this event handler. - - !ruby/object:Api::Type::String - name: 'event' - description: | - The name of the event to handle. - - !ruby/object:Api::Type::NestedObject - name: 'triggerFulfillment' - description: | - The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks. - properties: - - !ruby/object:Api::Type::Array - name: 'messages' - description: | - The list of rich message responses to present to the user. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'text' - description: | - The text response message. - properties: - - !ruby/object:Api::Type::Array - name: 'text' - description: | - A collection of text responses. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'allowPlaybackInterruption' - output: true - description: | - Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request. - - !ruby/object:Api::Type::String - name: 'webhook' - description: | - The webhook to call. Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::Boolean - name: 'returnPartialResponses' - description: | - Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks. - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified. - - !ruby/object:Api::Type::String - name: 'targetPage' - description: | - The target page to transition to. - Format: projects//locations//agents//flows//pages/. - - !ruby/object:Api::Type::String - name: 'targetFlow' - description: | - The target flow to transition to. - Format: projects//locations//agents//flows/. - - !ruby/object:Api::Resource - name: 'EntityType' - base_url: "{{parent}}/entityTypes" - update_verb: :PATCH - update_mask: true - description: | - Entities are extracted from user input and represent parameters that are meaningful to your application. - For example, a date range, a proper name such as a geographic location or landmark, and so on. Entities represent actionable data for your application. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.entityTypes' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The agent to create a entity type for. - Format: projects//locations//agents/. - - !ruby/object:Api::Type::String - name: 'languageCode' - description: | - The language of the following fields in entityType: - EntityType.entities.value - EntityType.entities.synonyms - EntityType.excluded_phrases.value - If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the entity type. - Format: projects//locations//agents//entityTypes/. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the entity type, unique within the agent. - - !ruby/object:Api::Type::Enum - name: 'kind' - required: true - description: | - Indicates whether the entity type can be automatically expanded. - * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. - * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). - * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. - values: - - :KIND_MAP - - :KIND_LIST - - :KIND_REGEXP - - !ruby/object:Api::Type::Enum - name: 'autoExpansionMode' - description: | - Represents kinds of entities. - * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. - * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. - values: - - :AUTO_EXPANSION_MODE_DEFAULT - - :AUTO_EXPANSION_MODE_UNSPECIFIED - - !ruby/object:Api::Type::Array - name: 'entities' - required: true - description: | - The collection of entity entries associated with the entity type. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'value' - description: | - The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. - For KIND_MAP entity types: A canonical value to be used in place of synonyms. - For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). - - !ruby/object:Api::Type::Array - name: 'synonyms' - item_type: Api::Type::String - description: | - A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. - For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. - - !ruby/object:Api::Type::Array - name: 'excludedPhrases' - description: | - Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. - If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'value' - description: | - The word or phrase to be excluded. - - !ruby/object:Api::Type::Boolean - name: 'enableFuzzyExtraction' - description: | - Enables fuzzy entity extraction during classification. - - !ruby/object:Api::Type::Boolean - name: 'redact' - description: | - Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging. - - !ruby/object:Api::Resource - name: 'Environment' - base_url: "{{parent}}/environments" - update_verb: :PATCH - update_mask: true - description: | - Represents an environment for an agent. You can create multiple versions of your agent and publish them to separate environments. - When you edit an agent, you are editing the draft agent. At any point, you can save the draft agent as an agent version, which is an immutable snapshot of your agent. - When you save the draft agent, it is published to the default environment. When you create agent versions, you can publish them to custom environments. You can create a variety of custom environments for testing, development, production, etc. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.environments' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - full_url: 'https://{{location}}-dialogflow.googleapis.com/v3/{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 60 - update_minutes: 60 - delete_minutes: 60 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The Agent to create an Environment for. - Format: projects//locations//agents/. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The name of the environment. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The human-readable name of the environment (unique in an agent). Limit of 64 characters. - - !ruby/object:Api::Type::String - name: 'description' - description: | - The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected. - - !ruby/object:Api::Type::Array - name: 'versionConfigs' - required: true - description: | - A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'version' - required: true - description: | - Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}. - - !ruby/object:Api::Type::Time - name: 'updateTime' - output: true - description: 'Update time of this environment. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".' - - !ruby/object:Api::Resource - name: 'Webhook' - base_url: "{{parent}}/webhooks" - update_verb: :PATCH - update_mask: true - description: | - Webhooks host the developer's business logic. During a session, webhooks allow the developer to use the data extracted by Dialogflow's natural language processing to generate dynamic responses, validate collected data, or trigger actions on the backend. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dialogflow/cx/docs' - api: 'https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.webhooks' - parameters: - - !ruby/object:Api::Type::String - name: parent - url_param_only: true - input: true - description: | - The agent to create a webhook for. - Format: projects//locations//agents/. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the webhook. - Format: projects//locations//agents//webhooks/. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The human-readable name of the webhook, unique within the agent. - required: true - - !ruby/object:Api::Type::String - name: 'timeout' - description: | - Webhook execution timeout. - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Indicates whether the webhook is disabled. - - !ruby/object:Api::Type::NestedObject - name: 'genericWebService' - description: | - Configuration for a generic web service. - properties: - - !ruby/object:Api::Type::String - name: 'uri' - description: | - Whether to use speech adaptation for speech recognition. - required: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'requestHeaders' - description: | - The HTTP request headers to send together with webhook requests. - input: true - - !ruby/object:Api::Type::Array - name: 'allowedCaCerts' - description: | - Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'serviceDirectory' - description: | - Configuration for a Service Directory service. - properties: - - !ruby/object:Api::Type::String - name: 'service' - description: | - The name of Service Directory service. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'genericWebService' - description: | - The name of Service Directory service. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'uri' - description: | - Whether to use speech adaptation for speech recognition. - required: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'requestHeaders' - description: | - The HTTP request headers to send together with webhook requests. - input: true - - !ruby/object:Api::Type::Array - name: 'allowedCaCerts' - description: | - Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'startFlow' - output: true - description: | - Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects//locations//agents//flows/. - - !ruby/object:Api::Type::String - name: 'securitySettings' - description: | - Name of the SecuritySettings reference for the agent. Format: projects//locations//securitySettings/. - - !ruby/object:Api::Type::Boolean - name: 'enableStackdriverLogging' - description: | - Determines whether this agent should log conversation queries. - - !ruby/object:Api::Type::Boolean - name: 'enableSpellCorrection' - description: | - Indicates if automatic spell correction is enabled in detect intent requests. \ No newline at end of file diff --git a/mmv1/products/dialogflowcx/product.yaml b/mmv1/products/dialogflowcx/product.yaml new file mode 100644 index 000000000000..620bc0c296c9 --- /dev/null +++ b/mmv1/products/dialogflowcx/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DialogflowCX +display_name: Dialogflow CX +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://{{location}}-dialogflow.googleapis.com/v3/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Dialogflow API + url: https://console.cloud.google.com/apis/library/dialogflow.googleapis.com diff --git a/mmv1/products/dlp/DeidentifyTemplate.yaml b/mmv1/products/dlp/DeidentifyTemplate.yaml new file mode 100644 index 000000000000..545aecb32370 --- /dev/null +++ b/mmv1/products/dlp/DeidentifyTemplate.yaml @@ -0,0 +1,1540 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DeidentifyTemplate' +create_url: "{{parent}}/deidentifyTemplates" +self_link: "{{parent}}/deidentifyTemplates/{{name}}" +base_url: "{{parent}}/deidentifyTemplates" +update_verb: :PATCH +update_mask: true +description: | + Allows creation of templates to de-identify content. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dlp/docs/concepts-templates' + api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates' +parameters: + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The parent of the template in any of the following formats: + + * `projects/{{project}}` + * `projects/{{project}}/locations/{{location}}` + * `organizations/{{organization_id}}` + * `organizations/{{organization_id}}/locations/{{location}}` + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the template. Set by the server. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the template. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + User set display name of the template. + - !ruby/object:Api::Type::NestedObject + name: 'deidentifyConfig' + required: true + description: Configuration of the deidentify template + properties: + - !ruby/object:Api::Type::NestedObject + name: 'infoTypeTransformations' + description: Treat the dataset as free-form text and apply the same free text transformation everywhere + exactly_one_of: + - deidentify_config.0.info_type_transformations + - deidentify_config.0.record_transformations + properties: + - !ruby/object:Api::Type::Array + name: 'transformations' + required: true + description: | + Transformation for each infoType. Cannot specify more than one for a given infoType. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'infoTypes' + description: | + InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to + all findings that correspond to infoTypes that were requested in InspectConfig. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the information type. + - !ruby/object:Api::Type::NestedObject + name: 'primitiveTransformation' + required: true + description: | + Primitive transformation to apply to the infoType. + The `primitive_transformation` block must only contain one argument, corresponding to the type of transformation. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'replaceConfig' + description: | + Replace each input value with a given value. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'newValue' + required: true + description: | + Replace each input value with a given value. + The `new_value` block must only contain one argument. For example when replacing the contents of a string-type field, only `string_value` should be set. + properties: + - !ruby/object:Api::Type::Integer + name: 'integerValue' + description: | + An integer value. + - !ruby/object:Api::Type::Double + name: 'floatValue' + description: | + A float value. + - !ruby/object:Api::Type::String + name: 'stringValue' + description: | + A string value. + - !ruby/object:Api::Type::Boolean + name: 'booleanValue' + description: | + A boolean value. + - !ruby/object:Api::Type::String + name: 'timestampValue' + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: 'timeValue' + description: | + Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: 'hours' + description: | + Hours of day in 24 hour format. Should be from 0 to 23. + - !ruby/object:Api::Type::Integer + name: 'minutes' + description: | + Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: 'seconds' + description: | + Seconds of minutes of the time. Must normally be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: 'dateValue' + description: | + Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: 'year' + description: | + Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. + - !ruby/object:Api::Type::Integer + name: 'month' + description: | + Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. + - !ruby/object:Api::Type::Integer + name: 'day' + description: | + Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a + year by itself or a year and month where the day is not significant. + - !ruby/object:Api::Type::Enum + name: 'dayOfWeekValue' + description: | + Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::Boolean + name: 'replaceWithInfoTypeConfig' + description: | + Replace each matching finding with the name of the info type. + - !ruby/object:Api::Type::NestedObject + name: 'characterMaskConfig' + description: | + Partially mask a string by replacing a given number of characters with a fixed character. + Masking can start from the beginning or end of the string. + properties: + - !ruby/object:Api::Type::String + name: 'maskingCharacter' + description: | + Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string + such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for + strings, and 0 for digits. + - !ruby/object:Api::Type::Integer + name: 'numberToMask' + description: | + Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. + - !ruby/object:Api::Type::Boolean + name: 'reverseOrder' + description: | + Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is `false`, then the + input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. + - !ruby/object:Api::Type::Array + name: 'charactersToIgnore' + description: | + Characters to skip when doing de-identification of a value. These will be left alone and skipped. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'charactersToSkip' + description: | + Characters to not transform when masking. + - !ruby/object:Api::Type::Enum + name: 'commonCharactersToIgnore' + description: | + Common characters to not transform when masking. Useful to avoid removing punctuation. + values: + - :NUMERIC + - :ALPHA_UPPER_CASE + - :ALPHA_LOWER_CASE + - :PUNCTUATION + - :WHITESPACE + - !ruby/object:Api::Type::NestedObject + name: 'cryptoDeterministicConfig' + description: | + Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297). + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKey' + description: | + The key used by the encryption function. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'transient' + description: | + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + - !ruby/object:Api::Type::NestedObject + name: 'unwrapped' + description: | + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + properties: + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + A 128/192/256 bit key. + + A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'kmsWrapped' + description: | + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). + Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). + properties: + - !ruby/object:Api::Type::String + name: 'wrappedKey' + required: true + description: | + The wrapped data crypto key. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: 'cryptoKeyName' + required: true + description: | + The resource name of the KMS CryptoKey to use for unwrapping. + - !ruby/object:Api::Type::NestedObject + name: 'surrogateInfoType' + description: | + The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} + + For example, if the name of custom info type is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' + + This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. + + Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. + + In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either + + * reverse a surrogate that does not correspond to an actual identifier + * be unable to parse the surrogate and result in an error + + Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE. + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + - !ruby/object:Api::Type::String + name: 'version' + description: | + Optional version name for this InfoType. + - !ruby/object:Api::Type::NestedObject + name: 'context' + description: | + A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. + + If the context is not set, plaintext would be used as is for encryption. If the context is set but: + + 1. there is no record present when transforming a given value or + 2. the field is not present when transforming a given value, + + plaintext would be used as is for encryption. + + Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name describing the field. + - !ruby/object:Api::Type::NestedObject + name: 'cryptoReplaceFfxFpeConfig' + description: | + Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `content.reidentify` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more. + + Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKey' + description: | + The key used by the encryption algorithm. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'transient' + description: | + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + - !ruby/object:Api::Type::NestedObject + name: 'unwrapped' + description: | + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + properties: + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + A 128/192/256 bit key. + + A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'kmsWrapped' + description: | + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). + Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). + properties: + - !ruby/object:Api::Type::String + name: 'wrappedKey' + required: true + description: | + The wrapped data crypto key. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: 'cryptoKeyName' + required: true + description: | + The resource name of the KMS CryptoKey to use for unwrapping. + - !ruby/object:Api::Type::NestedObject + name: 'context' + description: | + The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. + + If the context is set but: + + 1. there is no record present when transforming a given value or + 2. the field is not present when transforming a given value, + + a default tweak will be used. + + Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. + + The tweak is constructed as a sequence of bytes in big endian byte order such that: + + * a 64 bit integer is encoded followed by a single byte of value 1 + * a string is encoded in UTF-8 format followed by a single byte of value 2 + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name describing the field. + - !ruby/object:Api::Type::NestedObject + name: 'surrogateInfoType' + description: | + The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\_type\_name(surrogate\_character\_count):surrogate + + For example, if the name of custom infoType is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' + + This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. + + In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + - !ruby/object:Api::Type::String + name: 'version' + description: | + Optional version name for this InfoType. + - !ruby/object:Api::Type::Enum + name: 'commonAlphabet' + description: | + Common alphabets. + values: + - :FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED #Unused. + - :NUMERIC #[0-9] (radix of 10) + - :HEXADECIMAL #[0-9A-F] (radix of 16) + - :UPPER_CASE_ALPHA_NUMERIC #[0-9A-Z] (radix of 36) + - :ALPHA_NUMERIC #[0-9A-Za-z] (radix of 62) + - !ruby/object:Api::Type::String + name: 'customAlphabet' + description: | + This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \[2, 95\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: + + ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"'<,>.?/`` + - !ruby/object:Api::Type::Integer + name: 'radix' + description: | + The native way to select the alphabet. Must be in the range \[2, 95\]. + - !ruby/object:Api::Type::NestedObject + name: 'recordTransformations' + description: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. + exactly_one_of: + - deidentify_config.0.info_type_transformations + - deidentify_config.0.record_transformations + properties: + - !ruby/object:Api::Type::Array + name: 'fieldTransformations' + description: Transform the record by applying various field transformations. + at_least_one_of: + - deidentify_config.0.record_transformations.0.field_transformations + - deidentify_config.0.record_transformations.0.record_suppressions + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: fields + description : | + Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. + FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type". + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + description: Name describing the field. + - !ruby/object:Api::Type::NestedObject + name: condition + description: | + Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. + Example Use Cases: + - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. + - Redact a field if the date of birth field is greater than 85. + properties: + - !ruby/object:Api::Type::NestedObject + name: expressions + description: An expression. + properties: + - !ruby/object:Api::Type::Enum + name: logicalOperator + description: The operator to apply to the result of conditions. Default and currently only supported value is AND + default_value: :AND + values: + - :AND + - !ruby/object:Api::Type::NestedObject + name: conditions + description: Conditions to apply to the expression. + properties: + - !ruby/object:Api::Type::Array + name: conditions + description: A collection of conditions. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: field + description: Field within the record this condition is evaluated against. + required: true + properties: + - !ruby/object:Api::Type::String + name: name + description: Name describing the field. + - !ruby/object:Api::Type::Enum + name: operator + description: Operator used to compare the field or infoType to the value. + required: true + values: + - :EQUAL_TO + - :NOT_EQUAL_TO + - :GREATER_THAN + - :LESS_THAN + - :GREATER_THAN_OR_EQUALS + - :LESS_THAN_OR_EQUALS + - :EXISTS + - !ruby/object:Api::Type::NestedObject + name: value + description: | + Value to compare against. + The `value` block must only contain one argument. For example when a condition is evaluated against a string-type field, only `string_value` should be set. + This argument is mandatory, except for conditions using the `EXISTS` operator. + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: primitiveTransformation + required: true + description: | + Apply the transformation to the entire field. + The `primitive_transformation` block must only contain one argument, corresponding to the type of transformation. + properties: + - !ruby/object:Api::Type::NestedObject + name: replaceConfig + description: Replace with a specified value. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'newValue' + required: true + description: | + Replace each input value with a given value. + The `new_value` block must only contain one argument. For example when replacing the contents of a string-type field, only `string_value` should be set. + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: redactConfig + description: | + Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. + properties: [] # Meant to be an empty object with no properties - see here : https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates#redactconfig + # The fields below are necessary to include the "redactConfig" transformation in the payload + # A side-effect is null values when the field is unused, see: https://github.com/hashicorp/terraform-provider-google/issues/13201 + send_empty_value: true + allow_empty_object: true + - !ruby/object:Api::Type::NestedObject + name: characterMaskConfig + description: | + Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3). + properties: + - !ruby/object:Api::Type::String + name: 'maskingCharacter' + description: | + Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string + such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for + strings, and 0 for digits. + - !ruby/object:Api::Type::Integer + name: 'numberToMask' + description: | + Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. + If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: + - `masking_character` is * + - `number_to_mask` is -4 + - `reverse_order` is false + - `characters_to_ignore` includes - + - Input string is 1234-5678-9012-3456 + + The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****. + - !ruby/object:Api::Type::Boolean + name: 'reverseOrder' + description: | + Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is `false`, then the + input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. + - !ruby/object:Api::Type::Array + name: 'charactersToIgnore' + description: | + Characters to skip when doing de-identification of a value. These will be left alone and skipped. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'charactersToSkip' + description: | + Characters to not transform when masking. + - !ruby/object:Api::Type::Enum + name: 'commonCharactersToIgnore' + description: | + Common characters to not transform when masking. Useful to avoid removing punctuation. + values: + - :NUMERIC + - :ALPHA_UPPER_CASE + - :ALPHA_LOWER_CASE + - :PUNCTUATION + - :WHITESPACE + - !ruby/object:Api::Type::NestedObject + name: 'cryptoReplaceFfxFpeConfig' + description: | + Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `content.reidentify` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more. + + Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKey' + description: | + The key used by the encryption algorithm. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'transient' + description: | + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + - !ruby/object:Api::Type::NestedObject + name: 'unwrapped' + description: | + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + properties: + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + A 128/192/256 bit key. + + A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'kmsWrapped' + description: | + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). + Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). + properties: + - !ruby/object:Api::Type::String + name: 'wrappedKey' + required: true + description: | + The wrapped data crypto key. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: 'cryptoKeyName' + required: true + description: | + The resource name of the KMS CryptoKey to use for unwrapping. + - !ruby/object:Api::Type::NestedObject + name: 'context' + description: | + The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. + + If the context is set but: + + 1. there is no record present when transforming a given value or + 2. the field is not present when transforming a given value, + + a default tweak will be used. + + Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. + + The tweak is constructed as a sequence of bytes in big endian byte order such that: + + * a 64 bit integer is encoded followed by a single byte of value 1 + * a string is encoded in UTF-8 format followed by a single byte of value 2 + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name describing the field. + - !ruby/object:Api::Type::NestedObject + name: 'surrogateInfoType' + description: | + The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\_type\_name(surrogate\_character\_count):surrogate + + For example, if the name of custom infoType is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' + + This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. + + In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + - !ruby/object:Api::Type::String + name: 'version' + description: | + Optional version name for this InfoType. + - !ruby/object:Api::Type::Enum + name: 'commonAlphabet' + description: | + Common alphabets. + values: + - :FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED #Unused. + - :NUMERIC #[0-9] (radix of 10) + - :HEXADECIMAL #[0-9A-F] (radix of 16) + - :UPPER_CASE_ALPHA_NUMERIC #[0-9A-Z] (radix of 36) + - :ALPHA_NUMERIC #[0-9A-Za-z] (radix of 62) + - !ruby/object:Api::Type::String + name: 'customAlphabet' + description: | + This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \[2, 95\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: + + ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"'<,>.?/`` + - !ruby/object:Api::Type::Integer + name: 'radix' + description: | + The native way to select the alphabet. Must be in the range \[2, 95\]. + - !ruby/object:Api::Type::NestedObject + name: fixedSizeBucketingConfig + description: | + Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. + + The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". + + This can be used on data of type: double, long. + + If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. + + See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. + properties: + - !ruby/object:Api::Type::NestedObject + name: lowerBound + description: | + Lower bound value of buckets. + All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value "-10". + The `lower_bound` block must only contain one argument. See the `fixed_size_bucketing_config` block description for more information about choosing a data type. + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + required: true + - !ruby/object:Api::Type::NestedObject + name: upperBound + description: | + Upper bound value of buckets. + All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value "89+". + The `upper_bound` block must only contain one argument. See the `fixed_size_bucketing_config` block description for more information about choosing a data type. + required: true + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::Double + name: bucketSize + description: | + Size of each bucket (except for minimum and maximum buckets). + So if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. + Precision up to 2 decimals works. + required: true + - !ruby/object:Api::Type::NestedObject + name: bucketingConfig + description: | + Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH + This can be used on data of type: number, long, string, timestamp. + If the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. + See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. + properties: + - !ruby/object:Api::Type::Array + name: buckets + description: | + Set of buckets. Ranges must be non-overlapping. + Bucket is represented as a range, along with replacement values. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: min + description: | + Lower bound of the range, inclusive. Type should be the same as max if used. + The `min` block must only contain one argument. See the `bucketing_config` block description for more information about choosing a data type. + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: max + description: | + Upper bound of the range, exclusive; type must match min. + The `max` block must only contain one argument. See the `bucketing_config` block description for more information about choosing a data type. + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: replacementValue + required: true + description: | + Replacement value for this bucket. + The `replacement_value` block must only contain one argument. + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: timePartConfig + description: For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value. + properties: + - !ruby/object:Api::Type::Enum + name: partToExtract + description: The part of the time to keep. + values: + - :YEAR # [0-9999] + - :MONTH # [1-12] + - :DAY_OF_MONTH # [1-31] + - :DAY_OF_WEEK # [1-7] + - :WEEK_OF_YEAR # [1-53] + - :HOUR_OF_DAY # [0-23] + - !ruby/object:Api::Type::NestedObject + name: cryptoHashConfig + description: | + Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. + Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). + Currently, only string and integer values can be hashed. + See https://cloud.google.com/dlp/docs/pseudonymization to learn more. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKey' + description: | + The key used by the encryption function. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'transient' + description: | + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + - !ruby/object:Api::Type::NestedObject + name: 'unwrapped' + description: | + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + properties: + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + A 128/192/256 bit key. + + A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'kmsWrapped' + description: | + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). + Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). + properties: + - !ruby/object:Api::Type::String + name: 'wrappedKey' + required: true + description: | + The wrapped data crypto key. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: 'cryptoKeyName' + required: true + description: | + The resource name of the KMS CryptoKey to use for unwrapping. + - !ruby/object:Api::Type::NestedObject + name: dateShiftConfig + description: | + Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. + properties: + - !ruby/object:Api::Type::Integer + name: upperBoundDays + required: true + description: | + Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. + + For example, 3 means shift date to at most 3 days into the future. + - !ruby/object:Api::Type::Integer + name: lowerBoundDays + required: true + description: | + For example, -5 means shift date to at most 5 days back in the past. + - !ruby/object:Api::Type::NestedObject + name: 'context' + description: | + Points to the field that contains the context, for example, an entity id. + If set, must also set cryptoKey. If set, shift will be consistent for the given context. + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name describing the field. + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKey' + description: | + Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'transient' + description: | + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + - !ruby/object:Api::Type::NestedObject + name: 'unwrapped' + description: | + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + properties: + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + A 128/192/256 bit key. + + A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'kmsWrapped' + description: | + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). + Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). + properties: + - !ruby/object:Api::Type::String + name: 'wrappedKey' + required: true + description: | + The wrapped data crypto key. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: 'cryptoKeyName' + required: true + description: | + The resource name of the KMS CryptoKey to use for unwrapping. + - !ruby/object:Api::Type::NestedObject + name: cryptoDeterministicConfig + description: | + Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297). + properties: + - !ruby/object:Api::Type::NestedObject + name: 'cryptoKey' + description: | + The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'transient' + description: | + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + - !ruby/object:Api::Type::NestedObject + name: 'unwrapped' + description: | + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + properties: + - !ruby/object:Api::Type::String + name: 'key' + required: true + description: | + A 128/192/256 bit key. + + A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'kmsWrapped' + description: | + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). + Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). + properties: + - !ruby/object:Api::Type::String + name: 'wrappedKey' + required: true + description: | + The wrapped data crypto key. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: 'cryptoKeyName' + required: true + description: | + The resource name of the KMS CryptoKey to use for unwrapping. + - !ruby/object:Api::Type::NestedObject + name: 'surrogateInfoType' + description: | + The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} + + For example, if the name of custom info type is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' + + This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. + + Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. + + In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either + + * reverse a surrogate that does not correspond to an actual identifier + * be unable to parse the surrogate and result in an error + + Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE. + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + - !ruby/object:Api::Type::String + name: 'version' + description: | + Optional version name for this InfoType. + - !ruby/object:Api::Type::NestedObject + name: 'context' + description: | + A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. + + If the context is not set, plaintext would be used as is for encryption. If the context is set but: + + 1. there is no record present when transforming a given value or + 2. the field is not present when transforming a given value, + + plaintext would be used as is for encryption. + + Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name describing the field. + - !ruby/object:Api::Type::NestedObject + name: replaceDictionaryConfig + description: Replace with a value randomly drawn (with replacement) from a dictionary. + properties: + - !ruby/object:Api::Type::NestedObject + name: wordList + description: | + A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries. + properties: + - !ruby/object:Api::Type::Array + name: words + required: true + description: | + Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'recordSuppressions' + description: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. + at_least_one_of: + - deidentify_config.0.record_transformations.0.field_transformations + - deidentify_config.0.record_transformations.0.record_suppressions + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: condition + description: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. + properties: + - !ruby/object:Api::Type::NestedObject + name: expressions + description: An expression, consisting of an operator and conditions. + properties: + - !ruby/object:Api::Type::Enum + name: logicalOperator + description: The operator to apply to the result of conditions. Default and currently only supported value is AND. + default_value: :AND + values: + - :AND + - !ruby/object:Api::Type::NestedObject + name: conditions + description: Conditions to apply to the expression. + properties: + - !ruby/object:Api::Type::Array + name: conditions + description: A collection of conditions. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: field + description: Field within the record this condition is evaluated against. + required: true + properties: + - !ruby/object:Api::Type::String + name: name + description: Name describing the field. + - !ruby/object:Api::Type::Enum + name: operator + description: Operator used to compare the field or infoType to the value. + required: true + values: + - :EQUAL_TO + - :NOT_EQUAL_TO + - :GREATER_THAN + - :LESS_THAN + - :GREATER_THAN_OR_EQUALS + - :LESS_THAN_OR_EQUALS + - :EXISTS + - !ruby/object:Api::Type::NestedObject + name: value + description: Value to compare against. [Mandatory, except for EXISTS tests.] + properties: + - !ruby/object:Api::Type::String + name: integerValue + description: An integer value (int64 format) + - !ruby/object:Api::Type::Double + name: floatValue + description: A float value. + - !ruby/object:Api::Type::String + name: stringValue + description: A string value. + - !ruby/object:Api::Type::Boolean + name: booleanValue + description: A boolean value. + - !ruby/object:Api::Type::String + name: timestampValue + description: | + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: timeValue + description: Represents a time of day. + properties: + - !ruby/object:Api::Type::Integer + name: hours + description: | + Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: minutes + description: Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: seconds + description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: nanos + description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: dateValue + description: Represents a whole or partial calendar date. + properties: + - !ruby/object:Api::Type::Integer + name: year + description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. + - !ruby/object:Api::Type::Integer + name: month + description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. + - !ruby/object:Api::Type::Integer + name: day + description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. + - !ruby/object:Api::Type::Enum + name: dayOfWeekValue + description: Represents a day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + diff --git a/mmv1/products/dlp/InspectTemplate.yaml b/mmv1/products/dlp/InspectTemplate.yaml new file mode 100644 index 000000000000..52ec762931ca --- /dev/null +++ b/mmv1/products/dlp/InspectTemplate.yaml @@ -0,0 +1,395 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InspectTemplate' +create_url: "{{parent}}/inspectTemplates" +self_link: "{{parent}}/inspectTemplates/{{name}}" +base_url: "{{parent}}/inspectTemplates" +update_verb: :PATCH +update_mask: true +description: | + An inspect job template. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dlp/docs/creating-templates-inspect' + api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.inspectTemplates' +parameters: + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The parent of the inspect template in any of the following formats: + + * `projects/{{project}}` + * `projects/{{project}}/locations/{{location}}` + * `organizations/{{organization_id}}` + * `organizations/{{organization_id}}/locations/{{location}}` + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the inspect template. Set by the server. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the inspect template. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + User set display name of the inspect template. + - !ruby/object:Api::Type::NestedObject + name: 'inspectConfig' + description: The core content of the template. + properties: + - !ruby/object:Api::Type::Boolean + name: 'excludeInfoTypes' + description: When true, excludes type information of the findings. + - !ruby/object:Api::Type::Boolean + name: 'includeQuote' + description: When true, a contextual quote from the data that triggered a finding is included in the response. + - !ruby/object:Api::Type::Enum + name: 'minLikelihood' + description: | + Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info + values: + - :VERY_UNLIKELY + - :UNLIKELY + - :POSSIBLE + - :LIKELY + - :VERY_LIKELY + default_value: :POSSIBLE + - !ruby/object:Api::Type::NestedObject + name: 'limits' + description: Configuration to control the number of findings returned. + properties: + - !ruby/object:Api::Type::Integer + name: 'maxFindingsPerItem' + description: Max number of findings that will be returned for each item scanned. The maximum returned is 2000. + required: true + - !ruby/object:Api::Type::Integer + name: 'maxFindingsPerRequest' + description: Max number of findings that will be returned per request/job. The maximum returned is 2000. + required: true + - !ruby/object:Api::Type::Array + name: 'maxFindingsPerInfoType' + description: | + Configuration of findings limit given for specified infoTypes. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'infoType' + required: true + description: | + Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does + not have an infoType, the DLP API applies the limit against all infoTypes that are found but not + specified in another InfoTypeLimit. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed + at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. + - !ruby/object:Api::Type::Integer + name: 'maxFindings' + description: Max findings limit for the given infoType. + required: true + - !ruby/object:Api::Type::Array + name: 'infoTypes' + description: | + Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + + When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. + By default this may be all types, but may change over time as detectors are updated. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed + at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. + - !ruby/object:Api::Type::String + name: 'version' + description: | + Version of the information type to use. By default, the version is set to stable + - !ruby/object:Api::Type::Array + name: 'contentOptions' + description: | + List of options defining data content to scan. If empty, text, images, and other content will be included. + item_type: !ruby/object:Api::Type::Enum + name: 'undefined' + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + values: + - :CONTENT_TEXT + - :CONTENT_IMAGE + - !ruby/object:Api::Type::Array + name: 'ruleSet' + description: | + Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for each info type. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'infoTypes' + required: true + description: | + List of infoTypes this rule set is applied to. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed + at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. + - !ruby/object:Api::Type::Array + name: 'rules' + required: true + description: | + Set of rules to be applied to infoTypes. The rules are applied in order. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'hotwordRule' + description: Hotword-based detection rule. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'hotwordRegex' + required: true + description: Regular expression pattern defining what qualifies as a hotword. + properties: + - !ruby/object:Api::Type::String + name: 'pattern' + required: true + description: | + Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. + - !ruby/object:Api::Type::Array + name: 'groupIndexes' + description: | + The index of the submatch to extract as findings. When not specified, + the entire match is returned. No more than 3 may be included. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::NestedObject + name: 'proximity' + required: true + description: | + Proximity of the finding within which the entire hotword must reside. The total length of the window cannot + exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be + used to match substrings of the finding itself. For example, the certainty of a phone number regex + `(\d{3}) \d{3}-\d{4}` could be adjusted upwards if the area code is known to be the local area code of a company + office using the hotword regex `(xxx)`, where `xxx` is the area code in question. + properties: + - !ruby/object:Api::Type::Integer + name: 'windowBefore' + description: | + Number of characters before the finding to consider. Either this or window_after must be specified + - !ruby/object:Api::Type::Integer + name: 'windowAfter' + description: | + Number of characters after the finding to consider. Either this or window_before must be specified + - !ruby/object:Api::Type::NestedObject + name: 'likelihoodAdjustment' + required: true + description: | + Likelihood adjustment to apply to all matching findings. + properties: + - !ruby/object:Api::Type::Enum + name: 'fixedLikelihood' + description: | + Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. + values: + - :VERY_UNLIKELY + - :UNLIKELY + - :POSSIBLE + - :LIKELY + - :VERY_LIKELY + - !ruby/object:Api::Type::Integer + name: 'relativeLikelihood' + description: | + Increase or decrease the likelihood by the specified number of levels. For example, + if a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1, + then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. + Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an + adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY + will result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set. + - !ruby/object:Api::Type::NestedObject + name: 'exclusionRule' + description: The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results. + properties: + - !ruby/object:Api::Type::Enum + name: 'matchingType' + required: true + description: | + How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType + values: + - :MATCHING_TYPE_FULL_MATCH + - :MATCHING_TYPE_PARTIAL_MATCH + - :MATCHING_TYPE_INVERSE_MATCH + - !ruby/object:Api::Type::NestedObject + name: 'dictionary' + description: Dictionary which defines the rule. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'wordList' + description: List of words or phrases to search for. + properties: + - !ruby/object:Api::Type::Array + name: 'words' + required: true + description: | + Words or phrases defining the dictionary. The dictionary must contain at least one + phrase and every phrase must contain at least 2 characters that are letters or digits. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'cloudStoragePath' + description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. + properties: + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` + - !ruby/object:Api::Type::NestedObject + name: 'regex' + description: Regular expression which defines the rule. + properties: + - !ruby/object:Api::Type::String + name: 'pattern' + required: true + description: | + Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. + - !ruby/object:Api::Type::Array + name: 'groupIndexes' + description: | + The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::NestedObject + name: 'excludeInfoTypes' + description: Set of infoTypes for which findings would affect this rule. + properties: + - !ruby/object:Api::Type::Array + name: 'infoTypes' + required: true + description: | + If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed + at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. + - !ruby/object:Api::Type::Array + name: 'customInfoTypes' + description: | + Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'infoType' + required: true + description: | + CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing + infoTypes and that infoType is specified in `info_types` field. Specifying the latter adds findings to the + one detected by the system. If built-in info type is not specified in `info_types` list then the name is + treated as a custom info type. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. + - !ruby/object:Api::Type::Enum + name: 'likelihood' + description: | + Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria + specified by the rule. + values: + - :VERY_UNLIKELY + - :UNLIKELY + - :POSSIBLE + - :LIKELY + - :VERY_LIKELY + default_value: :VERY_LIKELY + - !ruby/object:Api::Type::Enum + name: 'exclusionType' + description: | + If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. + values: + - :EXCLUSION_TYPE_EXCLUDE + - !ruby/object:Api::Type::NestedObject + name: 'regex' + description: Regular expression which defines the rule. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'pattern' + required: true + description: | + Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. + - !ruby/object:Api::Type::Array + name: 'groupIndexes' + description: | + The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::NestedObject + name: 'dictionary' + description: Dictionary which defines the rule. + immutable: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'wordList' + description: List of words or phrases to search for. + properties: + - !ruby/object:Api::Type::Array + name: 'words' + required: true + description: | + Words or phrases defining the dictionary. The dictionary must contain at least one + phrase and every phrase must contain at least 2 characters that are letters or digits. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'cloudStoragePath' + description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. + properties: + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` + - !ruby/object:Api::Type::NestedObject + name: 'storedType' + description: A reference to a StoredInfoType to use with scanning. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Resource name of the requested StoredInfoType, for example `organizations/433245324/storedInfoTypes/432452342` + or `projects/project-id/storedInfoTypes/432452342`. + diff --git a/mmv1/products/dlp/JobTrigger.yaml b/mmv1/products/dlp/JobTrigger.yaml new file mode 100644 index 000000000000..bf5c641e02eb --- /dev/null +++ b/mmv1/products/dlp/JobTrigger.yaml @@ -0,0 +1,414 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'JobTrigger' +create_url: "{{parent}}/jobTriggers" +self_link: "{{parent}}/jobTriggers/{{name}}" +base_url: "{{parent}}/jobTriggers" +update_verb: :PATCH +update_mask: true +description: | + A job trigger configuration. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dlp/docs/creating-job-triggers' + api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.jobTriggers' +parameters: + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The parent of the trigger, either in the format `projects/{{project}}` + or `projects/{{project}}/locations/{{location}}` + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the job trigger. Set by the server. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the job trigger. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + User set display name of the job trigger. + - !ruby/object:Api::Type::Time + name: 'lastRunTime' + description: The timestamp of the last time this trigger executed. + output: true + - !ruby/object:Api::Type::Enum + name: 'status' + description: | + Whether the trigger is currently active. + values: + - :PAUSED + - :HEALTHY + - :CANCELLED + default_value: :HEALTHY + - !ruby/object:Api::Type::Array + name: 'triggers' + required: true + description: | + What event needs to occur for a new job to be started. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'schedule' + description: | + Schedule for triggered jobs + properties: + - !ruby/object:Api::Type::String + name: 'recurrencePeriodDuration' + description: | + With this option a job is started a regular periodic basis. For example: every day (86400 seconds). + + A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. + + This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::NestedObject + name: 'inspectJob' + description: Controls what and how to inspect for findings. + properties: + - !ruby/object:Api::Type::String + name: 'inspectTemplateName' + description: The name of the template to run when this job is triggered. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'storageConfig' + description: Information on where to inspect + required: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'timespanConfig' + description: Information on where to inspect + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + at_least_one_of: + - inspect_job.0.storage_config.0.timespan_config.0.start_time + - inspect_job.0.storage_config.0.timespan_config.0.end_time + description: Exclude files or rows older than this value. + - !ruby/object:Api::Type::String + name: 'endTime' + at_least_one_of: + - inspect_job.0.storage_config.0.timespan_config.0.start_time + - inspect_job.0.storage_config.0.timespan_config.0.end_time + description: Exclude files or rows newer than this value. If set to zero, no upper time limit is applied. + - !ruby/object:Api::Type::Boolean + name: 'enableAutoPopulationOfTimespanConfig' + description: | + When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid + scanning files that have not been modified since the last time the JobTrigger executed. This will + be based on the time of the execution of the last run of the JobTrigger. + - !ruby/object:Api::Type::NestedObject + name: 'timestampField' + description: Information on where to inspect + required: true + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. + + For BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was + modified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp + field are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column. + + For Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the + timestamp property does not exist or its value is empty or invalid. + - !ruby/object:Api::Type::NestedObject + name: 'datastoreOptions' + description: Options defining a data set within Google Cloud Datastore. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'partitionId' + required: true + description: | + Datastore partition ID. A partition ID identifies a grouping of entities. The grouping + is always by project and namespace, however the namespace ID may be empty. + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + required: true + description: The ID of the project to which the entities belong. + - !ruby/object:Api::Type::String + name: 'namespaceId' + description: If not empty, the ID of the namespace to which the entities belong. + - !ruby/object:Api::Type::NestedObject + name: 'kind' + required: true + description: | + A representation of a Datastore kind. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: The name of the Datastore kind. + - !ruby/object:Api::Type::NestedObject + name: 'cloudStorageOptions' + description: Options defining a file or a set of files within a Google Cloud Storage bucket. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fileSet' + required: true + description: | + Set of files to scan. + properties: + - !ruby/object:Api::Type::String + name: 'url' + exactly_one_of: + - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.url + - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.regex_file_set + description: | + The Cloud Storage url of the file(s) to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. + + If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned + non-recursively (content in sub-directories will not be scanned). This means that `gs://mybucket/` is + equivalent to `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to `gs://mybucket/directory/*`. + - !ruby/object:Api::Type::NestedObject + name: 'regexFileSet' + exactly_one_of: + - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.url + - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.regex_file_set + description: | + The regex-filtered set of files to scan. + properties: + - !ruby/object:Api::Type::String + name: 'bucketName' + required: true + description: The name of a Cloud Storage bucket. + - !ruby/object:Api::Type::Array + name: 'includeRegex' + item_type: Api::Type::String + description: | + A list of regular expressions matching file paths to include. All files in the bucket + that match at least one of these regular expressions will be included in the set of files, + except for those that also match an item in excludeRegex. Leaving this field empty will + match all files by default (this is equivalent to including .* in the list) + - !ruby/object:Api::Type::Array + name: 'excludeRegex' + item_type: Api::Type::String + description: | + A list of regular expressions matching file paths to exclude. All files in the bucket that match at + least one of these regular expressions will be excluded from the scan. + - !ruby/object:Api::Type::Integer + name: 'bytesLimitPerFile' + description: | + Max number of bytes to scan from a file. If a scanned file's size is bigger than this value + then the rest of the bytes are omitted. + - !ruby/object:Api::Type::Integer + name: 'bytesLimitPerFilePercent' + description: | + Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. + - !ruby/object:Api::Type::Integer + name: 'filesLimitPercent' + description: | + Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. + - !ruby/object:Api::Type::Array + name: 'fileTypes' + description: | + List of file type groups to include in the scan. If empty, all files are scanned and available data + format processors are applied. In addition, the binary content of the selected files is always scanned as well. + Images are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. + item_type: !ruby/object:Api::Type::Enum + name: 'undefined' + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + values: + - :BINARY_FILE + - :TEXT_FILE + - :IMAGE + - :WORD + - :PDF + - :AVRO + - :CSV + - :TSV + - !ruby/object:Api::Type::Enum + name: 'sampleMethod' + description: | + How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile. + If not specified, scanning would start from the top. + values: + - :TOP + - :RANDOM_START + - !ruby/object:Api::Type::NestedObject + name: 'bigQueryOptions' + description: Options defining BigQuery table and row identifiers. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'tableReference' + required: true + description: | + Set of files to scan. + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + required: true + description: | + The Google Cloud Platform project ID of the project containing the table. + - !ruby/object:Api::Type::String + name: 'datasetId' + required: true + description: | + The dataset ID of the table. + - !ruby/object:Api::Type::String + name: 'tableId' + required: true + description: | + The name of the table. + - !ruby/object:Api::Type::Integer + name: 'rowsLimit' + description: | + Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. + If not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be + specified. Cannot be used in conjunction with TimespanConfig. + - !ruby/object:Api::Type::Integer + name: 'rowsLimitPercent' + description: | + Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of + rowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig. + - !ruby/object:Api::Type::Enum + name: 'sampleMethod' + description: | + How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either + rowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. + values: + - :TOP + - :RANDOM_START + default_value: :TOP + - !ruby/object:Api::Type::Array + name: 'identifyingFields' + description: | + Specifies the BigQuery fields that will be returned with findings. + If not specified, no identifying fields will be returned for findings. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name of a BigQuery field to be returned with the findings. + - !ruby/object:Api::Type::Array + name: 'actions' + required: true + description: | + A task to execute on the completion of a job. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'saveFindings' + exactly_one_of: + - save_findings + - pub_sub + - publish_findings_to_cloud_data_catalog + - publish_summary_to_cscc + description: | + If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk + properties: + - !ruby/object:Api::Type::NestedObject + name: 'outputConfig' + required: true + description: | + Information on where to store output + properties: + - !ruby/object:Api::Type::NestedObject + name: 'table' + required: true + description: | + Information on the location of the target BigQuery Table. + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + required: true + description: | + The Google Cloud Platform project ID of the project containing the table. + - !ruby/object:Api::Type::String + name: 'datasetId' + required: true + description: | + Dataset ID of the table. + - !ruby/object:Api::Type::String + name: 'tableId' + description: | + Name of the table. If is not set a new one will be generated for you with the following format: + `dlp_googleapis_yyyy_mm_dd_[dlp_job_id]`. Pacific timezone will be used for generating the date details. + - !ruby/object:Api::Type::Enum + name: 'outputSchema' + description: | + Schema used for writing the findings for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding + object. If appending to an existing table, any columns from the predefined schema + that are missing will be added. No columns in the existing table will be deleted. + + If unspecified, then all available columns will be used for a new table or an (existing) + table with no schema, and no changes will be made to an existing table that has a schema. + Only for use with external storage. + values: + - :BASIC_COLUMNS + - :GCS_COLUMNS + - :DATASTORE_COLUMNS + - :BIG_QUERY_COLUMNS + - :ALL_COLUMNS + - !ruby/object:Api::Type::NestedObject + name: 'pubSub' + exactly_one_of: + - save_findings + - pub_sub + - publish_findings_to_cloud_data_catalog + - publish_summary_to_cscc + description: | + Publish a message into a given Pub/Sub topic when the job completes. + properties: + - !ruby/object:Api::Type::String + name: 'topic' + required: true + description: | + Cloud Pub/Sub topic to send notifications to. + - !ruby/object:Api::Type::NestedObject + name: 'publishSummaryToCscc' + exactly_one_of: + - save_findings + - pub_sub + - publish_findings_to_cloud_data_catalog + - publish_summary_to_cscc + allow_empty_object: true + send_empty_value: true + properties: [ ] + description: | + Publish the result summary of a DlpJob to the Cloud Security Command Center. + - !ruby/object:Api::Type::NestedObject + name: 'publishFindingsToCloudDataCatalog' + exactly_one_of: + - save_findings + - pub_sub + - publish_findings_to_cloud_data_catalog + - publish_summary_to_cscc + allow_empty_object: true + send_empty_value: true + properties: [ ] + description: | + Publish findings of a DlpJob to Data Catalog. diff --git a/mmv1/products/dlp/StoredInfoType.yaml b/mmv1/products/dlp/StoredInfoType.yaml new file mode 100644 index 000000000000..4f65830e2509 --- /dev/null +++ b/mmv1/products/dlp/StoredInfoType.yaml @@ -0,0 +1,180 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'StoredInfoType' +create_url: "{{parent}}/storedInfoTypes" +self_link: "{{parent}}/storedInfoTypes/{{name}}" +base_url: "{{parent}}/storedInfoTypes" +update_verb: :PATCH +update_mask: true +description: | + Allows creation of custom info types. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/dlp/docs/creating-stored-infotypes' + api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.storedInfoTypes' +parameters: + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The parent of the info type in any of the following formats: + + * `projects/{{project}}` + * `projects/{{project}}/locations/{{location}}` + * `organizations/{{organization_id}}` + * `organizations/{{organization_id}}/locations/{{location}}` + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the info type. Set by the server. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the info type. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + User set display name of the info type. + - !ruby/object:Api::Type::NestedObject + name: 'regex' + description: Regular expression which defines the rule. + immutable: true + exactly_one_of: + - dictionary + - regex + - large_custom_dictionary + properties: + - !ruby/object:Api::Type::String + name: 'pattern' + required: true + description: | + Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. + - !ruby/object:Api::Type::Array + name: 'groupIndexes' + immutable: true + description: | + The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::NestedObject + name: 'dictionary' + description: Dictionary which defines the rule. + immutable: true + exactly_one_of: + - dictionary + - regex + - large_custom_dictionary + properties: + - !ruby/object:Api::Type::NestedObject + name: 'wordList' + description: List of words or phrases to search for. + exactly_one_of: + - dictionary.0.word_list + - dictionary.0.cloud_storage_path + properties: + - !ruby/object:Api::Type::Array + name: 'words' + required: true + description: | + Words or phrases defining the dictionary. The dictionary must contain at least one + phrase and every phrase must contain at least 2 characters that are letters or digits. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'cloudStoragePath' + description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. + exactly_one_of: + - dictionary.0.word_list + - dictionary.0.cloud_storage_path + properties: + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` + - !ruby/object:Api::Type::NestedObject + name: 'largeCustomDictionary' + description: Dictionary which defines the rule. + immutable: true + exactly_one_of: + - dictionary + - regex + - large_custom_dictionary + properties: + - !ruby/object:Api::Type::NestedObject + name: 'outputPath' + required: true + description: | + Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. + If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used. + properties: + - !ruby/object:Api::Type::String + name: 'path' + required: true + description: | + A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` + - !ruby/object:Api::Type::NestedObject + name: 'cloudStorageFileSet' + description: Set of files containing newline-delimited lists of dictionary phrases. + exactly_one_of: + - large_custom_dictionary.0.cloud_storage_file_set + - large_custom_dictionary.0.big_query_field + properties: + - !ruby/object:Api::Type::String + name: 'url' + required: true + description: | + The url, in the format `gs:///`. Trailing wildcard in the path is allowed. + - !ruby/object:Api::Type::NestedObject + name: 'bigQueryField' + description: Field in a BigQuery table where each cell represents a dictionary phrase. + exactly_one_of: + - large_custom_dictionary.0.cloud_storage_file_set + - large_custom_dictionary.0.big_query_field + properties: + - !ruby/object:Api::Type::NestedObject + name: 'table' + description: Field in a BigQuery table where each cell represents a dictionary phrase. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'projectId' + required: true + description: | + The Google Cloud Platform project ID of the project containing the table. + - !ruby/object:Api::Type::String + name: 'datasetId' + required: true + description: | + The dataset ID of the table. + - !ruby/object:Api::Type::String + name: 'tableId' + required: true + description: | + The name of the table. + - !ruby/object:Api::Type::NestedObject + name: 'field' + description: Designated field in the BigQuery table. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + Name describing the field. diff --git a/mmv1/products/dlp/api.yaml b/mmv1/products/dlp/api.yaml deleted file mode 100644 index 0806da5286c8..000000000000 --- a/mmv1/products/dlp/api.yaml +++ /dev/null @@ -1,2498 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DataLossPrevention -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://dlp.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: 'JobTrigger' - create_url: "{{parent}}/jobTriggers" - self_link: "{{parent}}/jobTriggers/{{name}}" - base_url: "{{parent}}/jobTriggers" - update_verb: :PATCH - update_mask: true - description: | - A job trigger configuration. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dlp/docs/creating-job-triggers' - api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.jobTriggers' - parameters: - - !ruby/object:Api::Type::String - name: 'parent' - description: | - The parent of the trigger, either in the format `projects/{{project}}` - or `projects/{{project}}/locations/{{location}}` - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the job trigger. Set by the server. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the job trigger. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - User set display name of the job trigger. - - !ruby/object:Api::Type::Time - name: 'lastRunTime' - description: The timestamp of the last time this trigger executed. - output: true - - !ruby/object:Api::Type::Enum - name: 'status' - description: | - Whether the trigger is currently active. - values: - - :PAUSED - - :HEALTHY - - :CANCELLED - default_value: :HEALTHY - - !ruby/object:Api::Type::Array - name: 'triggers' - required: true - description: | - What event needs to occur for a new job to be started. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'schedule' - description: | - Schedule for triggered jobs - properties: - - !ruby/object:Api::Type::String - name: 'recurrencePeriodDuration' - description: | - With this option a job is started a regular periodic basis. For example: every day (86400 seconds). - - A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. - - This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days. - - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::NestedObject - name: 'inspectJob' - description: Controls what and how to inspect for findings. - properties: - - !ruby/object:Api::Type::String - name: 'inspectTemplateName' - description: The name of the template to run when this job is triggered. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'storageConfig' - description: Information on where to inspect - required: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'timespanConfig' - description: Information on where to inspect - properties: - - !ruby/object:Api::Type::String - name: 'startTime' - at_least_one_of: - - inspect_job.0.storage_config.0.timespan_config.0.start_time - - inspect_job.0.storage_config.0.timespan_config.0.end_time - description: Exclude files or rows older than this value. - - !ruby/object:Api::Type::String - name: 'endTime' - at_least_one_of: - - inspect_job.0.storage_config.0.timespan_config.0.start_time - - inspect_job.0.storage_config.0.timespan_config.0.end_time - description: Exclude files or rows newer than this value. If set to zero, no upper time limit is applied. - - !ruby/object:Api::Type::Boolean - name: 'enableAutoPopulationOfTimespanConfig' - description: | - When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid - scanning files that have not been modified since the last time the JobTrigger executed. This will - be based on the time of the execution of the last run of the JobTrigger. - - !ruby/object:Api::Type::NestedObject - name: 'timestampField' - description: Information on where to inspect - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. - - For BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was - modified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp - field are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column. - - For Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the - timestamp property does not exist or its value is empty or invalid. - - !ruby/object:Api::Type::NestedObject - name: 'datastoreOptions' - description: Options defining a data set within Google Cloud Datastore. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'partitionId' - required: true - description: | - Datastore partition ID. A partition ID identifies a grouping of entities. The grouping - is always by project and namespace, however the namespace ID may be empty. - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - required: true - description: The ID of the project to which the entities belong. - - !ruby/object:Api::Type::String - name: 'namespaceId' - description: If not empty, the ID of the namespace to which the entities belong. - - !ruby/object:Api::Type::NestedObject - name: 'kind' - required: true - description: | - A representation of a Datastore kind. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: The name of the Datastore kind. - - !ruby/object:Api::Type::NestedObject - name: 'cloudStorageOptions' - description: Options defining a file or a set of files within a Google Cloud Storage bucket. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fileSet' - required: true - description: | - Set of files to scan. - properties: - - !ruby/object:Api::Type::String - name: 'url' - exactly_one_of: - - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.url - - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.regex_file_set - description: | - The Cloud Storage url of the file(s) to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. - - If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned - non-recursively (content in sub-directories will not be scanned). This means that `gs://mybucket/` is - equivalent to `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to `gs://mybucket/directory/*`. - - !ruby/object:Api::Type::NestedObject - name: 'regexFileSet' - exactly_one_of: - - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.url - - inspect_job.0.storage_config.0.cloud_storage_options.0.file_set.0.regex_file_set - description: | - The regex-filtered set of files to scan. - properties: - - !ruby/object:Api::Type::String - name: 'bucketName' - required: true - description: The name of a Cloud Storage bucket. - - !ruby/object:Api::Type::Array - name: 'includeRegex' - item_type: Api::Type::String - description: | - A list of regular expressions matching file paths to include. All files in the bucket - that match at least one of these regular expressions will be included in the set of files, - except for those that also match an item in excludeRegex. Leaving this field empty will - match all files by default (this is equivalent to including .* in the list) - - !ruby/object:Api::Type::Array - name: 'excludeRegex' - item_type: Api::Type::String - description: | - A list of regular expressions matching file paths to exclude. All files in the bucket that match at - least one of these regular expressions will be excluded from the scan. - - !ruby/object:Api::Type::Integer - name: 'bytesLimitPerFile' - description: | - Max number of bytes to scan from a file. If a scanned file's size is bigger than this value - then the rest of the bytes are omitted. - - !ruby/object:Api::Type::Integer - name: 'bytesLimitPerFilePercent' - description: | - Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. - - !ruby/object:Api::Type::Integer - name: 'filesLimitPercent' - description: | - Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. - - !ruby/object:Api::Type::Array - name: 'fileTypes' - description: | - List of file type groups to include in the scan. If empty, all files are scanned and available data - format processors are applied. In addition, the binary content of the selected files is always scanned as well. - Images are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. - item_type: !ruby/object:Api::Type::Enum - name: 'undefined' - description: | - This field only has a name and description because of MM - limitations. It should not appear in downstreams. - values: - - :BINARY_FILE - - :TEXT_FILE - - :IMAGE - - :WORD - - :PDF - - :AVRO - - :CSV - - :TSV - - !ruby/object:Api::Type::Enum - name: 'sampleMethod' - description: | - How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile. - If not specified, scanning would start from the top. - values: - - :TOP - - :RANDOM_START - - !ruby/object:Api::Type::NestedObject - name: 'bigQueryOptions' - description: Options defining BigQuery table and row identifiers. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'tableReference' - required: true - description: | - Set of files to scan. - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - required: true - description: | - The Google Cloud Platform project ID of the project containing the table. - - !ruby/object:Api::Type::String - name: 'datasetId' - required: true - description: | - The dataset ID of the table. - - !ruby/object:Api::Type::String - name: 'tableId' - required: true - description: | - The name of the table. - - !ruby/object:Api::Type::Integer - name: 'rowsLimit' - description: | - Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. - If not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be - specified. Cannot be used in conjunction with TimespanConfig. - - !ruby/object:Api::Type::Integer - name: 'rowsLimitPercent' - description: | - Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of - rowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig. - - !ruby/object:Api::Type::Enum - name: 'sampleMethod' - description: | - How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either - rowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. - values: - - :TOP - - :RANDOM_START - default_value: :TOP - - !ruby/object:Api::Type::Array - name: 'identifyingFields' - description: | - Specifies the BigQuery fields that will be returned with findings. - If not specified, no identifying fields will be returned for findings. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of a BigQuery field to be returned with the findings. - - !ruby/object:Api::Type::Array - name: 'actions' - required: true - description: | - A task to execute on the completion of a job. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'saveFindings' - exactly_one_of: - - save_findings - - pub_sub - - publish_findings_to_cloud_data_catalog - - publish_summary_to_cscc - description: | - If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk - properties: - - !ruby/object:Api::Type::NestedObject - name: 'outputConfig' - required: true - description: | - Information on where to store output - properties: - - !ruby/object:Api::Type::NestedObject - name: 'table' - required: true - description: | - Information on the location of the target BigQuery Table. - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - required: true - description: | - The Google Cloud Platform project ID of the project containing the table. - - !ruby/object:Api::Type::String - name: 'datasetId' - required: true - description: | - Dataset ID of the table. - - !ruby/object:Api::Type::String - name: 'tableId' - description: | - Name of the table. If is not set a new one will be generated for you with the following format: - `dlp_googleapis_yyyy_mm_dd_[dlp_job_id]`. Pacific timezone will be used for generating the date details. - - !ruby/object:Api::Type::Enum - name: 'outputSchema' - description: | - Schema used for writing the findings for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding - object. If appending to an existing table, any columns from the predefined schema - that are missing will be added. No columns in the existing table will be deleted. - - If unspecified, then all available columns will be used for a new table or an (existing) - table with no schema, and no changes will be made to an existing table that has a schema. - Only for use with external storage. - values: - - :BASIC_COLUMNS - - :GCS_COLUMNS - - :DATASTORE_COLUMNS - - :BIG_QUERY_COLUMNS - - :ALL_COLUMNS - - !ruby/object:Api::Type::NestedObject - name: 'pubSub' - exactly_one_of: - - save_findings - - pub_sub - - publish_findings_to_cloud_data_catalog - - publish_summary_to_cscc - description: | - Publish a message into a given Pub/Sub topic when the job completes. - properties: - - !ruby/object:Api::Type::String - name: 'topic' - required: true - description: | - Cloud Pub/Sub topic to send notifications to. - - !ruby/object:Api::Type::NestedObject - name: 'publishSummaryToCscc' - exactly_one_of: - - save_findings - - pub_sub - - publish_findings_to_cloud_data_catalog - - publish_summary_to_cscc - allow_empty_object: true - send_empty_value: true - properties: [ ] - description: | - Publish the result summary of a DlpJob to the Cloud Security Command Center. - - !ruby/object:Api::Type::NestedObject - name: 'publishFindingsToCloudDataCatalog' - exactly_one_of: - - save_findings - - pub_sub - - publish_findings_to_cloud_data_catalog - - publish_summary_to_cscc - allow_empty_object: true - send_empty_value: true - properties: [ ] - description: | - Publish findings of a DlpJob to Data Catalog. - - !ruby/object:Api::Resource - name: 'InspectTemplate' - create_url: "{{parent}}/inspectTemplates" - self_link: "{{parent}}/inspectTemplates/{{name}}" - base_url: "{{parent}}/inspectTemplates" - update_verb: :PATCH - update_mask: true - description: | - An inspect job template. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dlp/docs/creating-templates-inspect' - api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.inspectTemplates' - parameters: - - !ruby/object:Api::Type::String - name: 'parent' - description: | - The parent of the inspect template in any of the following formats: - - * `projects/{{project}}` - * `projects/{{project}}/locations/{{location}}` - * `organizations/{{organization_id}}` - * `organizations/{{organization_id}}/locations/{{location}}` - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the inspect template. Set by the server. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the inspect template. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - User set display name of the inspect template. - - !ruby/object:Api::Type::NestedObject - name: 'inspectConfig' - description: The core content of the template. - properties: - - !ruby/object:Api::Type::Boolean - name: 'excludeInfoTypes' - description: When true, excludes type information of the findings. - - !ruby/object:Api::Type::Boolean - name: 'includeQuote' - description: When true, a contextual quote from the data that triggered a finding is included in the response. - - !ruby/object:Api::Type::Enum - name: 'minLikelihood' - description: | - Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info - values: - - :VERY_UNLIKELY - - :UNLIKELY - - :POSSIBLE - - :LIKELY - - :VERY_LIKELY - default_value: :POSSIBLE - - !ruby/object:Api::Type::NestedObject - name: 'limits' - description: Configuration to control the number of findings returned. - properties: - - !ruby/object:Api::Type::Integer - name: 'maxFindingsPerItem' - description: Max number of findings that will be returned for each item scanned. The maximum returned is 2000. - required: true - - !ruby/object:Api::Type::Integer - name: 'maxFindingsPerRequest' - description: Max number of findings that will be returned per request/job. The maximum returned is 2000. - required: true - - !ruby/object:Api::Type::Array - name: 'maxFindingsPerInfoType' - description: | - Configuration of findings limit given for specified infoTypes. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'infoType' - required: true - description: | - Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does - not have an infoType, the DLP API applies the limit against all infoTypes that are found but not - specified in another InfoTypeLimit. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed - at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. - - !ruby/object:Api::Type::Integer - name: 'maxFindings' - description: Max findings limit for the given infoType. - required: true - - !ruby/object:Api::Type::Array - name: 'infoTypes' - description: | - Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - - When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. - By default this may be all types, but may change over time as detectors are updated. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed - at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. - - !ruby/object:Api::Type::String - name: 'version' - description: | - Version of the information type to use. By default, the version is set to stable - - !ruby/object:Api::Type::Array - name: 'contentOptions' - description: | - List of options defining data content to scan. If empty, text, images, and other content will be included. - item_type: !ruby/object:Api::Type::Enum - name: 'undefined' - description: | - This field only has a name and description because of MM - limitations. It should not appear in downstreams. - values: - - :CONTENT_TEXT - - :CONTENT_IMAGE - - !ruby/object:Api::Type::Array - name: 'ruleSet' - description: | - Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for each info type. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'infoTypes' - required: true - description: | - List of infoTypes this rule set is applied to. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed - at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. - - !ruby/object:Api::Type::Array - name: 'rules' - required: true - description: | - Set of rules to be applied to infoTypes. The rules are applied in order. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'hotwordRule' - description: Hotword-based detection rule. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'hotwordRegex' - required: true - description: Regular expression pattern defining what qualifies as a hotword. - properties: - - !ruby/object:Api::Type::String - name: 'pattern' - required: true - description: | - Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. - - !ruby/object:Api::Type::Array - name: 'groupIndexes' - description: | - The index of the submatch to extract as findings. When not specified, - the entire match is returned. No more than 3 may be included. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::NestedObject - name: 'proximity' - required: true - description: | - Proximity of the finding within which the entire hotword must reside. The total length of the window cannot - exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be - used to match substrings of the finding itself. For example, the certainty of a phone number regex - `(\d{3}) \d{3}-\d{4}` could be adjusted upwards if the area code is known to be the local area code of a company - office using the hotword regex `(xxx)`, where `xxx` is the area code in question. - properties: - - !ruby/object:Api::Type::Integer - name: 'windowBefore' - description: | - Number of characters before the finding to consider. Either this or window_after must be specified - - !ruby/object:Api::Type::Integer - name: 'windowAfter' - description: | - Number of characters after the finding to consider. Either this or window_before must be specified - - !ruby/object:Api::Type::NestedObject - name: 'likelihoodAdjustment' - required: true - description: | - Likelihood adjustment to apply to all matching findings. - properties: - - !ruby/object:Api::Type::Enum - name: 'fixedLikelihood' - description: | - Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. - values: - - :VERY_UNLIKELY - - :UNLIKELY - - :POSSIBLE - - :LIKELY - - :VERY_LIKELY - - !ruby/object:Api::Type::Integer - name: 'relativeLikelihood' - description: | - Increase or decrease the likelihood by the specified number of levels. For example, - if a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1, - then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. - Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an - adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY - will result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set. - - !ruby/object:Api::Type::NestedObject - name: 'exclusionRule' - description: The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results. - properties: - - !ruby/object:Api::Type::Enum - name: 'matchingType' - required: true - description: | - How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType - values: - - :MATCHING_TYPE_FULL_MATCH - - :MATCHING_TYPE_PARTIAL_MATCH - - :MATCHING_TYPE_INVERSE_MATCH - - !ruby/object:Api::Type::NestedObject - name: 'dictionary' - description: Dictionary which defines the rule. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'wordList' - description: List of words or phrases to search for. - properties: - - !ruby/object:Api::Type::Array - name: 'words' - required: true - description: | - Words or phrases defining the dictionary. The dictionary must contain at least one - phrase and every phrase must contain at least 2 characters that are letters or digits. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'cloudStoragePath' - description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. - properties: - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` - - !ruby/object:Api::Type::NestedObject - name: 'regex' - description: Regular expression which defines the rule. - properties: - - !ruby/object:Api::Type::String - name: 'pattern' - required: true - description: | - Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. - - !ruby/object:Api::Type::Array - name: 'groupIndexes' - description: | - The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::NestedObject - name: 'excludeInfoTypes' - description: Set of infoTypes for which findings would affect this rule. - properties: - - !ruby/object:Api::Type::Array - name: 'infoTypes' - required: true - description: | - If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed - at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. - - !ruby/object:Api::Type::Array - name: 'customInfoTypes' - description: | - Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'infoType' - required: true - description: | - CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing - infoTypes and that infoType is specified in `info_types` field. Specifying the latter adds findings to the - one detected by the system. If built-in info type is not specified in `info_types` list then the name is - treated as a custom info type. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. - - !ruby/object:Api::Type::Enum - name: 'likelihood' - description: | - Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria - specified by the rule. - values: - - :VERY_UNLIKELY - - :UNLIKELY - - :POSSIBLE - - :LIKELY - - :VERY_LIKELY - default_value: :VERY_LIKELY - - !ruby/object:Api::Type::Enum - name: 'exclusionType' - description: | - If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. - values: - - :EXCLUSION_TYPE_EXCLUDE - - !ruby/object:Api::Type::NestedObject - name: 'regex' - description: Regular expression which defines the rule. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'pattern' - required: true - description: | - Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. - - !ruby/object:Api::Type::Array - name: 'groupIndexes' - description: | - The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::NestedObject - name: 'dictionary' - description: Dictionary which defines the rule. - input: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'wordList' - description: List of words or phrases to search for. - properties: - - !ruby/object:Api::Type::Array - name: 'words' - required: true - description: | - Words or phrases defining the dictionary. The dictionary must contain at least one - phrase and every phrase must contain at least 2 characters that are letters or digits. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'cloudStoragePath' - description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. - properties: - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` - - !ruby/object:Api::Type::NestedObject - name: 'storedType' - description: A reference to a StoredInfoType to use with scanning. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Resource name of the requested StoredInfoType, for example `organizations/433245324/storedInfoTypes/432452342` - or `projects/project-id/storedInfoTypes/432452342`. - - - !ruby/object:Api::Resource - name: 'StoredInfoType' - create_url: "{{parent}}/storedInfoTypes" - self_link: "{{parent}}/storedInfoTypes/{{name}}" - base_url: "{{parent}}/storedInfoTypes" - update_verb: :PATCH - update_mask: true - description: | - Allows creation of custom info types. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dlp/docs/creating-stored-infotypes' - api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.storedInfoTypes' - parameters: - - !ruby/object:Api::Type::String - name: 'parent' - description: | - The parent of the info type in any of the following formats: - - * `projects/{{project}}` - * `projects/{{project}}/locations/{{location}}` - * `organizations/{{organization_id}}` - * `organizations/{{organization_id}}/locations/{{location}}` - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the info type. Set by the server. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the info type. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - User set display name of the info type. - - !ruby/object:Api::Type::NestedObject - name: 'regex' - description: Regular expression which defines the rule. - input: true - exactly_one_of: - - dictionary - - regex - - large_custom_dictionary - properties: - - !ruby/object:Api::Type::String - name: 'pattern' - required: true - description: | - Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. - - !ruby/object:Api::Type::Array - name: 'groupIndexes' - input: true - description: | - The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::NestedObject - name: 'dictionary' - description: Dictionary which defines the rule. - input: true - exactly_one_of: - - dictionary - - regex - - large_custom_dictionary - properties: - - !ruby/object:Api::Type::NestedObject - name: 'wordList' - description: List of words or phrases to search for. - exactly_one_of: - - dictionary.0.word_list - - dictionary.0.cloud_storage_path - properties: - - !ruby/object:Api::Type::Array - name: 'words' - required: true - description: | - Words or phrases defining the dictionary. The dictionary must contain at least one - phrase and every phrase must contain at least 2 characters that are letters or digits. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'cloudStoragePath' - description: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. - exactly_one_of: - - dictionary.0.word_list - - dictionary.0.cloud_storage_path - properties: - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` - - !ruby/object:Api::Type::NestedObject - name: 'largeCustomDictionary' - description: Dictionary which defines the rule. - input: true - exactly_one_of: - - dictionary - - regex - - large_custom_dictionary - properties: - - !ruby/object:Api::Type::NestedObject - name: 'outputPath' - required: true - description: | - Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. - If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used. - properties: - - !ruby/object:Api::Type::String - name: 'path' - required: true - description: | - A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` - - !ruby/object:Api::Type::NestedObject - name: 'cloudStorageFileSet' - description: Set of files containing newline-delimited lists of dictionary phrases. - exactly_one_of: - - large_custom_dictionary.0.cloud_storage_file_set - - large_custom_dictionary.0.big_query_field - properties: - - !ruby/object:Api::Type::String - name: 'url' - required: true - description: | - The url, in the format `gs:///`. Trailing wildcard in the path is allowed. - - !ruby/object:Api::Type::NestedObject - name: 'bigQueryField' - description: Field in a BigQuery table where each cell represents a dictionary phrase. - exactly_one_of: - - large_custom_dictionary.0.cloud_storage_file_set - - large_custom_dictionary.0.big_query_field - properties: - - !ruby/object:Api::Type::NestedObject - name: 'table' - description: Field in a BigQuery table where each cell represents a dictionary phrase. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'projectId' - required: true - description: | - The Google Cloud Platform project ID of the project containing the table. - - !ruby/object:Api::Type::String - name: 'datasetId' - required: true - description: | - The dataset ID of the table. - - !ruby/object:Api::Type::String - name: 'tableId' - required: true - description: | - The name of the table. - - !ruby/object:Api::Type::NestedObject - name: 'field' - description: Designated field in the BigQuery table. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name describing the field. - - !ruby/object:Api::Resource - name: 'DeidentifyTemplate' - create_url: "{{parent}}/deidentifyTemplates" - self_link: "{{parent}}/deidentifyTemplates/{{name}}" - base_url: "{{parent}}/deidentifyTemplates" - update_verb: :PATCH - update_mask: true - description: | - Allows creation of templates to de-identify content. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/dlp/docs/concepts-templates' - api: 'https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates' - parameters: - - !ruby/object:Api::Type::String - name: 'parent' - description: | - The parent of the template in any of the following formats: - - * `projects/{{project}}` - * `projects/{{project}}/locations/{{location}}` - * `organizations/{{organization_id}}` - * `organizations/{{organization_id}}/locations/{{location}}` - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the template. Set by the server. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the template. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - User set display name of the template. - - !ruby/object:Api::Type::NestedObject - name: 'deidentifyConfig' - required: true - description: Configuration of the deidentify template - properties: - - !ruby/object:Api::Type::NestedObject - name: 'infoTypeTransformations' - description: Treat the dataset as free-form text and apply the same free text transformation everywhere - exactly_one_of: - - deidentify_config.0.info_type_transformations - - deidentify_config.0.record_transformations - properties: - - !ruby/object:Api::Type::Array - name: 'transformations' - required: true - description: | - Transformation for each infoType. Cannot specify more than one for a given infoType. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'infoTypes' - description: | - InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to - all findings that correspond to infoTypes that were requested in InspectConfig. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the information type. - - !ruby/object:Api::Type::NestedObject - name: 'primitiveTransformation' - required: true - description: | - Primitive transformation to apply to the infoType. - The `primitive_transformation` block must only contain one argument, corresponding to the type of transformation. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'replaceConfig' - description: | - Replace each input value with a given value. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'newValue' - required: true - description: | - Replace each input value with a given value. - The `new_value` block must only contain one argument. For example when replacing the contents of a string-type field, only `string_value` should be set. - properties: - - !ruby/object:Api::Type::Integer - name: 'integerValue' - description: | - An integer value. - - !ruby/object:Api::Type::Double - name: 'floatValue' - description: | - A float value. - - !ruby/object:Api::Type::String - name: 'stringValue' - description: | - A string value. - - !ruby/object:Api::Type::Boolean - name: 'booleanValue' - description: | - A boolean value. - - !ruby/object:Api::Type::String - name: 'timestampValue' - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: 'timeValue' - description: | - Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: 'hours' - description: | - Hours of day in 24 hour format. Should be from 0 to 23. - - !ruby/object:Api::Type::Integer - name: 'minutes' - description: | - Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: 'seconds' - description: | - Seconds of minutes of the time. Must normally be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: 'dateValue' - description: | - Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: 'year' - description: | - Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. - - !ruby/object:Api::Type::Integer - name: 'month' - description: | - Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. - - !ruby/object:Api::Type::Integer - name: 'day' - description: | - Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a - year by itself or a year and month where the day is not significant. - - !ruby/object:Api::Type::Enum - name: 'dayOfWeekValue' - description: | - Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::Boolean - name: 'replaceWithInfoTypeConfig' - description: | - Replace each matching finding with the name of the info type. - - !ruby/object:Api::Type::NestedObject - name: 'characterMaskConfig' - description: | - Partially mask a string by replacing a given number of characters with a fixed character. - Masking can start from the beginning or end of the string. - properties: - - !ruby/object:Api::Type::String - name: 'maskingCharacter' - description: | - Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string - such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for - strings, and 0 for digits. - - !ruby/object:Api::Type::Integer - name: 'numberToMask' - description: | - Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. - - !ruby/object:Api::Type::Boolean - name: 'reverseOrder' - description: | - Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is `false`, then the - input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. - - !ruby/object:Api::Type::Array - name: 'charactersToIgnore' - description: | - Characters to skip when doing de-identification of a value. These will be left alone and skipped. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'charactersToSkip' - description: | - Characters to not transform when masking. - - !ruby/object:Api::Type::Enum - name: 'commonCharactersToIgnore' - description: | - Common characters to not transform when masking. Useful to avoid removing punctuation. - values: - - :NUMERIC - - :ALPHA_UPPER_CASE - - :ALPHA_LOWER_CASE - - :PUNCTUATION - - :WHITESPACE - - !ruby/object:Api::Type::NestedObject - name: 'cryptoDeterministicConfig' - description: | - Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297). - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKey' - description: | - The key used by the encryption function. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'transient' - description: | - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - - !ruby/object:Api::Type::NestedObject - name: 'unwrapped' - description: | - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. - properties: - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - A 128/192/256 bit key. - - A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'kmsWrapped' - description: | - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). - Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). - properties: - - !ruby/object:Api::Type::String - name: 'wrappedKey' - required: true - description: | - The wrapped data crypto key. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: 'cryptoKeyName' - required: true - description: | - The resource name of the KMS CryptoKey to use for unwrapping. - - !ruby/object:Api::Type::NestedObject - name: 'surrogateInfoType' - description: | - The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} - - For example, if the name of custom info type is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' - - This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. - - Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. - - In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - - * reverse a surrogate that does not correspond to an actual identifier - * be unable to parse the surrogate and result in an error - - Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - - !ruby/object:Api::Type::String - name: 'version' - description: | - Optional version name for this InfoType. - - !ruby/object:Api::Type::NestedObject - name: 'context' - description: | - A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. - - If the context is not set, plaintext would be used as is for encryption. If the context is set but: - - 1. there is no record present when transforming a given value or - 2. the field is not present when transforming a given value, - - plaintext would be used as is for encryption. - - Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name describing the field. - - !ruby/object:Api::Type::NestedObject - name: 'cryptoReplaceFfxFpeConfig' - description: | - Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `content.reidentify` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more. - - Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKey' - description: | - The key used by the encryption algorithm. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'transient' - description: | - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - - !ruby/object:Api::Type::NestedObject - name: 'unwrapped' - description: | - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. - properties: - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - A 128/192/256 bit key. - - A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'kmsWrapped' - description: | - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). - Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). - properties: - - !ruby/object:Api::Type::String - name: 'wrappedKey' - required: true - description: | - The wrapped data crypto key. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: 'cryptoKeyName' - required: true - description: | - The resource name of the KMS CryptoKey to use for unwrapping. - - !ruby/object:Api::Type::NestedObject - name: 'context' - description: | - The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. - - If the context is set but: - - 1. there is no record present when transforming a given value or - 2. the field is not present when transforming a given value, - - a default tweak will be used. - - Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. - - The tweak is constructed as a sequence of bytes in big endian byte order such that: - - * a 64 bit integer is encoded followed by a single byte of value 1 - * a string is encoded in UTF-8 format followed by a single byte of value 2 - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name describing the field. - - !ruby/object:Api::Type::NestedObject - name: 'surrogateInfoType' - description: | - The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\_type\_name(surrogate\_character\_count):surrogate - - For example, if the name of custom infoType is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' - - This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. - - In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - - !ruby/object:Api::Type::String - name: 'version' - description: | - Optional version name for this InfoType. - - !ruby/object:Api::Type::Enum - name: 'commonAlphabet' - description: | - Common alphabets. - values: - - :FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED #Unused. - - :NUMERIC #[0-9] (radix of 10) - - :HEXADECIMAL #[0-9A-F] (radix of 16) - - :UPPER_CASE_ALPHA_NUMERIC #[0-9A-Z] (radix of 36) - - :ALPHA_NUMERIC #[0-9A-Za-z] (radix of 62) - - !ruby/object:Api::Type::String - name: 'customAlphabet' - description: | - This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \[2, 95\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: - - ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"'<,>.?/`` - - !ruby/object:Api::Type::Integer - name: 'radix' - description: | - The native way to select the alphabet. Must be in the range \[2, 95\]. - - !ruby/object:Api::Type::NestedObject - name: 'recordTransformations' - description: Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. - exactly_one_of: - - deidentify_config.0.info_type_transformations - - deidentify_config.0.record_transformations - properties: - - !ruby/object:Api::Type::Array - name: 'fieldTransformations' - description: Transform the record by applying various field transformations. - at_least_one_of: - - deidentify_config.0.record_transformations.0.field_transformations - - deidentify_config.0.record_transformations.0.record_suppressions - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: fields - description : | - Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. - FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type". - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - description: Name describing the field. - - !ruby/object:Api::Type::NestedObject - name: condition - description: | - Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. - Example Use Cases: - - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - - Redact a field if the date of birth field is greater than 85. - properties: - - !ruby/object:Api::Type::NestedObject - name: expressions - description: An expression. - properties: - - !ruby/object:Api::Type::Enum - name: logicalOperator - description: The operator to apply to the result of conditions. Default and currently only supported value is AND - default_value: :AND - values: - - :AND - - !ruby/object:Api::Type::NestedObject - name: conditions - description: Conditions to apply to the expression. - properties: - - !ruby/object:Api::Type::Array - name: conditions - description: A collection of conditions. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: field - description: Field within the record this condition is evaluated against. - required: true - properties: - - !ruby/object:Api::Type::String - name: name - description: Name describing the field. - - !ruby/object:Api::Type::Enum - name: operator - description: Operator used to compare the field or infoType to the value. - required: true - values: - - :EQUAL_TO - - :NOT_EQUAL_TO - - :GREATER_THAN - - :LESS_THAN - - :GREATER_THAN_OR_EQUALS - - :LESS_THAN_OR_EQUALS - - :EXISTS - - !ruby/object:Api::Type::NestedObject - name: value - description: | - Value to compare against. - The `value` block must only contain one argument. For example when a condition is evaluated against a string-type field, only `string_value` should be set. - This argument is mandatory, except for conditions using the `EXISTS` operator. - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: primitiveTransformation - required: true - description: | - Apply the transformation to the entire field. - The `primitive_transformation` block must only contain one argument, corresponding to the type of transformation. - properties: - - !ruby/object:Api::Type::NestedObject - name: replaceConfig - description: Replace with a specified value. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'newValue' - required: true - description: | - Replace each input value with a given value. - The `new_value` block must only contain one argument. For example when replacing the contents of a string-type field, only `string_value` should be set. - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: redactConfig - description: | - Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. - properties: [] # Meant to be an empty object with no properties - see here : https://cloud.google.com/dlp/docs/reference/rest/v2/projects.deidentifyTemplates#redactconfig - # The fields below are necessary to include the "redactConfig" transformation in the payload - # A side-effect is null values when the field is unused, see: https://github.com/hashicorp/terraform-provider-google/issues/13201 - send_empty_value: true - allow_empty_object: true - - !ruby/object:Api::Type::NestedObject - name: characterMaskConfig - description: | - Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3). - properties: - - !ruby/object:Api::Type::String - name: 'maskingCharacter' - description: | - Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string - such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for - strings, and 0 for digits. - - !ruby/object:Api::Type::Integer - name: 'numberToMask' - description: | - Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. - If number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values: - - `masking_character` is * - - `number_to_mask` is -4 - - `reverse_order` is false - - `characters_to_ignore` includes - - - Input string is 1234-5678-9012-3456 - - The resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****. - - !ruby/object:Api::Type::Boolean - name: 'reverseOrder' - description: | - Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is `false`, then the - input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. - - !ruby/object:Api::Type::Array - name: 'charactersToIgnore' - description: | - Characters to skip when doing de-identification of a value. These will be left alone and skipped. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'charactersToSkip' - description: | - Characters to not transform when masking. - - !ruby/object:Api::Type::Enum - name: 'commonCharactersToIgnore' - description: | - Common characters to not transform when masking. Useful to avoid removing punctuation. - values: - - :NUMERIC - - :ALPHA_UPPER_CASE - - :ALPHA_LOWER_CASE - - :PUNCTUATION - - :WHITESPACE - - !ruby/object:Api::Type::NestedObject - name: 'cryptoReplaceFfxFpeConfig' - description: | - Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the `content.reidentify` API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more. - - Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKey' - description: | - The key used by the encryption algorithm. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'transient' - description: | - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - - !ruby/object:Api::Type::NestedObject - name: 'unwrapped' - description: | - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. - properties: - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - A 128/192/256 bit key. - - A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'kmsWrapped' - description: | - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). - Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). - properties: - - !ruby/object:Api::Type::String - name: 'wrappedKey' - required: true - description: | - The wrapped data crypto key. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: 'cryptoKeyName' - required: true - description: | - The resource name of the KMS CryptoKey to use for unwrapping. - - !ruby/object:Api::Type::NestedObject - name: 'context' - description: | - The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. - - If the context is set but: - - 1. there is no record present when transforming a given value or - 2. the field is not present when transforming a given value, - - a default tweak will be used. - - Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. - - The tweak is constructed as a sequence of bytes in big endian byte order such that: - - * a 64 bit integer is encoded followed by a single byte of value 1 - * a string is encoded in UTF-8 format followed by a single byte of value 2 - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name describing the field. - - !ruby/object:Api::Type::NestedObject - name: 'surrogateInfoType' - description: | - The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\_type\_name(surrogate\_character\_count):surrogate - - For example, if the name of custom infoType is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' - - This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. - - In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - - !ruby/object:Api::Type::String - name: 'version' - description: | - Optional version name for this InfoType. - - !ruby/object:Api::Type::Enum - name: 'commonAlphabet' - description: | - Common alphabets. - values: - - :FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED #Unused. - - :NUMERIC #[0-9] (radix of 10) - - :HEXADECIMAL #[0-9A-F] (radix of 16) - - :UPPER_CASE_ALPHA_NUMERIC #[0-9A-Z] (radix of 36) - - :ALPHA_NUMERIC #[0-9A-Za-z] (radix of 62) - - !ruby/object:Api::Type::String - name: 'customAlphabet' - description: | - This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \[2, 95\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: - - ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"'<,>.?/`` - - !ruby/object:Api::Type::Integer - name: 'radix' - description: | - The native way to select the alphabet. Must be in the range \[2, 95\]. - - !ruby/object:Api::Type::NestedObject - name: fixedSizeBucketingConfig - description: | - Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. - - The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". - - This can be used on data of type: double, long. - - If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. - - See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. - properties: - - !ruby/object:Api::Type::NestedObject - name: lowerBound - description: | - Lower bound value of buckets. - All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value "-10". - The `lower_bound` block must only contain one argument. See the `fixed_size_bucketing_config` block description for more information about choosing a data type. - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - required: true - - !ruby/object:Api::Type::NestedObject - name: upperBound - description: | - Upper bound value of buckets. - All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value "89+". - The `upper_bound` block must only contain one argument. See the `fixed_size_bucketing_config` block description for more information about choosing a data type. - required: true - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::Double - name: bucketSize - description: | - Size of each bucket (except for minimum and maximum buckets). - So if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. - Precision up to 2 decimals works. - required: true - - !ruby/object:Api::Type::NestedObject - name: bucketingConfig - description: | - Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH - This can be used on data of type: number, long, string, timestamp. - If the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. - See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. - properties: - - !ruby/object:Api::Type::Array - name: buckets - description: | - Set of buckets. Ranges must be non-overlapping. - Bucket is represented as a range, along with replacement values. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: min - description: | - Lower bound of the range, inclusive. Type should be the same as max if used. - The `min` block must only contain one argument. See the `bucketing_config` block description for more information about choosing a data type. - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: max - description: | - Upper bound of the range, exclusive; type must match min. - The `max` block must only contain one argument. See the `bucketing_config` block description for more information about choosing a data type. - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: replacementValue - required: true - description: | - Replacement value for this bucket. - The `replacement_value` block must only contain one argument. - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: timePartConfig - description: For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value. - properties: - - !ruby/object:Api::Type::Enum - name: partToExtract - description: The part of the time to keep. - values: - - :YEAR # [0-9999] - - :MONTH # [1-12] - - :DAY_OF_MONTH # [1-31] - - :DAY_OF_WEEK # [1-7] - - :WEEK_OF_YEAR # [1-53] - - :HOUR_OF_DAY # [0-23] - - !ruby/object:Api::Type::NestedObject - name: cryptoHashConfig - description: | - Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. - Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). - Currently, only string and integer values can be hashed. - See https://cloud.google.com/dlp/docs/pseudonymization to learn more. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKey' - description: | - The key used by the encryption function. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'transient' - description: | - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - - !ruby/object:Api::Type::NestedObject - name: 'unwrapped' - description: | - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. - properties: - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - A 128/192/256 bit key. - - A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'kmsWrapped' - description: | - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). - Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). - properties: - - !ruby/object:Api::Type::String - name: 'wrappedKey' - required: true - description: | - The wrapped data crypto key. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: 'cryptoKeyName' - required: true - description: | - The resource name of the KMS CryptoKey to use for unwrapping. - - !ruby/object:Api::Type::NestedObject - name: dateShiftConfig - description: | - Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more. - properties: - - !ruby/object:Api::Type::Integer - name: upperBoundDays - required: true - description: | - Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. - - For example, 3 means shift date to at most 3 days into the future. - - !ruby/object:Api::Type::Integer - name: lowerBoundDays - required: true - description: | - For example, -5 means shift date to at most 5 days back in the past. - - !ruby/object:Api::Type::NestedObject - name: 'context' - description: | - Points to the field that contains the context, for example, an entity id. - If set, must also set cryptoKey. If set, shift will be consistent for the given context. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name describing the field. - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKey' - description: | - Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'transient' - description: | - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - - !ruby/object:Api::Type::NestedObject - name: 'unwrapped' - description: | - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. - properties: - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - A 128/192/256 bit key. - - A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'kmsWrapped' - description: | - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). - Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). - properties: - - !ruby/object:Api::Type::String - name: 'wrappedKey' - required: true - description: | - The wrapped data crypto key. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: 'cryptoKeyName' - required: true - description: | - The resource name of the KMS CryptoKey to use for unwrapping. - - !ruby/object:Api::Type::NestedObject - name: cryptoDeterministicConfig - description: | - Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297). - properties: - - !ruby/object:Api::Type::NestedObject - name: 'cryptoKey' - description: | - The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'transient' - description: | - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - - !ruby/object:Api::Type::NestedObject - name: 'unwrapped' - description: | - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. - properties: - - !ruby/object:Api::Type::String - name: 'key' - required: true - description: | - A 128/192/256 bit key. - - A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'kmsWrapped' - description: | - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). - Note: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing). - properties: - - !ruby/object:Api::Type::String - name: 'wrappedKey' - required: true - description: | - The wrapped data crypto key. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: 'cryptoKeyName' - required: true - description: | - The resource name of the KMS CryptoKey to use for unwrapping. - - !ruby/object:Api::Type::NestedObject - name: 'surrogateInfoType' - description: | - The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} - - For example, if the name of custom info type is 'MY\_TOKEN\_INFO\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\_TOKEN\_INFO\_TYPE(3):abc' - - This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. - - Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. - - In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - - * reverse a surrogate that does not correspond to an actual identifier - * be unable to parse the surrogate and result in an error - - Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\_TOKEN\_TYPE. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - - !ruby/object:Api::Type::String - name: 'version' - description: | - Optional version name for this InfoType. - - !ruby/object:Api::Type::NestedObject - name: 'context' - description: | - A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. - - If the context is not set, plaintext would be used as is for encryption. If the context is set but: - - 1. there is no record present when transforming a given value or - 2. the field is not present when transforming a given value, - - plaintext would be used as is for encryption. - - Note that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name describing the field. - - !ruby/object:Api::Type::NestedObject - name: replaceDictionaryConfig - description: Replace with a value randomly drawn (with replacement) from a dictionary. - properties: - - !ruby/object:Api::Type::NestedObject - name: wordList - description: | - A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries. - properties: - - !ruby/object:Api::Type::Array - name: words - required: true - description: | - Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'recordSuppressions' - description: Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. - at_least_one_of: - - deidentify_config.0.record_transformations.0.field_transformations - - deidentify_config.0.record_transformations.0.record_suppressions - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: condition - description: A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. - properties: - - !ruby/object:Api::Type::NestedObject - name: expressions - description: An expression, consisting of an operator and conditions. - properties: - - !ruby/object:Api::Type::Enum - name: logicalOperator - description: The operator to apply to the result of conditions. Default and currently only supported value is AND. - default_value: :AND - values: - - :AND - - !ruby/object:Api::Type::NestedObject - name: conditions - description: Conditions to apply to the expression. - properties: - - !ruby/object:Api::Type::Array - name: conditions - description: A collection of conditions. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: field - description: Field within the record this condition is evaluated against. - required: true - properties: - - !ruby/object:Api::Type::String - name: name - description: Name describing the field. - - !ruby/object:Api::Type::Enum - name: operator - description: Operator used to compare the field or infoType to the value. - required: true - values: - - :EQUAL_TO - - :NOT_EQUAL_TO - - :GREATER_THAN - - :LESS_THAN - - :GREATER_THAN_OR_EQUALS - - :LESS_THAN_OR_EQUALS - - :EXISTS - - !ruby/object:Api::Type::NestedObject - name: value - description: Value to compare against. [Mandatory, except for EXISTS tests.] - properties: - - !ruby/object:Api::Type::String - name: integerValue - description: An integer value (int64 format) - - !ruby/object:Api::Type::Double - name: floatValue - description: A float value. - - !ruby/object:Api::Type::String - name: stringValue - description: A string value. - - !ruby/object:Api::Type::Boolean - name: booleanValue - description: A boolean value. - - !ruby/object:Api::Type::String - name: timestampValue - description: | - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: timeValue - description: Represents a time of day. - properties: - - !ruby/object:Api::Type::Integer - name: hours - description: | - Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: minutes - description: Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: seconds - description: Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: nanos - description: Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: dateValue - description: Represents a whole or partial calendar date. - properties: - - !ruby/object:Api::Type::Integer - name: year - description: Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year. - - !ruby/object:Api::Type::Integer - name: month - description: Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day. - - !ruby/object:Api::Type::Integer - name: day - description: Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant. - - !ruby/object:Api::Type::Enum - name: dayOfWeekValue - description: Represents a day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY diff --git a/mmv1/products/dlp/product.yaml b/mmv1/products/dlp/product.yaml new file mode 100644 index 000000000000..7aa3d4ca2e51 --- /dev/null +++ b/mmv1/products/dlp/product.yaml @@ -0,0 +1,21 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DataLossPrevention +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://dlp.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/dns/ManagedZone.yaml b/mmv1/products/dns/ManagedZone.yaml new file mode 100644 index 000000000000..5f0b6befe88f --- /dev/null +++ b/mmv1/products/dns/ManagedZone.yaml @@ -0,0 +1,293 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ManagedZone' +kind: 'dns#managedZone' +base_url: 'projects/{{project}}/managedZones' +update_verb: :PUT +description: | + A zone is a subtree of the DNS namespace under one administrative + responsibility. A ManagedZone is a resource that represents a DNS zone + hosted by the Cloud DNS service. +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: false + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'managed_zone' + set_iam_policy_verb: :POST + import_format: ["projects/{{project}}/managedZones/{{managed_zone}}", "{{project}}/{{managed_zone}}"] +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A mutable string of at most 1024 characters associated with this + resource for the user's convenience. Has no effect on the managed + zone's function. + required: true + - !ruby/object:Api::Type::String + name: 'dnsName' + description: | + The DNS name of this managed zone, for instance "example.com.". + immutable: true + required: true + - !ruby/object:Api::Type::NestedObject + name: 'dnssecConfig' + description: DNSSEC configuration + properties: + - !ruby/object:Api::Type::String + name: 'kind' + at_least_one_of: + - dnssec_config.0.kind + - dnssec_config.0.non_existence + - dnssec_config.0.state + - dnssec_config.0.default_key_specs + description: Identifies what kind of resource this is + default_value: 'dns#managedZoneDnsSecConfig' + - !ruby/object:Api::Type::Enum + name: 'nonExistence' + at_least_one_of: + - dnssec_config.0.kind + - dnssec_config.0.non_existence + - dnssec_config.0.state + - dnssec_config.0.default_key_specs + description: | + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is `off`. + values: + - "nsec" + - "nsec3" + - !ruby/object:Api::Type::Enum + name: 'state' + at_least_one_of: + - dnssec_config.0.kind + - dnssec_config.0.non_existence + - dnssec_config.0.state + - dnssec_config.0.default_key_specs + description: Specifies whether DNSSEC is enabled, and what mode it is in + values: + - "off" + - "on" + - "transfer" + - !ruby/object:Api::Type::Array + name: 'defaultKeySpecs' + at_least_one_of: + - dnssec_config.0.kind + - dnssec_config.0.non_existence + - dnssec_config.0.state + - dnssec_config.0.default_key_specs + description: | + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is `off`. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'algorithm' + description: + String mnemonic specifying the DNSSEC algorithm of this key + values: + - "ecdsap256sha256" + - "ecdsap384sha384" + - "rsasha1" + - "rsasha256" + - "rsasha512" + - !ruby/object:Api::Type::Integer + name: 'keyLength' + description: Length of the keys in bits + - !ruby/object:Api::Type::Enum + name: 'keyType' + description: | + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. + values: + - "keySigning" + - "zoneSigning" + - !ruby/object:Api::Type::String + name: 'kind' + description: 'Identifies what kind of resource this is' + default_value: 'dns#dnsKeySpec' + - !ruby/object:Api::Type::Integer + name: 'id' + description: Unique identifier for the resource; defined by the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + User assigned name for this resource. + Must be unique within the project. + immutable: true + required: true + - !ruby/object:Api::Type::Array + name: 'nameServers' + description: | + Delegate your managed_zone to these virtual name servers; + defined by the server + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::String + name: 'nameServerSet' + description: | + Optionally specifies the NameServerSet for this ManagedZone. A + NameServerSet is a set of DNS name servers that all host the same + ManagedZones. Most users will leave this field unset. + immutable: true + - !ruby/object:Api::Type::Time + name: 'creationTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this ManagedZone. + - !ruby/object:Api::Type::Enum + name: 'visibility' + immutable: true + description: | + The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. + values: + - :private + - :public + default_value: :public + - !ruby/object:Api::Type::NestedObject + name: 'privateVisibilityConfig' + description: | + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + send_empty_value: true + properties: + - !ruby/object:Api::Type::Array + name: 'gkeClusters' + description: 'The list of Google Kubernetes Engine clusters that can see this zone.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'gkeClusterName' + description: | + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + `projects/*/locations/*/clusters/*` + required: true + - !ruby/object:Api::Type::Array + name: 'networks' + description: 'The list of VPC networks that can see this zone.' + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + # TODO(drebes): Make 'networkUrl' a ResourceRef once cross-module references + # are possible. + - !ruby/object:Api::Type::String + name: 'networkUrl' + description: | + The fully qualified URL of the VPC network to bind to. + This should be formatted like + `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` + required: true + - !ruby/object:Api::Type::NestedObject + name: 'forwardingConfig' + description: | + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + - !ruby/object:Api::Type::Array + name: 'targetNameServers' + required: true + description: | + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipv4Address' + required: true + description: 'IPv4 address of a target name server.' + - !ruby/object:Api::Type::Enum + name: 'forwardingPath' + description: | + Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target + values: + - :default + - :private + - !ruby/object:Api::Type::NestedObject + name: 'peeringConfig' + description: | + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'targetNetwork' + required: true + description: 'The network with which to peer.' + properties: + # TODO(drebes): Make 'networkUrl' a ResourceRef once cross-module references + # are possible. + - !ruby/object:Api::Type::String + name: 'networkUrl' + required: true + description: | + The fully qualified URL of the VPC network to forward queries to. + This should be formatted like + `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` + - !ruby/object:Api::Type::Boolean + name: 'reverseLookup' + api_name: reverseLookupConfig + min_version: beta + immutable: true + description: | + Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under `private_visibility_config`. + - !ruby/object:Api::Type::NestedObject + min_version: beta + immutable: true + name: 'serviceDirectoryConfig' + description: + The presence of this field indicates that this zone is backed by Service Directory. The value + of this field contains information related to the namespace associated with the zone. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'namespace' + required: true + description: 'The namespace associated with the zone.' + properties: + - !ruby/object:Api::Type::String + name: 'namespaceUrl' + required: true + description: | + The fully qualified URL of the service directory namespace that should be + associated with the zone. Ignored for `public` visibility zones. + - !ruby/object:Api::Type::NestedObject + name: 'cloudLoggingConfig' + description: 'Cloud logging configuration' + properties: + - !ruby/object:Api::Type::Boolean + name: 'enableLogging' + required: true + description: 'If set, enable query logging for this ManagedZone. False by default, making logging opt-in.' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Zones': + 'https://cloud.google.com/dns/zones/' + api: 'https://cloud.google.com/dns/api/v1/managedZones' diff --git a/mmv1/products/dns/Policy.yaml b/mmv1/products/dns/Policy.yaml new file mode 100644 index 000000000000..63400f48df72 --- /dev/null +++ b/mmv1/products/dns/Policy.yaml @@ -0,0 +1,110 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Policy' +kind: 'dns#policy' +base_url: 'projects/{{project}}/policies' +immutable: true +description: | + A policy is a collection of DNS rules applied to one or more Virtual + Private Cloud resources. +properties: + - !ruby/object:Api::Type::NestedObject + name: 'alternativeNameServerConfig' + description: | + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + update_verb: :PATCH + update_url: 'projects/{{project}}/policies/{{name}}' + properties: + - !ruby/object:Api::Type::Array + name: 'targetNameServers' + required: true + description: | + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipv4Address' + required: true + description: 'IPv4 address to forward to.' + - !ruby/object:Api::Type::Enum + name: 'forwardingPath' + description: | + Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target + values: + - :default + - :private + - !ruby/object:Api::Type::String + name: 'description' + description: | + A mutable string of at most 1024 characters associated with this + resource for the user's convenience. Has no effect on the policy's + function. + update_verb: :PATCH + update_url: 'projects/{{project}}/policies/{{name}}' + required: true + - !ruby/object:Api::Type::Boolean + name: 'enableInboundForwarding' + description: | + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + send_empty_value: true + update_verb: :PATCH + update_url: 'projects/{{project}}/policies/{{name}}' + - !ruby/object:Api::Type::Boolean + name: 'enableLogging' + description: | + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + send_empty_value: true + update_verb: :PATCH + update_url: 'projects/{{project}}/policies/{{name}}' + - !ruby/object:Api::Type::Integer + name: 'id' + description: Unique identifier for the resource; defined by the server. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + User assigned name for this policy. + required: true + - !ruby/object:Api::Type::Array + name: 'networks' + description: 'List of network names specifying networks to which this policy is applied.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + # TODO(drebes): Make 'networkUrl' a ResourceRef once cross-module references + # are possible. + - !ruby/object:Api::Type::String + name: 'networkUrl' + required: true + description: | + The fully qualified URL of the VPC network to bind to. + This should be formatted like + `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` + update_verb: :PATCH + update_url: 'projects/{{project}}/policies/{{name}}' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using DNS server policies': + 'https://cloud.google.com/dns/zones/#using-dns-server-policies' + api: 'https://cloud.google.com/dns/docs/reference/v1beta2/policies' diff --git a/mmv1/products/dns/Project.yaml b/mmv1/products/dns/Project.yaml new file mode 100644 index 000000000000..3c38190a95e6 --- /dev/null +++ b/mmv1/products/dns/Project.yaml @@ -0,0 +1,66 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Project' +kind: 'dns#project' +description: | + A project resource. The project is a top level container for resources + including Cloud DNS ManagedZones. +base_url: 'projects' +readonly: true +immutable: true +properties: + - !ruby/object:Api::Type::Integer + name: 'number' + description: | + Unique numeric identifier for the resource; defined by the server. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'quota' + description: 'Quota allowed in project' + output: true + properties: + - !ruby/object:Api::Type::Integer + name: 'managedZones' + description: Maximum allowed number of managed zones in the project. + output: true + - !ruby/object:Api::Type::Integer + name: 'resourceRecordsPerRrset' + description: | + Maximum allowed number of ResourceRecords per ResourceRecordSet. + output: true + - !ruby/object:Api::Type::Integer + name: 'rrsetAdditionsPerChange' + description: | + Maximum allowed number of ResourceRecordSets to add per + ChangesCreateRequest. + output: true + - !ruby/object:Api::Type::Integer + name: 'rrsetDeletionsPerChange' + description: | + Maximum allowed number of ResourceRecordSets to delete per + ChangesCreateRequest. + output: true + - !ruby/object:Api::Type::Integer + name: 'rrsetsPerManagedZone' + description: | + Maximum allowed number of ResourceRecordSets per zone in the + project. + output: true + - !ruby/object:Api::Type::Integer + name: 'totalRrdataSizePerChange' + description: | + Maximum allowed size for total rrdata in one ChangesCreateRequest + in bytes. + output: true diff --git a/mmv1/products/dns/ResourceRecordSet.yaml b/mmv1/products/dns/ResourceRecordSet.yaml new file mode 100644 index 000000000000..21f5092326b0 --- /dev/null +++ b/mmv1/products/dns/ResourceRecordSet.yaml @@ -0,0 +1,78 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ResourceRecordSet' +kind: 'dns#resourceRecordSet' +description: | + A single DNS record that exists on a domain name (i.e. in a managed zone). + This record defines the information about the domain and where the + domain / subdomains direct to. + + The record will include the domain/subdomain name, a type (i.e. A, AAA, + CAA, MX, CNAME, NS, etc) +base_url: 'projects/{{project}}/managedZones/{{managed_zone}}/changes' +self_link: 'projects/{{project}}/managedZones/{{managed_zone}}/rrsets?name={{name}}&type={{type}}' +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: ['rrsets'] +collection_url_key: 'rrsets' +identity: + - name + - type +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'managed_zone' + description: | + Identifies the managed zone addressed by this request. + required: true + resource: 'ManagedZone' + imports: 'name' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: For example, www.example.com. + required: true + - !ruby/object:Api::Type::Enum + name: 'type' + values: + - :A + - :AAAA + - :CAA + - :CNAME + - :DNSKEY + - :DS + - :IPSECVPNKEY + - :MX + - :NAPTR + - :NS + - :PTR + - :SOA + - :SPF + - :SRV + - :SSHFP + - :TLSA + - :TXT + description: One of valid DNS resource types. + # TODO(nelsonjr): Enforce required in provider manifest + required: true + - !ruby/object:Api::Type::Integer + name: 'ttl' + description: | + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'target' + description: | + As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1) + api_name: rrdatas diff --git a/mmv1/products/dns/ResponsePolicy.yaml b/mmv1/products/dns/ResponsePolicy.yaml new file mode 100644 index 000000000000..c1780f84bf3f --- /dev/null +++ b/mmv1/products/dns/ResponsePolicy.yaml @@ -0,0 +1,67 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ResponsePolicy' +kind: 'dns#responsePolicy' +description: | + A Response Policy is a collection of selectors that apply to queries + made against one or more Virtual Private Cloud networks. +base_url: 'projects/{{project}}/responsePolicies' +self_link: 'projects/{{project}}/responsePolicies/{{response_policy_name}}' +update_verb: :PATCH +min_version: beta +identity: + - responsePolicyName +properties: + - !ruby/object:Api::Type::Integer + name: 'id' + description: Unique identifier for the resource; defined by the server. + output: true + - !ruby/object:Api::Type::String + name: 'responsePolicyName' + description: The user assigned name for this Response Policy, such as `myresponsepolicy`. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of the response policy, such as `My new response policy`. + default_value: 'Managed by Terraform' + required: false + update_verb: :PATCH + - !ruby/object:Api::Type::Array + name: 'networks' + description: 'The list of network names specifying networks to which this policy is applied.' + update_verb: :PATCH + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'networkUrl' + required: true + description: | + The fully qualified URL of the VPC network to bind to. + This should be formatted like + `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` + - !ruby/object:Api::Type::Array + name: 'gkeClusters' + description: 'The list of Google Kubernetes Engine clusters that can see this zone.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'gkeClusterName' + description: | + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + `projects/*/locations/*/clusters/*` + required: true diff --git a/mmv1/products/dns/ResponsePolicyRule.yaml b/mmv1/products/dns/ResponsePolicyRule.yaml new file mode 100644 index 000000000000..d68b9e18dbad --- /dev/null +++ b/mmv1/products/dns/ResponsePolicyRule.yaml @@ -0,0 +1,109 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ResponsePolicyRule' +kind: 'dns#responsePolicyRule' +description: | + A Response Policy Rule is a selector that applies its behavior to queries that match the selector. + Selectors are DNS names, which may be wildcards or exact matches. + Each DNS query subject to a Response Policy matches at most one ResponsePolicyRule, + as identified by the dns_name field with the longest matching suffix. +base_url: 'projects/{{project}}/responsePolicies/{{response_policy}}/rules' +self_link: 'projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}' +update_verb: :PATCH +min_version: beta +identity: + - ruleName +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'response_policy' + required: true + url_param_only: true + resource: 'ResponsePolicy' + imports: 'responsePolicyName' + description: | + Identifies the response policy addressed by this request. +properties: + - !ruby/object:Api::Type::String + name: 'ruleName' + description: An identifier for this rule. Must be unique with the ResponsePolicy. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'dnsName' + description: The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule. + required: true + update_verb: :PATCH + - !ruby/object:Api::Type::NestedObject + name: 'localData' + conflicts: + - behavior + description: | + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + update_verb: :PATCH + properties: + - !ruby/object:Api::Type::Array + name: 'localDatas' + description: All resource record sets for this selector, one per resource record type. The name must match the dns_name. + update_verb: :PATCH + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: For example, www.example.com. + required: true + - !ruby/object:Api::Type::Enum + name: 'type' + values: + - :A + - :AAAA + - :CAA + - :CNAME + - :DNSKEY + - :DS + - :HTTPS + - :IPSECVPNKEY + - :MX + - :NAPTR + - :NS + - :PTR + - :SOA + - :SPF + - :SRV + - :SSHFP + - :SVCB + - :TLSA + - :TXT + description: One of valid DNS resource types. + required: true + - !ruby/object:Api::Type::Integer + name: 'ttl' + description: | + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'rrdatas' + description: | + As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1) + - !ruby/object:Api::Type::String + name: 'behavior' + conflicts: + - local_data + min_version: beta + description: Answer this query with a behavior rather than DNS data. Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy' + update_verb: :PATCH + diff --git a/mmv1/products/dns/api.yaml b/mmv1/products/dns/api.yaml deleted file mode 100644 index 02b9efe91c02..000000000000 --- a/mmv1/products/dns/api.yaml +++ /dev/null @@ -1,674 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DNS -display_name: Cloud DNS -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://dns.googleapis.com/dns/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://dns.googleapis.com/dns/v1beta2/ -scopes: - - https://www.googleapis.com/auth/ndev.clouddns.readwrite -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Google Cloud DNS API - url: https://console.cloud.google.com/apis/library/dns.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'ManagedZone' - kind: 'dns#managedZone' - base_url: 'projects/{{project}}/managedZones' - update_verb: :PUT - description: | - A zone is a subtree of the DNS namespace under one administrative - responsibility. A ManagedZone is a resource that represents a DNS zone - hosted by the Cloud DNS service. - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: false - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'managed_zone' - set_iam_policy_verb: :POST - import_format: ["projects/{{project}}/managedZones/{{managed_zone}}", "{{project}}/{{managed_zone}}"] - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A mutable string of at most 1024 characters associated with this - resource for the user's convenience. Has no effect on the managed - zone's function. - required: true - - !ruby/object:Api::Type::String - name: 'dnsName' - description: | - The DNS name of this managed zone, for instance "example.com.". - input: true - required: true - - !ruby/object:Api::Type::NestedObject - name: 'dnssecConfig' - description: DNSSEC configuration - properties: - - !ruby/object:Api::Type::String - name: 'kind' - at_least_one_of: - - dnssec_config.0.kind - - dnssec_config.0.non_existence - - dnssec_config.0.state - - dnssec_config.0.default_key_specs - description: Identifies what kind of resource this is - default_value: 'dns#managedZoneDnsSecConfig' - - !ruby/object:Api::Type::Enum - name: 'nonExistence' - at_least_one_of: - - dnssec_config.0.kind - - dnssec_config.0.non_existence - - dnssec_config.0.state - - dnssec_config.0.default_key_specs - description: | - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is `off`. - values: - - "nsec" - - "nsec3" - - !ruby/object:Api::Type::Enum - name: 'state' - at_least_one_of: - - dnssec_config.0.kind - - dnssec_config.0.non_existence - - dnssec_config.0.state - - dnssec_config.0.default_key_specs - description: Specifies whether DNSSEC is enabled, and what mode it is in - values: - - "off" - - "on" - - "transfer" - - !ruby/object:Api::Type::Array - name: 'defaultKeySpecs' - at_least_one_of: - - dnssec_config.0.kind - - dnssec_config.0.non_existence - - dnssec_config.0.state - - dnssec_config.0.default_key_specs - description: | - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is `off`. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'algorithm' - description: - String mnemonic specifying the DNSSEC algorithm of this key - values: - - "ecdsap256sha256" - - "ecdsap384sha384" - - "rsasha1" - - "rsasha256" - - "rsasha512" - - !ruby/object:Api::Type::Integer - name: 'keyLength' - description: Length of the keys in bits - - !ruby/object:Api::Type::Enum - name: 'keyType' - description: | - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. - values: - - "keySigning" - - "zoneSigning" - - !ruby/object:Api::Type::String - name: 'kind' - description: 'Identifies what kind of resource this is' - default_value: 'dns#dnsKeySpec' - - !ruby/object:Api::Type::Integer - name: 'id' - description: Unique identifier for the resource; defined by the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - User assigned name for this resource. - Must be unique within the project. - input: true - required: true - - !ruby/object:Api::Type::Array - name: 'nameServers' - description: | - Delegate your managed_zone to these virtual name servers; - defined by the server - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::String - name: 'nameServerSet' - description: | - Optionally specifies the NameServerSet for this ManagedZone. A - NameServerSet is a set of DNS name servers that all host the same - ManagedZones. Most users will leave this field unset. - input: true - - !ruby/object:Api::Type::Time - name: 'creationTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this ManagedZone. - - !ruby/object:Api::Type::Enum - name: 'visibility' - input: true - description: | - The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. - values: - - :private - - :public - default_value: :public - - !ruby/object:Api::Type::NestedObject - name: 'privateVisibilityConfig' - description: | - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - send_empty_value: true - properties: - - !ruby/object:Api::Type::Array - name: 'gkeClusters' - description: 'The list of Google Kubernetes Engine clusters that can see this zone.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'gkeClusterName' - description: | - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - `projects/*/locations/*/clusters/*` - required: true - - !ruby/object:Api::Type::Array - name: 'networks' - description: 'The list of VPC networks that can see this zone.' - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - # TODO(drebes): Make 'networkUrl' a ResourceRef once cross-module references - # are possible. - - !ruby/object:Api::Type::String - name: 'networkUrl' - description: | - The fully qualified URL of the VPC network to bind to. - This should be formatted like - `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` - required: true - - !ruby/object:Api::Type::NestedObject - name: 'forwardingConfig' - description: | - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - - !ruby/object:Api::Type::Array - name: 'targetNameServers' - required: true - description: | - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipv4Address' - required: true - description: 'IPv4 address of a target name server.' - - !ruby/object:Api::Type::Enum - name: 'forwardingPath' - description: | - Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target - values: - - :default - - :private - - !ruby/object:Api::Type::NestedObject - name: 'peeringConfig' - description: | - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'targetNetwork' - required: true - description: 'The network with which to peer.' - properties: - # TODO(drebes): Make 'networkUrl' a ResourceRef once cross-module references - # are possible. - - !ruby/object:Api::Type::String - name: 'networkUrl' - required: true - description: | - The fully qualified URL of the VPC network to forward queries to. - This should be formatted like - `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` - - !ruby/object:Api::Type::Boolean - name: 'reverseLookup' - api_name: reverseLookupConfig - min_version: beta - input: true - description: | - Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under `private_visibility_config`. - - !ruby/object:Api::Type::NestedObject - min_version: beta - input: true - name: 'serviceDirectoryConfig' - description: - The presence of this field indicates that this zone is backed by Service Directory. The value - of this field contains information related to the namespace associated with the zone. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'namespace' - required: true - description: 'The namespace associated with the zone.' - properties: - - !ruby/object:Api::Type::String - name: 'namespaceUrl' - required: true - description: | - The fully qualified URL of the service directory namespace that should be - associated with the zone. Ignored for `public` visibility zones. - - !ruby/object:Api::Type::NestedObject - name: 'cloudLoggingConfig' - description: 'Cloud logging configuration' - properties: - - !ruby/object:Api::Type::Boolean - name: 'enableLogging' - required: true - description: 'If set, enable query logging for this ManagedZone. False by default, making logging opt-in.' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Zones': - 'https://cloud.google.com/dns/zones/' - api: 'https://cloud.google.com/dns/api/v1/managedZones' - - !ruby/object:Api::Resource - name: 'Policy' - kind: 'dns#policy' - base_url: 'projects/{{project}}/policies' - input: true - description: | - A policy is a collection of DNS rules applied to one or more Virtual - Private Cloud resources. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'alternativeNameServerConfig' - description: | - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. - update_verb: :PATCH - update_url: 'projects/{{project}}/policies/{{name}}' - properties: - - !ruby/object:Api::Type::Array - name: 'targetNameServers' - required: true - description: | - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipv4Address' - required: true - description: 'IPv4 address to forward to.' - - !ruby/object:Api::Type::Enum - name: 'forwardingPath' - description: | - Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target - values: - - :default - - :private - - !ruby/object:Api::Type::String - name: 'description' - description: | - A mutable string of at most 1024 characters associated with this - resource for the user's convenience. Has no effect on the policy's - function. - update_verb: :PATCH - update_url: 'projects/{{project}}/policies/{{name}}' - required: true - - !ruby/object:Api::Type::Boolean - name: 'enableInboundForwarding' - description: | - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - send_empty_value: true - update_verb: :PATCH - update_url: 'projects/{{project}}/policies/{{name}}' - - !ruby/object:Api::Type::Boolean - name: 'enableLogging' - description: | - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - send_empty_value: true - update_verb: :PATCH - update_url: 'projects/{{project}}/policies/{{name}}' - - !ruby/object:Api::Type::Integer - name: 'id' - description: Unique identifier for the resource; defined by the server. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - User assigned name for this policy. - required: true - - !ruby/object:Api::Type::Array - name: 'networks' - description: 'List of network names specifying networks to which this policy is applied.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - # TODO(drebes): Make 'networkUrl' a ResourceRef once cross-module references - # are possible. - - !ruby/object:Api::Type::String - name: 'networkUrl' - required: true - description: | - The fully qualified URL of the VPC network to bind to. - This should be formatted like - `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` - update_verb: :PATCH - update_url: 'projects/{{project}}/policies/{{name}}' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using DNS server policies': - 'https://cloud.google.com/dns/zones/#using-dns-server-policies' - api: 'https://cloud.google.com/dns/docs/reference/v1beta2/policies' - - !ruby/object:Api::Resource - name: 'Project' - kind: 'dns#project' - description: | - A project resource. The project is a top level container for resources - including Cloud DNS ManagedZones. - base_url: 'projects' - readonly: true - input: true - properties: - - !ruby/object:Api::Type::Integer - name: 'number' - description: | - Unique numeric identifier for the resource; defined by the server. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'quota' - description: 'Quota allowed in project' - output: true - properties: - - !ruby/object:Api::Type::Integer - name: 'managedZones' - description: Maximum allowed number of managed zones in the project. - output: true - - !ruby/object:Api::Type::Integer - name: 'resourceRecordsPerRrset' - description: | - Maximum allowed number of ResourceRecords per ResourceRecordSet. - output: true - - !ruby/object:Api::Type::Integer - name: 'rrsetAdditionsPerChange' - description: | - Maximum allowed number of ResourceRecordSets to add per - ChangesCreateRequest. - output: true - - !ruby/object:Api::Type::Integer - name: 'rrsetDeletionsPerChange' - description: | - Maximum allowed number of ResourceRecordSets to delete per - ChangesCreateRequest. - output: true - - !ruby/object:Api::Type::Integer - name: 'rrsetsPerManagedZone' - description: | - Maximum allowed number of ResourceRecordSets per zone in the - project. - output: true - - !ruby/object:Api::Type::Integer - name: 'totalRrdataSizePerChange' - description: | - Maximum allowed size for total rrdata in one ChangesCreateRequest - in bytes. - output: true - - !ruby/object:Api::Resource - name: 'ResourceRecordSet' - kind: 'dns#resourceRecordSet' - description: | - A single DNS record that exists on a domain name (i.e. in a managed zone). - This record defines the information about the domain and where the - domain / subdomains direct to. - - The record will include the domain/subdomain name, a type (i.e. A, AAA, - CAA, MX, CNAME, NS, etc) - base_url: 'projects/{{project}}/managedZones/{{managed_zone}}/changes' - self_link: 'projects/{{project}}/managedZones/{{managed_zone}}/rrsets?name={{name}}&type={{type}}' - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: ['rrsets'] - collection_url_key: 'rrsets' - identity: - - name - - type - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'managed_zone' - description: | - Identifies the managed zone addressed by this request. - required: true - resource: 'ManagedZone' - imports: 'name' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: For example, www.example.com. - required: true - - !ruby/object:Api::Type::Enum - name: 'type' - values: - - :A - - :AAAA - - :CAA - - :CNAME - - :DNSKEY - - :DS - - :IPSECVPNKEY - - :MX - - :NAPTR - - :NS - - :PTR - - :SOA - - :SPF - - :SRV - - :SSHFP - - :TLSA - - :TXT - description: One of valid DNS resource types. - # TODO(nelsonjr): Enforce required in provider manifest - required: true - - !ruby/object:Api::Type::Integer - name: 'ttl' - description: | - Number of seconds that this ResourceRecordSet can be cached by - resolvers. - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'target' - description: | - As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1) - api_name: rrdatas - - !ruby/object:Api::Resource - name: 'ResponsePolicy' - kind: 'dns#responsePolicy' - description: | - A Response Policy is a collection of selectors that apply to queries - made against one or more Virtual Private Cloud networks. - base_url: 'projects/{{project}}/responsePolicies' - self_link: 'projects/{{project}}/responsePolicies/{{response_policy_name}}' - update_verb: :PATCH - min_version: beta - identity: - - responsePolicyName - properties: - - !ruby/object:Api::Type::Integer - name: 'id' - description: Unique identifier for the resource; defined by the server. - output: true - - !ruby/object:Api::Type::String - name: 'responsePolicyName' - description: The user assigned name for this Response Policy, such as `myresponsepolicy`. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of the response policy, such as `My new response policy`. - default_value: 'Managed by Terraform' - required: false - update_verb: :PATCH - - !ruby/object:Api::Type::Array - name: 'networks' - description: 'The list of network names specifying networks to which this policy is applied.' - update_verb: :PATCH - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'networkUrl' - required: true - description: | - The fully qualified URL of the VPC network to bind to. - This should be formatted like - `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` - - !ruby/object:Api::Type::Array - name: 'gkeClusters' - description: 'The list of Google Kubernetes Engine clusters that can see this zone.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'gkeClusterName' - description: | - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - `projects/*/locations/*/clusters/*` - required: true - - !ruby/object:Api::Resource - name: 'ResponsePolicyRule' - kind: 'dns#responsePolicyRule' - description: | - A Response Policy Rule is a selector that applies its behavior to queries that match the selector. - Selectors are DNS names, which may be wildcards or exact matches. - Each DNS query subject to a Response Policy matches at most one ResponsePolicyRule, - as identified by the dns_name field with the longest matching suffix. - base_url: 'projects/{{project}}/responsePolicies/{{response_policy}}/rules' - self_link: 'projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}' - update_verb: :PATCH - min_version: beta - identity: - - ruleName - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'response_policy' - required: true - url_param_only: true - resource: 'ResponsePolicy' - imports: 'responsePolicyName' - description: | - Identifies the response policy addressed by this request. - properties: - - !ruby/object:Api::Type::String - name: 'ruleName' - description: An identifier for this rule. Must be unique with the ResponsePolicy. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'dnsName' - description: The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule. - required: true - update_verb: :PATCH - - !ruby/object:Api::Type::NestedObject - name: 'localData' - conflicts: - - behavior - description: | - Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; - in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. - update_verb: :PATCH - properties: - - !ruby/object:Api::Type::Array - name: 'localDatas' - description: All resource record sets for this selector, one per resource record type. The name must match the dns_name. - update_verb: :PATCH - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: For example, www.example.com. - required: true - - !ruby/object:Api::Type::Enum - name: 'type' - values: - - :A - - :AAAA - - :CAA - - :CNAME - - :DNSKEY - - :DS - - :HTTPS - - :IPSECVPNKEY - - :MX - - :NAPTR - - :NS - - :PTR - - :SOA - - :SPF - - :SRV - - :SSHFP - - :SVCB - - :TLSA - - :TXT - description: One of valid DNS resource types. - required: true - - !ruby/object:Api::Type::Integer - name: 'ttl' - description: | - Number of seconds that this ResourceRecordSet can be cached by - resolvers. - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'rrdatas' - description: | - As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1) - - !ruby/object:Api::Type::String - name: 'behavior' - conflicts: - - local_data - min_version: beta - description: Answer this query with a behavior rather than DNS data. Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy' - update_verb: :PATCH diff --git a/mmv1/products/dns/product.yaml b/mmv1/products/dns/product.yaml new file mode 100644 index 000000000000..e52c4bd86d18 --- /dev/null +++ b/mmv1/products/dns/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DNS +display_name: Cloud DNS +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://dns.googleapis.com/dns/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://dns.googleapis.com/dns/v1beta2/ +scopes: + - https://www.googleapis.com/auth/ndev.clouddns.readwrite +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Google Cloud DNS API + url: https://console.cloud.google.com/apis/library/dns.googleapis.com/ diff --git a/mmv1/products/documentai/Processor.yaml b/mmv1/products/documentai/Processor.yaml new file mode 100644 index 000000000000..cb250572041d --- /dev/null +++ b/mmv1/products/documentai/Processor.yaml @@ -0,0 +1,55 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Processor' +base_url: 'projects/{{project}}/locations/{{location}}/processors' +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/document-ai/docs/overview' + api: 'https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations.processors' +description: | + The first-class citizen for Document AI. Each processor defines how to extract structural information from a document. +parameters: + - !ruby/object:Api::Type::String + name: location + description: | + The location of the resource. + immutable: true + url_param_only: true + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the processor. + output: true + - !ruby/object:Api::Type::String + name: 'type' + required: true + immutable: true + description: | + The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes) + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + immutable: true + description: | + The display name. Must be unique. + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + immutable: true + description: | + The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management. diff --git a/mmv1/products/documentai/ProcessorDefaultVersion.yaml b/mmv1/products/documentai/ProcessorDefaultVersion.yaml new file mode 100644 index 000000000000..4aaf5d5cb59e --- /dev/null +++ b/mmv1/products/documentai/ProcessorDefaultVersion.yaml @@ -0,0 +1,41 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ProcessorDefaultVersion' +immutable: true +base_url: '{{processor}}' +create_url: '{{processor}}:setDefaultProcessorVersion' +create_verb: :POST +self_link: '{{processor}}' +identity: + - processor +description: | + The default version for the processor. Deleting this resource is a no-op, and does not unset the default version. +parameters: + - !ruby/object:Api::Type::String + name: 'processor' + description: | + The processor to set the version on. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'version' + api_name: 'defaultProcessorVersion' + description: | + The version to set. Using `stable` or `rc` will cause the API to return the latest version in that release channel. + Apply `lifecycle.ignore_changes` to the `version` field to suppress this diff. + required: true + immutable: true + diff --git a/mmv1/products/documentai/api.yaml b/mmv1/products/documentai/api.yaml deleted file mode 100644 index 1760e593be69..000000000000 --- a/mmv1/products/documentai/api.yaml +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2021 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DocumentAI -display_name: Document AI -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://{{location}}-documentai.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Document AI API - url: https://console.cloud.google.com/apis/api/documentai.googleapis.com/overview -objects: - - !ruby/object:Api::Resource - name: 'Processor' - base_url: 'projects/{{project}}/locations/{{location}}/processors' - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/document-ai/docs/overview' - api: 'https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations.processors' - description: | - The first-class citizen for Document AI. Each processor defines how to extract structural information from a document. - parameters: - - !ruby/object:Api::Type::String - name: location - description: | - The location of the resource. - input: true - url_param_only: true - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the processor. - output: true - - !ruby/object:Api::Type::String - name: 'type' - required: true - input: true - description: | - The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes) - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - input: true - description: | - The display name. Must be unique. - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - input: true - description: | - The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management. - - !ruby/object:Api::Resource - name: 'ProcessorDefaultVersion' - input: true - base_url: '{{processor}}' - create_url: '{{processor}}:setDefaultProcessorVersion' - create_verb: :POST - self_link: '{{processor}}' - identity: - - processor - description: | - The default version for the processor. Deleting this resource is a no-op, and does not unset the default version. - parameters: - - !ruby/object:Api::Type::String - name: 'processor' - description: | - The processor to set the version on. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'version' - api_name: 'defaultProcessorVersion' - description: | - The version to set. Using `stable` or `rc` will cause the API to return the latest version in that release channel. - Apply `lifecycle.ignore_changes` to the `version` field to suppress this diff. - required: true - input: true diff --git a/mmv1/products/documentai/product.yaml b/mmv1/products/documentai/product.yaml new file mode 100644 index 000000000000..c4de1f3c2903 --- /dev/null +++ b/mmv1/products/documentai/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2021 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DocumentAI +display_name: Document AI +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://{{location}}-documentai.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Document AI API + url: https://console.cloud.google.com/apis/api/documentai.googleapis.com/overview diff --git a/mmv1/products/essentialcontacts/Contact.yaml b/mmv1/products/essentialcontacts/Contact.yaml new file mode 100644 index 000000000000..3b8825981918 --- /dev/null +++ b/mmv1/products/essentialcontacts/Contact.yaml @@ -0,0 +1,59 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Contact' +create_url: '{{parent}}/contacts' +self_link: '{{name}}' +base_url: '{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/resource-manager/docs/managing-notification-contacts' + api: 'https://cloud.google.com/resource-manager/docs/reference/essentialcontacts/rest/v1/projects.contacts' +description: | + A contact that will receive notifications from Google Cloud. +parameters: + - !ruby/object:Api::Type::String + name: parent + description: | + The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id} + immutable: true + url_param_only: true + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id} + - !ruby/object:Api::Type::String + name: 'email' + immutable: true + required: true + description: | + The email address to send notifications to. This does not need to be a Google account. + - !ruby/object:Api::Type::Array + name: 'notificationCategorySubscriptions' + required: true + description: | + The categories of notifications that the contact will receive communications for. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'languageTag' + required: true + description: | + The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages. + diff --git a/mmv1/products/essentialcontacts/api.yaml b/mmv1/products/essentialcontacts/api.yaml deleted file mode 100644 index 26f4752d72e4..000000000000 --- a/mmv1/products/essentialcontacts/api.yaml +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2021 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: EssentialContacts -display_name: Essential Contacts -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://essentialcontacts.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Essential Contacts API - url: https://console.cloud.google.com/apis/api/essentialcontacts.googleapis.com/overview -objects: - - !ruby/object:Api::Resource - name: 'Contact' - create_url: '{{parent}}/contacts' - self_link: '{{name}}' - base_url: '{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/resource-manager/docs/managing-notification-contacts' - api: 'https://cloud.google.com/resource-manager/docs/reference/essentialcontacts/rest/v1/projects.contacts' - description: | - A contact that will receive notifications from Google Cloud. - parameters: - - !ruby/object:Api::Type::String - name: parent - description: | - The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id} - input: true - url_param_only: true - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id} - - !ruby/object:Api::Type::String - name: 'email' - input: true - required: true - description: | - The email address to send notifications to. This does not need to be a Google account. - - !ruby/object:Api::Type::Array - name: 'notificationCategorySubscriptions' - required: true - description: | - The categories of notifications that the contact will receive communications for. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'languageTag' - required: true - description: | - The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages. diff --git a/mmv1/products/essentialcontacts/product.yaml b/mmv1/products/essentialcontacts/product.yaml new file mode 100644 index 000000000000..9664e3fc0bec --- /dev/null +++ b/mmv1/products/essentialcontacts/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2021 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: EssentialContacts +display_name: Essential Contacts +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://essentialcontacts.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Essential Contacts API + url: https://console.cloud.google.com/apis/api/essentialcontacts.googleapis.com/overview diff --git a/mmv1/products/filestore/Backup.yaml b/mmv1/products/filestore/Backup.yaml new file mode 100644 index 000000000000..0c00580b7360 --- /dev/null +++ b/mmv1/products/filestore/Backup.yaml @@ -0,0 +1,121 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Backup' +create_url: projects/{{project}}/locations/{{location}}/backups?backupId={{name}} +self_link: projects/{{project}}/locations/{{location}}/backups/{{name}} +base_url: projects/{{project}}/locations/{{location}}/backups +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud Filestore backup. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/filestore/docs/backups' + 'Creating Backups': + 'https://cloud.google.com/filestore/docs/create-backups' + api: 'https://cloud.google.com/filestore/docs/reference/rest/v1/projects.locations.instances.backups' +parameters: + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location of the instance. This can be a region for ENTERPRISE tier instances. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the backup. The name must be unique within the specified instance. + + The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{location}}/backups/{{backupId}} + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The backup state. + values: + - :STATE_UNSPECIFIED + - :FINALIZING + - :CREATING + - :READY + - :DELETING + output: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time when the snapshot was created in RFC3339 text format. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user-provided metadata. + - !ruby/object:Api::Type::String + name: 'capacityGb' + description: | + The amount of bytes needed to allocate a full copy of the snapshot content. + output: true + - !ruby/object:Api::Type::String + name: 'storageBytes' + description: | + The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. + output: true + - !ruby/object:Api::Type::String + name: 'sourceInstance' + description: | + The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup. + required: true + - !ruby/object:Api::Type::String + name: 'sourceFileShare' + description: | + Name of the file share in the source Cloud Filestore instance that the backup is created from. + immutable: true + required: true + - !ruby/object:Api::Type::Enum + name: 'sourceInstanceTier' + description: | + The service tier of the source Cloud Filestore instance that this backup is created from. + values: + - :STANDARD + - :PREMIUM + - :BASIC_HDD + - :BASIC_SSD + - :HIGH_SCALE_SSD + - :ENTERPRISE + output: true + - !ruby/object:Api::Type::String + name: 'downloadBytes' + description: | + Amount of bytes that will be downloaded if the backup is restored. + output: true + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + KMS key name used for data encryption. + output: true + diff --git a/mmv1/products/filestore/Instance.yaml b/mmv1/products/filestore/Instance.yaml new file mode 100644 index 000000000000..d17f1d1bf9a7 --- /dev/null +++ b/mmv1/products/filestore/Instance.yaml @@ -0,0 +1,227 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +create_url: projects/{{project}}/locations/{{location}}/instances?instanceId={{name}} +self_link: projects/{{project}}/locations/{{location}}/instances/{{name}} +base_url: projects/{{project}}/locations/{{location}}/instances +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud Filestore instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/filestore/docs/creating-instances' + 'Use with Kubernetes': + 'https://cloud.google.com/filestore/docs/accessing-fileshares' + 'Copying Data In/Out': + 'https://cloud.google.com/filestore/docs/copying-data' + api: 'https://cloud.google.com/filestore/docs/reference/rest/v1beta1/projects.locations.instances/create' +parameters: + - !ruby/object:Api::Type::String + name: 'zone' + description: | + The name of the Filestore zone of the instance. + deprecation_message: "Deprecated in favor of location." + exactly_one_of: + - 'zone' + - 'location' + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location of the instance. This can be a region for ENTERPRISE tier instances. + exactly_one_of: + - zone + - location + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the instance. + required: true + url_param_only: true + pattern: projects/{{project}}/locations/{{location}}/instances/{{name}} + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the instance. + - !ruby/object:Api::Type::String + name: 'state' + description: | + The instance state - short description. + output: true + exclude: true + - !ruby/object:Api::Type::String + name: 'statusMessage' + description: | + Additional information about the instance state, if available. + output: true + exclude: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'tier' + description: | + The service tier of the instance. + Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE + required: true + immutable: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user-provided metadata. + - !ruby/object:Api::Type::Array + name: 'fileShares' + required: true + description: | + File system shares on the instance. For this version, only a + single file share is supported. + max_size: 1 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the fileshare (16 characters or less) + required: true + immutable: true + - !ruby/object:Api::Type::Integer + name: 'capacityGb' + description: | + File share capacity in GiB. This must be at least 1024 GiB + for the standard tier, or 2560 GiB for the premium tier. + required: true + - !ruby/object:Api::Type::String + name: 'sourceBackup' + output: true + description: | + The resource name of the backup, in the format + projects/{projectId}/locations/{locationId}/backups/{backupId}, + that this file share has been restored from. + - !ruby/object:Api::Type::Array + name: 'nfsExportOptions' + description: | + Nfs Export Options. There is a limit of 10 export options per file share. + max_size: 10 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'ipRanges' + description: | + List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share. + Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. + The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions. + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: 'accessMode' + description: | + Either READ_ONLY, for allowing only read requests on the exported directory, + or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. + default_value: :READ_WRITE + values: + - :READ_ONLY + - :READ_WRITE + - !ruby/object:Api::Type::Enum + name: 'squashMode' + description: | + Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, + for not allowing root access. The default is NO_ROOT_SQUASH. + default_value: :NO_ROOT_SQUASH + values: + - :NO_ROOT_SQUASH + - :ROOT_SQUASH + - !ruby/object:Api::Type::Integer + name: 'anonUid' + description: | + An integer representing the anonymous user id with a default value of 65534. + Anon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned + if this field is specified for other squashMode settings. + - !ruby/object:Api::Type::Integer + name: 'anonGid' + description: | + An integer representing the anonymous group id with a default value of 65534. + Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned + if this field is specified for other squashMode settings. + - !ruby/object:Api::Type::Array + name: 'networks' + description: | + VPC networks to which the instance is connected. For this version, + only a single network is supported. + required: true + min_size: 1 + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'network' + description: | + The name of the GCE VPC network to which the + instance is connected. + required: true + immutable: true + - !ruby/object:Api::Type::Array + name: 'modes' + description: | + IP versions for which the instance has + IP addresses assigned. + required: true + immutable: true + item_type: !ruby/object:Api::Type::Enum + name: 'mode' + description: An IP version. + values: + - ADDRESS_MODE_UNSPECIFIED + - MODE_IPV4 + - MODE_IPV6 + - !ruby/object:Api::Type::String + name: 'reservedIpRange' + immutable: true + description: | + A /29 CIDR block that identifies the range of IP + addresses reserved for this instance. + - !ruby/object:Api::Type::Array + name: 'ipAddresses' + description: | + A list of IPv4 or IPv6 addresses. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: 'connectMode' + description: | + The network connect mode of the Filestore instance. + If not provided, the connect mode defaults to + DIRECT_PEERING. + immutable: true + default_value: :DIRECT_PEERING + values: + - :DIRECT_PEERING + - :PRIVATE_SERVICE_ACCESS + - !ruby/object:Api::Type::String + name: 'etag' + description: | + Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + output: true + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + immutable: true + description: | + KMS key name used for data encryption. diff --git a/mmv1/products/filestore/Snapshot.yaml b/mmv1/products/filestore/Snapshot.yaml new file mode 100644 index 000000000000..03abb8b4fd1a --- /dev/null +++ b/mmv1/products/filestore/Snapshot.yaml @@ -0,0 +1,87 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Snapshot' +create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots?snapshotId={{name}} +self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots/{{name}} +base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud Filestore snapshot. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/filestore/docs/snapshots' + 'Creating Snapshots': + 'https://cloud.google.com/filestore/docs/create-snapshots' + api: 'https://cloud.google.com/filestore/docs/reference/rest/v1/projects.locations.instances.snapshots' +parameters: + - !ruby/object:Api::Type::String + name: 'location' + description: | + The name of the location of the instance. This can be a region for ENTERPRISE tier instances. + immutable: true + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'instance' + description: | + The resource name of the filestore instance. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the snapshot. The name must be unique within the specified instance. + + The name must be 1-63 characters long, and comply with + RFC1035. Specifically, the name must be 1-63 characters long and match + the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following + characters must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots/{{name}} + - !ruby/object:Api::Type::String + name: 'description' + description: | + A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The snapshot state. + values: + - :CREATING + - :READY + - :DELETING + output: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time when the snapshot was created in RFC3339 text format. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user-provided metadata. + - !ruby/object:Api::Type::String + name: 'filesystemUsedBytes' + description: | + The amount of bytes needed to allocate a full copy of the snapshot content. + output: true diff --git a/mmv1/products/filestore/api.yaml b/mmv1/products/filestore/api.yaml deleted file mode 100644 index 332956c126ed..000000000000 --- a/mmv1/products/filestore/api.yaml +++ /dev/null @@ -1,443 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -# There is a problem here - the generated api is called 'file', and that's -# a bad name for the library. So we set the name to Filestore, and -# that means that Terraform in particular is going to try to import -# 'filestore'. But the library is called 'file', so instead we need to -# include a small hack to rename the library - see -# templates/terraform/constants/filestore.erb. -name: Filestore -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://file.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://file.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Instance' - create_url: projects/{{project}}/locations/{{location}}/instances?instanceId={{name}} - self_link: projects/{{project}}/locations/{{location}}/instances/{{name}} - base_url: projects/{{project}}/locations/{{location}}/instances - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud Filestore instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/filestore/docs/creating-instances' - 'Use with Kubernetes': - 'https://cloud.google.com/filestore/docs/accessing-fileshares' - 'Copying Data In/Out': - 'https://cloud.google.com/filestore/docs/copying-data' - api: 'https://cloud.google.com/filestore/docs/reference/rest/v1beta1/projects.locations.instances/create' - parameters: - - !ruby/object:Api::Type::String - name: 'zone' - description: | - The name of the Filestore zone of the instance. - deprecation_message: "Deprecated in favor of location." - exactly_one_of: - - 'zone' - - 'location' - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location of the instance. This can be a region for ENTERPRISE tier instances. - exactly_one_of: - - zone - - location - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the instance. - required: true - url_param_only: true - pattern: projects/{{project}}/locations/{{location}}/instances/{{name}} - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the instance. - - !ruby/object:Api::Type::String - name: 'state' - description: | - The instance state - short description. - output: true - exclude: true - - !ruby/object:Api::Type::String - name: 'statusMessage' - description: | - Additional information about the instance state, if available. - output: true - exclude: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'tier' - description: | - The service tier of the instance. - Possible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD and ENTERPRISE - required: true - input: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Resource labels to represent user-provided metadata. - - !ruby/object:Api::Type::Array - name: 'fileShares' - required: true - description: | - File system shares on the instance. For this version, only a - single file share is supported. - max_size: 1 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the fileshare (16 characters or less) - required: true - input: true - - !ruby/object:Api::Type::Integer - name: 'capacityGb' - description: | - File share capacity in GiB. This must be at least 1024 GiB - for the standard tier, or 2560 GiB for the premium tier. - required: true - - !ruby/object:Api::Type::String - name: 'sourceBackup' - output: true - description: | - The resource name of the backup, in the format - projects/{projectId}/locations/{locationId}/backups/{backupId}, - that this file share has been restored from. - - !ruby/object:Api::Type::Array - name: 'nfsExportOptions' - description: | - Nfs Export Options. There is a limit of 10 export options per file share. - max_size: 10 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'ipRanges' - description: | - List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share. - Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. - The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions. - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: 'accessMode' - description: | - Either READ_ONLY, for allowing only read requests on the exported directory, - or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. - default_value: :READ_WRITE - values: - - :READ_ONLY - - :READ_WRITE - - !ruby/object:Api::Type::Enum - name: 'squashMode' - description: | - Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, - for not allowing root access. The default is NO_ROOT_SQUASH. - default_value: :NO_ROOT_SQUASH - values: - - :NO_ROOT_SQUASH - - :ROOT_SQUASH - - !ruby/object:Api::Type::Integer - name: 'anonUid' - description: | - An integer representing the anonymous user id with a default value of 65534. - Anon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned - if this field is specified for other squashMode settings. - - !ruby/object:Api::Type::Integer - name: 'anonGid' - description: | - An integer representing the anonymous group id with a default value of 65534. - Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned - if this field is specified for other squashMode settings. - - !ruby/object:Api::Type::Array - name: 'networks' - description: | - VPC networks to which the instance is connected. For this version, - only a single network is supported. - required: true - min_size: 1 - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'network' - description: | - The name of the GCE VPC network to which the - instance is connected. - required: true - input: true - - !ruby/object:Api::Type::Array - name: 'modes' - description: | - IP versions for which the instance has - IP addresses assigned. - required: true - input: true - item_type: !ruby/object:Api::Type::Enum - name: 'mode' - description: An IP version. - values: - - ADDRESS_MODE_UNSPECIFIED - - MODE_IPV4 - - MODE_IPV6 - - !ruby/object:Api::Type::String - name: 'reservedIpRange' - input: true - description: | - A /29 CIDR block that identifies the range of IP - addresses reserved for this instance. - - !ruby/object:Api::Type::Array - name: 'ipAddresses' - description: | - A list of IPv4 or IPv6 addresses. - output: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: 'connectMode' - description: | - The network connect mode of the Filestore instance. - If not provided, the connect mode defaults to - DIRECT_PEERING. - input: true - default_value: :DIRECT_PEERING - values: - - :DIRECT_PEERING - - :PRIVATE_SERVICE_ACCESS - - !ruby/object:Api::Type::String - name: 'etag' - description: | - Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - output: true - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - input: true - description: | - KMS key name used for data encryption. - - !ruby/object:Api::Resource - name: 'Snapshot' - create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots?snapshotId={{name}} - self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots/{{name}} - base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud Filestore snapshot. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/filestore/docs/snapshots' - 'Creating Snapshots': - 'https://cloud.google.com/filestore/docs/create-snapshots' - api: 'https://cloud.google.com/filestore/docs/reference/rest/v1/projects.locations.instances.snapshots' - parameters: - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location of the instance. This can be a region for ENTERPRISE tier instances. - input: true - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'instance' - description: | - The resource name of the filestore instance. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the snapshot. The name must be unique within the specified instance. - - The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{location}}/instances/{{instance}}/snapshots/{{name}} - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The snapshot state. - values: - - :CREATING - - :READY - - :DELETING - output: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time when the snapshot was created in RFC3339 text format. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Resource labels to represent user-provided metadata. - - !ruby/object:Api::Type::String - name: 'filesystemUsedBytes' - description: | - The amount of bytes needed to allocate a full copy of the snapshot content. - output: true - - !ruby/object:Api::Resource - name: 'Backup' - create_url: projects/{{project}}/locations/{{location}}/backups?backupId={{name}} - self_link: projects/{{project}}/locations/{{location}}/backups/{{name}} - base_url: projects/{{project}}/locations/{{location}}/backups - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud Filestore backup. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/filestore/docs/backups' - 'Creating Backups': - 'https://cloud.google.com/filestore/docs/create-backups' - api: 'https://cloud.google.com/filestore/docs/reference/rest/v1/projects.locations.instances.backups' - parameters: - - !ruby/object:Api::Type::String - name: 'location' - description: | - The name of the location of the instance. This can be a region for ENTERPRISE tier instances. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the backup. The name must be unique within the specified instance. - - The name must be 1-63 characters long, and comply with - RFC1035. Specifically, the name must be 1-63 characters long and match - the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following - characters must be a dash, lowercase letter, or digit, except the last - character, which cannot be a dash. - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{location}}/backups/{{backupId}} - - !ruby/object:Api::Type::String - name: 'description' - description: | - A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The backup state. - values: - - :STATE_UNSPECIFIED - - :FINALIZING - - :CREATING - - :READY - - :DELETING - output: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time when the snapshot was created in RFC3339 text format. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Resource labels to represent user-provided metadata. - - !ruby/object:Api::Type::String - name: 'capacityGb' - description: | - The amount of bytes needed to allocate a full copy of the snapshot content. - output: true - - !ruby/object:Api::Type::String - name: 'storageBytes' - description: | - The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion. - output: true - - !ruby/object:Api::Type::String - name: 'sourceInstance' - description: | - The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup. - required: true - - !ruby/object:Api::Type::String - name: 'sourceFileShare' - description: | - Name of the file share in the source Cloud Filestore instance that the backup is created from. - input: true - required: true - - !ruby/object:Api::Type::Enum - name: 'sourceInstanceTier' - description: | - The service tier of the source Cloud Filestore instance that this backup is created from. - values: - - :STANDARD - - :PREMIUM - - :BASIC_HDD - - :BASIC_SSD - - :HIGH_SCALE_SSD - - :ENTERPRISE - output: true - - !ruby/object:Api::Type::String - name: 'downloadBytes' - description: | - Amount of bytes that will be downloaded if the backup is restored. - output: true - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - description: | - KMS key name used for data encryption. - output: true diff --git a/mmv1/products/filestore/product.yaml b/mmv1/products/filestore/product.yaml new file mode 100644 index 000000000000..56eb47b52471 --- /dev/null +++ b/mmv1/products/filestore/product.yaml @@ -0,0 +1,47 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +# There is a problem here - the generated api is called 'file', and that's +# a bad name for the library. So we set the name to Filestore, and +# that means that Terraform in particular is going to try to import +# 'filestore'. But the library is called 'file', so instead we need to +# include a small hack to rename the library - see +# templates/terraform/constants/filestore.erb. +name: Filestore +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://file.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://file.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/firebase/AndroidApp.yaml b/mmv1/products/firebase/AndroidApp.yaml new file mode 100644 index 000000000000..8cd3351bf2d3 --- /dev/null +++ b/mmv1/products/firebase/AndroidApp.yaml @@ -0,0 +1,85 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AndroidApp' +min_version: beta +base_url: projects/{{project}}/androidApps +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +delete_verb: :POST +delete_url: '{{name}}:remove' +description: | + A Google Cloud Firebase Android application instance +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/docs/android/setup' + api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps' +async: !ruby/object:Api::OpAsync + actions: ["create", "delete"] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId + output: true + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + The user-assigned display name of the AndroidApp. + - !ruby/object:Api::Type::String + name: appId + output: true + description: | + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + - !ruby/object:Api::Type::String + name: packageName + description: | + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + - !ruby/object:Api::Type::Array + name: sha1Hashes + description: | + The SHA1 certificate hashes for the AndroidApp. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: sha256Hashes + description: | + The SHA256 certificate hashes for the AndroidApp. + item_type: Api::Type::String + - !ruby/object:Api::Type::Fingerprint + name: etag + description: | + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. diff --git a/mmv1/products/firebase/AppleApp.yaml b/mmv1/products/firebase/AppleApp.yaml new file mode 100644 index 000000000000..d17defd18943 --- /dev/null +++ b/mmv1/products/firebase/AppleApp.yaml @@ -0,0 +1,78 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AppleApp' +min_version: beta +base_url: projects/{{project}}/iosApps +self_link: '{{name}}' +update_verb: :PATCH +delete_verb: :POST +delete_url: 'projects/{{project}}/iosApps/{{app_id}}:remove' +update_mask: true +description: | + A Google Cloud Firebase Apple application instance +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/docs/ios/setup' + api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps' +async: !ruby/object:Api::OpAsync + actions: ["create", "delete"] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The fully qualified resource name of the App, for example: + projects/projectId/iosApps/appId + output: true + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + The user-assigned display name of the App. + - !ruby/object:Api::Type::String + name: appId + output: true + description: | + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + - !ruby/object:Api::Type::String + name: bundleId + description: | + The canonical bundle ID of the Apple app as it would appear in the Apple AppStore. + - !ruby/object:Api::Type::String + name: appStoreId + description: | + The automatically generated Apple ID assigned to the Apple app by Apple in the Apple App Store. + - !ruby/object:Api::Type::String + name: teamId + description: | + The Apple Developer Team ID associated with the App in the App Store. + diff --git a/mmv1/products/firebase/Project.yaml b/mmv1/products/firebase/Project.yaml new file mode 100644 index 000000000000..e8a531cb8803 --- /dev/null +++ b/mmv1/products/firebase/Project.yaml @@ -0,0 +1,41 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Project' +min_version: beta +base_url: projects/{{project}} +self_link: projects/{{project}} +create_url: projects/{{project}}:addFirebase +immutable: true +description: | + A Google Cloud Firebase instance. This enables Firebase resources on a given google project. + Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP + identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. + Once Firebase has been added to a Google Project it cannot be removed. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/' + api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects' +properties: + - !ruby/object:Api::Type::String + name: projectNumber + output: true + description: | + The number of the google project that firebase is enabled on. + - !ruby/object:Api::Type::String + name: displayName + output: true + description: | + The GCP project display name diff --git a/mmv1/products/firebase/ProjectLocation.yaml b/mmv1/products/firebase/ProjectLocation.yaml new file mode 100644 index 000000000000..34d70fdbc638 --- /dev/null +++ b/mmv1/products/firebase/ProjectLocation.yaml @@ -0,0 +1,44 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ProjectLocation' +min_version: beta +base_url: projects/{{project}} +self_link: projects/{{project}} +create_url: projects/{{project}}/defaultLocation:finalize +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - resources +immutable: true +description: | + Sets the default Google Cloud Platform (GCP) resource location for the specified FirebaseProject. + This method creates an App Engine application with a default Cloud Storage bucket, located in the specified + locationId. This location must be one of the available GCP resource locations. + After the default GCP resource location is finalized, or if it was already set, it cannot be changed. + The default GCP resource location for the specified FirebaseProject might already be set because either the + GCP Project already has an App Engine application or defaultLocation.finalize was previously called with a + specified locationId. Any new calls to defaultLocation.finalize with a different specified locationId will + return a 409 error. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/' + api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.defaultLocation/finalize' +properties: + - !ruby/object:Api::Type::String + name: locationId + required: true + description: | + The ID of the default GCP resource location for the Project. The location must be one of the available GCP + resource locations. diff --git a/mmv1/products/firebase/WebApp.yaml b/mmv1/products/firebase/WebApp.yaml new file mode 100644 index 000000000000..50b84b25d89a --- /dev/null +++ b/mmv1/products/firebase/WebApp.yaml @@ -0,0 +1,71 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WebApp' +min_version: beta +base_url: projects/{{project}}/webApps +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +delete_verb: :POST +delete_url: '{{name}}:remove' +description: | + A Google Cloud Firebase web application instance +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/' + api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps' +async: !ruby/object:Api::OpAsync + actions: ["create", "delete"] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId + output: true + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + The user-assigned display name of the App. + - !ruby/object:Api::Type::String + name: appId + output: true + description: | + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + - !ruby/object:Api::Type::Array + name: appUrls + output: true + description: | + The URLs where the `WebApp` is hosted. + item_type: Api::Type::String diff --git a/mmv1/products/firebase/api.yaml b/mmv1/products/firebase/api.yaml deleted file mode 100644 index 0e493eafdf58..000000000000 --- a/mmv1/products/firebase/api.yaml +++ /dev/null @@ -1,293 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Firebase -display_name: Firebase -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://firebase.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Project' - min_version: beta - base_url: projects/{{project}} - self_link: projects/{{project}} - create_url: projects/{{project}}:addFirebase - input: true - description: | - A Google Cloud Firebase instance. This enables Firebase resources on a given google project. - Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP - identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. - Once Firebase has been added to a Google Project it cannot be removed. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/' - api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects' - properties: - - !ruby/object:Api::Type::String - name: projectNumber - output: true - description: | - The number of the google project that firebase is enabled on. - - !ruby/object:Api::Type::String - name: displayName - output: true - description: | - The GCP project display name - - !ruby/object:Api::Resource - name: 'ProjectLocation' - min_version: beta - base_url: projects/{{project}} - self_link: projects/{{project}} - create_url: projects/{{project}}/defaultLocation:finalize - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - resources - input: true - description: | - Sets the default Google Cloud Platform (GCP) resource location for the specified FirebaseProject. - This method creates an App Engine application with a default Cloud Storage bucket, located in the specified - locationId. This location must be one of the available GCP resource locations. - After the default GCP resource location is finalized, or if it was already set, it cannot be changed. - The default GCP resource location for the specified FirebaseProject might already be set because either the - GCP Project already has an App Engine application or defaultLocation.finalize was previously called with a - specified locationId. Any new calls to defaultLocation.finalize with a different specified locationId will - return a 409 error. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/' - api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.defaultLocation/finalize' - properties: - - !ruby/object:Api::Type::String - name: locationId - required: true - description: | - The ID of the default GCP resource location for the Project. The location must be one of the available GCP - resource locations. - - !ruby/object:Api::Resource - name: 'WebApp' - min_version: beta - base_url: projects/{{project}}/webApps - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - delete_verb: :POST - delete_url: '{{name}}:remove' - description: | - A Google Cloud Firebase web application instance - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/' - api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps' - async: !ruby/object:Api::OpAsync - actions: ["create", "delete"] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The fully qualified resource name of the App, for example: - projects/projectId/webApps/appId - output: true - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - The user-assigned display name of the App. - - !ruby/object:Api::Type::String - name: appId - output: true - description: | - The globally unique, Firebase-assigned identifier of the App. - This identifier should be treated as an opaque token, as the data format is not specified. - - !ruby/object:Api::Type::Array - name: appUrls - output: true - description: | - The URLs where the `WebApp` is hosted. - item_type: Api::Type::String - - !ruby/object:Api::Resource - name: 'AndroidApp' - min_version: beta - base_url: projects/{{project}}/androidApps - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - delete_verb: :POST - delete_url: '{{name}}:remove' - description: | - A Google Cloud Firebase Android application instance - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/docs/android/setup' - api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps' - async: !ruby/object:Api::OpAsync - actions: ["create", "delete"] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The fully qualified resource name of the AndroidApp, for example: - projects/projectId/androidApps/appId - output: true - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - The user-assigned display name of the AndroidApp. - - !ruby/object:Api::Type::String - name: appId - output: true - description: | - The globally unique, Firebase-assigned identifier of the AndroidApp. - This identifier should be treated as an opaque token, as the data format is not specified. - - !ruby/object:Api::Type::String - name: packageName - description: | - Immutable. The canonical package name of the Android app as would appear in the Google Play - Developer Console. - - !ruby/object:Api::Type::Array - name: sha1Hashes - description: | - The SHA1 certificate hashes for the AndroidApp. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: sha256Hashes - description: | - The SHA256 certificate hashes for the AndroidApp. - item_type: Api::Type::String - - !ruby/object:Api::Type::Fingerprint - name: etag - description: | - This checksum is computed by the server based on the value of other fields, and it may be sent - with update requests to ensure the client has an up-to-date value before proceeding. - - !ruby/object:Api::Resource - name: 'AppleApp' - min_version: beta - base_url: projects/{{project}}/iosApps - self_link: '{{name}}' - update_verb: :PATCH - delete_verb: :POST - delete_url: 'projects/{{project}}/iosApps/{{app_id}}:remove' - update_mask: true - description: | - A Google Cloud Firebase Apple application instance - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/docs/ios/setup' - api: 'https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps' - async: !ruby/object:Api::OpAsync - actions: ["create", "delete"] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The fully qualified resource name of the App, for example: - projects/projectId/iosApps/appId - output: true - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - The user-assigned display name of the App. - - !ruby/object:Api::Type::String - name: appId - output: true - description: | - The globally unique, Firebase-assigned identifier of the App. - This identifier should be treated as an opaque token, as the data format is not specified. - - !ruby/object:Api::Type::String - name: bundleId - description: | - The canonical bundle ID of the Apple app as it would appear in the Apple AppStore. - - !ruby/object:Api::Type::String - name: appStoreId - description: | - The automatically generated Apple ID assigned to the Apple app by Apple in the Apple App Store. - - !ruby/object:Api::Type::String - name: teamId - description: | - The Apple Developer Team ID associated with the App in the App Store. diff --git a/mmv1/products/firebase/product.yaml b/mmv1/products/firebase/product.yaml new file mode 100644 index 000000000000..b88cdb1ac511 --- /dev/null +++ b/mmv1/products/firebase/product.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Firebase +display_name: Firebase +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://firebase.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/firebasedatabase/Instance.yaml b/mmv1/products/firebasedatabase/Instance.yaml new file mode 100644 index 000000000000..48ea4538aad9 --- /dev/null +++ b/mmv1/products/firebasedatabase/Instance.yaml @@ -0,0 +1,79 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +min_version: beta +base_url: projects/{{project}}/locations/{{region}}/instances/ +self_link: projects/{{project}}/locations/{{region}}/instances/{{instance_id}} +create_url: projects/{{project}}/locations/{{region}}/instances?databaseId={{instance_id}} +description: A Firebase Realtime Database instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/products/realtime-database' + api: 'https://firebase.google.com/docs/reference/rest/database/database-management/rest' +parameters: + - !ruby/object:Api::Type::String + name: 'region' + description: | + A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations) + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'instance_id' + description: | + The globally unique identifier of the Firebase Realtime Database instance. + Instance IDs cannot be reused after deletion. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's [`ProjectNumber`](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + output: true + - !ruby/object:Api::Type::String + name: database_url + description: | + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + output: true + - !ruby/object:Api::Type::Enum + name: type + description: | + The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. + immutable: true + values: + - :DEFAULT_DATABASE + - :USER_DATABASE + default_value: :USER_DATABASE + - !ruby/object:Api::Type::Enum + name: state + description: | + The current database state. Set desired_state to :DISABLED to disable the database and :ACTIVE to reenable the database + output: true + values: + - :ACTIVE + - :DISABLED + + diff --git a/mmv1/products/firebasedatabase/api.yaml b/mmv1/products/firebasedatabase/api.yaml deleted file mode 100644 index cf61d7158a26..000000000000 --- a/mmv1/products/firebasedatabase/api.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: FirebaseDatabase -display_name: Firebase Realtime Database -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://firebasedatabase.googleapis.com/v1beta/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Firebase Realtime Database API - url: https://console.cloud.google.com/apis/library/firebasedatabase.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Instance' - min_version: beta - base_url: projects/{{project}}/locations/{{region}}/instances/ - self_link: projects/{{project}}/locations/{{region}}/instances/{{instance_id}} - create_url: projects/{{project}}/locations/{{region}}/instances?databaseId={{instance_id}} - description: A Firebase Realtime Database instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/products/realtime-database' - api: 'https://firebase.google.com/docs/reference/rest/database/database-management/rest' - parameters: - - !ruby/object:Api::Type::String - name: 'region' - description: | - A reference to the region where the Firebase Realtime database resides. - Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations) - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'instance_id' - description: | - The globally unique identifier of the Firebase Realtime Database instance. - Instance IDs cannot be reused after deletion. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The fully-qualified resource name of the Firebase Realtime Database, in the - format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID - PROJECT_NUMBER: The Firebase project's [`ProjectNumber`](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) - Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). - output: true - - !ruby/object:Api::Type::String - name: database_url - description: | - The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances - or https://{instance-id}.{region}.firebasedatabase.app in other regions. - output: true - - !ruby/object:Api::Type::Enum - name: type - description: | - The database type. - Each project can create one default Firebase Realtime Database, which cannot be deleted once created. - Creating user Databases is only available for projects on the Blaze plan. - Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. - input: true - values: - - :DEFAULT_DATABASE - - :USER_DATABASE - default_value: :USER_DATABASE - - !ruby/object:Api::Type::Enum - name: state - description: | - The current database state. Set desired_state to :DISABLED to disable the database and :ACTIVE to reenable the database - output: true - values: - - :ACTIVE - - :DISABLED - diff --git a/mmv1/products/firebasedatabase/product.yaml b/mmv1/products/firebasedatabase/product.yaml new file mode 100644 index 000000000000..3352fdee1b3f --- /dev/null +++ b/mmv1/products/firebasedatabase/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: FirebaseDatabase +display_name: Firebase Realtime Database +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://firebasedatabase.googleapis.com/v1beta/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Firebase Realtime Database API + url: https://console.cloud.google.com/apis/library/firebasedatabase.googleapis.com/ diff --git a/mmv1/products/firebasehosting/Channel.yaml b/mmv1/products/firebasehosting/Channel.yaml new file mode 100644 index 000000000000..138d537b2134 --- /dev/null +++ b/mmv1/products/firebasehosting/Channel.yaml @@ -0,0 +1,78 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Channel' +min_version: beta +base_url: sites/{{site_id}}/channels +self_link: sites/{{site_id}}/channels/{{channel_id}} +create_url: sites/{{site_id}}/channels?channelId={{channel_id}} +update_verb: :PATCH +update_mask: true +description: | + A `Channel` represents a stream of releases for a site. All sites have a default + `live` channel that serves content to the Firebase-provided subdomains and any + connected custom domains. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/docs/hosting' + api: 'https://firebase.google.com/docs/reference/hosting/rest/v1beta1/sites.channels' +parameters: + - !ruby/object:Api::Type::String + name: site_id + description: | + Required. The ID of the site in which to create this channel. + immutable: true + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: channel_id + description: | + Required. Immutable. A unique ID within the site that identifies the channel. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + pattern: sites/{{site_id}}/channels/{{channel_id}} + description: | + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID + output: true + - !ruby/object:Api::Type::Integer + name: retainedReleaseCount + description: | + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: Text labels used for extra metadata and/or filtering + - !ruby/object:Api::Type::Time + name: expireTime + conflicts: + - ttl + description: | + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the `ttl` field. + - !ruby/object:Api::Type::String + name: ttl + conflicts: + - expireTime + immutable: true + description: | + Input only. A time-to-live for this channel. Sets `expire_time` to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). diff --git a/mmv1/products/firebasehosting/Release.yaml b/mmv1/products/firebasehosting/Release.yaml new file mode 100644 index 000000000000..76f9a75b0808 --- /dev/null +++ b/mmv1/products/firebasehosting/Release.yaml @@ -0,0 +1,81 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Release" +min_version: beta +base_url: "sites/{{site_id}}/channels/{{channel_id}}/releases" +self_link: "sites/{{site_id}}/channels/{{channel_id}}/releases/{{release_id}}" +create_url: "sites/{{site_id}}/channels/{{channel_id}}/releases?versionName={{version_name}}" +immutable: true # not updatable +description: | + A Release is a particular collection of configurations that is set to be public at a particular time. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Official Documentation": "https://firebase.google.com/docs/hosting" + api: "https://firebase.google.com/docs/reference/hosting/rest/v1beta1/sites.releases" +parameters: + - !ruby/object:Api::Type::String + name: site_id + description: | + Required. The ID of the site to which the release belongs. + immutable: true + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: channel_id + description: | + The ID of the channel to which the release belongs. If not provided, the release will + belong to the default "live" channel + immutable: true + url_param_only: true + default_value: 'live' + - !ruby/object:Api::Type::ResourceRef + name: version_name + resource: 'Version' + imports: 'name' + description: | + The unique identifier for a version, in the format: sites/SITE_ID/versions/VERSION_ID. + The content of the version specified will be actively displayed on the appropriate URL. + The Version must belong to the same site as in the `site_id`. + This parameter must be empty if the `type` of the release is `SITE_DISABLE`. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The unique identifier for the release, in either of the following formats: + sites/SITE_ID/releases/RELEASE_ID + sites/SITE_ID/channels/CHANNEL_ID/releases/RELEASE_ID + output: true + - !ruby/object:Api::Type::String + name: release_id + description: The unique identifier for the Release. + output: true + - !ruby/object:Api::Type::Enum + name: type + description: | + The type of the release; indicates what happened to the content of the site. There is no need to specify + `DEPLOY` or `ROLLBACK` type if a `version_name` is provided. + DEPLOY: A version was uploaded to Firebase Hosting and released. Output only. + ROLLBACK: The release points back to a previously deployed version. Output only. + SITE_DISABLE: The release prevents the site from serving content. Firebase Hosting acts as if the site never existed + values: + - :DEPLOY + - :ROLLBACK + - :SITE_DISABLE + - !ruby/object:Api::Type::String + name: message + description: | + The deploy description when the release was created. The value can be up to 512 characters. diff --git a/mmv1/products/firebasehosting/Site.yaml b/mmv1/products/firebasehosting/Site.yaml new file mode 100644 index 000000000000..6ff1067e5828 --- /dev/null +++ b/mmv1/products/firebasehosting/Site.yaml @@ -0,0 +1,57 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Site' +min_version: beta +base_url: projects/{{project}}/sites +self_link: projects/{{project}}/sites/{{site_id}} +create_url: projects/{{project}}/sites?siteId={{site_id}} +update_verb: :PATCH +update_mask: true +description: 'A `Site` represents a Firebase Hosting site.' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://firebase.google.com/docs/hosting' + api: 'https://firebase.google.com/docs/reference/hosting/rest/v1beta1/projects.sites' +parameters: + - !ruby/object:Api::Type::String + name: 'site_id' + description: | + Required. Immutable. A globally unique identifier for the Hosting site. This identifier is + used to construct the Firebase-provisioned subdomains for the site, so it must also be a valid + domain name label. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + description: | + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + [`ProjectNumber`](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + [`ProjectId`](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + output: true + - !ruby/object:Api::Type::String + name: appId + description: | + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + - !ruby/object:Api::Type::String + name: defaultUrl + output: true + description: The default URL for the site in the form of https://{name}.web.app diff --git a/mmv1/products/firebasehosting/Version.yaml b/mmv1/products/firebasehosting/Version.yaml new file mode 100644 index 000000000000..325d01e8e078 --- /dev/null +++ b/mmv1/products/firebasehosting/Version.yaml @@ -0,0 +1,133 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Version" +min_version: beta +base_url: sites/{{site_id}}/versions +self_link: sites/{{site_id}}/versions/{{version_id}} +create_url: sites/{{site_id}}/versions +immutable: true # not updatable +description: | + A `Version` is a configuration which determine how a site is displayed. Static files are not supported at the moment. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Official Documentation": "https://firebase.google.com/docs/hosting" + api: "https://firebase.google.com/docs/reference/hosting/rest/v1beta1/sites.versions" +parameters: + - !ruby/object:Api::Type::String + name: site_id + description: | + Required. The ID of the site in which to create this Version. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The fully-qualified resource name for the version, in the format: + sites/SITE_ID/versions/VERSION_ID + output: true + - !ruby/object:Api::Type::String + name: version_id + description: The ID for the version as in sites/SITE_ID/versions/VERSION_ID + output: true + - !ruby/object:Api::Type::NestedObject + name: config + description: The configuration for the behavior of the site. This configuration exists in the `firebase.json` file. + properties: + - !ruby/object:Api::Type::Array + name: rewrites + description: | + An array of objects (called rewrite rules), where each rule specifies a URL pattern that, if matched to the + request URL path, triggers Hosting to respond as if the service were given the specified destination URL. + item_type: !ruby/object:Api::Type::NestedObject + description: | + A Rewrite specifies a URL pattern that, if matched to the request URL path, triggers Hosting to respond as + if the service were given the specified destination URL. + properties: + - !ruby/object:Api::Type::String + name: glob + description: The user-supplied glob to match against the request URL path. + exactly_one_of: + - glob + - regex + - !ruby/object:Api::Type::String + name: regex + description: The user-supplied RE2 regular expression to match against the request URL path. + exactly_one_of: + - glob + - regex + - !ruby/object:Api::Type::String + name: function + description: The function to proxy requests to. Must match the exported function name exactly. + exactly_one_of: + - function + - run + - !ruby/object:Api::Type::NestedObject + name: run + description: The request will be forwarded to Cloud Run. + exactly_one_of: + - function + - run + properties: + - !ruby/object:Api::Type::String + name: serviceId + description: User-defined ID of the Cloud Run service. + required: true + - !ruby/object:Api::Type::String + name: region + description: Optional. User-provided region where the Cloud Run service is hosted. Defaults to `us-central1` if not supplied. + - !ruby/object:Api::Type::Array + name: redirects + description: | + An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to respond with a redirect to the specified destination path. + item_type: !ruby/object:Api::Type::NestedObject + description: | + A Redirect specifies a URL pattern that, if matched to the request URL path, triggers Hosting to + respond with a redirect to the specified destination path. + properties: + - !ruby/object:Api::Type::String + name: glob + description: The user-supplied glob to match against the request URL path. + exactly_one_of: + - glob + - regex + - !ruby/object:Api::Type::String + name: regex + description: The user-supplied RE2 regular expression to match against the request URL path. + exactly_one_of: + - glob + - regex + - !ruby/object:Api::Type::Integer + name: statusCode + required: true + description: The status HTTP code to return in the response. It must be a valid 3xx status code. + - !ruby/object:Api::Type::String + name: location + required: true + description: | + The value to put in the HTTP location header of the response. + The location can contain capture group values from the pattern using a : prefix to identify + the segment and an optional * to capture the rest of the URL. For example: + + ```hcl + redirects { + glob = "/:capture*" + status_code = 302 + location = "https://example.com/foo/:capture" + } + ``` + diff --git a/mmv1/products/firebasehosting/api.yaml b/mmv1/products/firebasehosting/api.yaml deleted file mode 100644 index deea9aac2647..000000000000 --- a/mmv1/products/firebasehosting/api.yaml +++ /dev/null @@ -1,319 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: FirebaseHosting -display_name: Firebase Hosting -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://firebasehosting.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: 'Site' - min_version: beta - base_url: projects/{{project}}/sites - self_link: projects/{{project}}/sites/{{site_id}} - create_url: projects/{{project}}/sites?siteId={{site_id}} - update_verb: :PATCH - update_mask: true - description: 'A `Site` represents a Firebase Hosting site.' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/docs/hosting' - api: 'https://firebase.google.com/docs/reference/hosting/rest/v1beta1/projects.sites' - parameters: - - !ruby/object:Api::Type::String - name: 'site_id' - description: | - Required. Immutable. A globally unique identifier for the Hosting site. This identifier is - used to construct the Firebase-provisioned subdomains for the site, so it must also be a valid - domain name label. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - Output only. The fully-qualified resource name of the Hosting site, in the - format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the - Firebase project's - [`ProjectNumber`](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its - [`ProjectId`](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). - Learn more about using project identifiers in Google's - [AIP 2510 standard](https://google.aip.dev/cloud/2510). - output: true - - !ruby/object:Api::Type::String - name: appId - description: | - Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) - associated with the Hosting site. - - !ruby/object:Api::Type::String - name: defaultUrl - output: true - description: The default URL for the site in the form of https://{name}.web.app - - !ruby/object:Api::Resource - name: 'Channel' - min_version: beta - base_url: sites/{{site_id}}/channels - self_link: sites/{{site_id}}/channels/{{channel_id}} - create_url: sites/{{site_id}}/channels?channelId={{channel_id}} - update_verb: :PATCH - update_mask: true - description: | - A `Channel` represents a stream of releases for a site. All sites have a default - `live` channel that serves content to the Firebase-provided subdomains and any - connected custom domains. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://firebase.google.com/docs/hosting' - api: 'https://firebase.google.com/docs/reference/hosting/rest/v1beta1/sites.channels' - parameters: - - !ruby/object:Api::Type::String - name: site_id - description: | - Required. The ID of the site in which to create this channel. - input: true - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: channel_id - description: | - Required. Immutable. A unique ID within the site that identifies the channel. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - pattern: sites/{{site_id}}/channels/{{channel_id}} - description: | - The fully-qualified resource name for the channel, in the format: - sites/SITE_ID/channels/CHANNEL_ID - output: true - - !ruby/object:Api::Type::Integer - name: retainedReleaseCount - description: | - The number of previous releases to retain on the channel for rollback or other - purposes. Must be a number between 1-100. Defaults to 10 for new channels. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: Text labels used for extra metadata and/or filtering - - !ruby/object:Api::Type::Time - name: expireTime - conflicts: - - ttl - description: | - The time at which the channel will be automatically deleted. If null, the channel - will not be automatically deleted. This field is present in the output whether it's - set directly or via the `ttl` field. - - !ruby/object:Api::Type::String - name: ttl - conflicts: - - expireTime - input: true - description: | - Input only. A time-to-live for this channel. Sets `expire_time` to the provided - duration past the time of the request. A duration in seconds with up to nine fractional - digits, terminated by 's'. Example: "86400s" (one day). - - !ruby/object:Api::Resource - name: "Release" - min_version: beta - base_url: "sites/{{site_id}}/channels/{{channel_id}}/releases" - self_link: "sites/{{site_id}}/channels/{{channel_id}}/releases/{{release_id}}" - create_url: "sites/{{site_id}}/channels/{{channel_id}}/releases?versionName={{version_name}}" - input: true # not updatable - description: | - A Release is a particular collection of configurations that is set to be public at a particular time. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Official Documentation": "https://firebase.google.com/docs/hosting" - api: "https://firebase.google.com/docs/reference/hosting/rest/v1beta1/sites.releases" - parameters: - - !ruby/object:Api::Type::String - name: site_id - description: | - Required. The ID of the site to which the release belongs. - input: true - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: channel_id - description: | - The ID of the channel to which the release belongs. If not provided, the release will - belong to the default "live" channel - input: true - url_param_only: true - default_value: 'live' - - !ruby/object:Api::Type::ResourceRef - name: version_name - resource: 'Version' - imports: 'name' - description: | - The unique identifier for a version, in the format: sites/SITE_ID/versions/VERSION_ID. - The content of the version specified will be actively displayed on the appropriate URL. - The Version must belong to the same site as in the `site_id`. - This parameter must be empty if the `type` of the release is `SITE_DISABLE`. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The unique identifier for the release, in either of the following formats: - sites/SITE_ID/releases/RELEASE_ID - sites/SITE_ID/channels/CHANNEL_ID/releases/RELEASE_ID - output: true - - !ruby/object:Api::Type::String - name: release_id - description: The unique identifier for the Release. - output: true - - !ruby/object:Api::Type::Enum - name: type - description: | - The type of the release; indicates what happened to the content of the site. There is no need to specify - `DEPLOY` or `ROLLBACK` type if a `version_name` is provided. - DEPLOY: A version was uploaded to Firebase Hosting and released. Output only. - ROLLBACK: The release points back to a previously deployed version. Output only. - SITE_DISABLE: The release prevents the site from serving content. Firebase Hosting acts as if the site never existed - values: - - :DEPLOY - - :ROLLBACK - - :SITE_DISABLE - - !ruby/object:Api::Type::String - name: message - description: | - The deploy description when the release was created. The value can be up to 512 characters. - - !ruby/object:Api::Resource - name: "Version" - min_version: beta - base_url: sites/{{site_id}}/versions - self_link: sites/{{site_id}}/versions/{{version_id}} - create_url: sites/{{site_id}}/versions - input: true # not updatable - description: | - A `Version` is a configuration which determine how a site is displayed. Static files are not supported at the moment. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Official Documentation": "https://firebase.google.com/docs/hosting" - api: "https://firebase.google.com/docs/reference/hosting/rest/v1beta1/sites.versions" - parameters: - - !ruby/object:Api::Type::String - name: site_id - description: | - Required. The ID of the site in which to create this Version. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The fully-qualified resource name for the version, in the format: - sites/SITE_ID/versions/VERSION_ID - output: true - - !ruby/object:Api::Type::String - name: version_id - description: The ID for the version as in sites/SITE_ID/versions/VERSION_ID - output: true - - !ruby/object:Api::Type::NestedObject - name: config - description: The configuration for the behavior of the site. This configuration exists in the `firebase.json` file. - properties: - - !ruby/object:Api::Type::Array - name: rewrites - description: | - An array of objects (called rewrite rules), where each rule specifies a URL pattern that, if matched to the - request URL path, triggers Hosting to respond as if the service were given the specified destination URL. - item_type: !ruby/object:Api::Type::NestedObject - description: | - A Rewrite specifies a URL pattern that, if matched to the request URL path, triggers Hosting to respond as - if the service were given the specified destination URL. - properties: - - !ruby/object:Api::Type::String - name: glob - description: The user-supplied glob to match against the request URL path. - exactly_one_of: - - glob - - regex - - !ruby/object:Api::Type::String - name: regex - description: The user-supplied RE2 regular expression to match against the request URL path. - exactly_one_of: - - glob - - regex - - !ruby/object:Api::Type::String - name: function - description: The function to proxy requests to. Must match the exported function name exactly. - exactly_one_of: - - function - - run - - !ruby/object:Api::Type::NestedObject - name: run - description: The request will be forwarded to Cloud Run. - exactly_one_of: - - function - - run - properties: - - !ruby/object:Api::Type::String - name: serviceId - description: User-defined ID of the Cloud Run service. - required: true - - !ruby/object:Api::Type::String - name: region - description: Optional. User-provided region where the Cloud Run service is hosted. Defaults to `us-central1` if not supplied. - - !ruby/object:Api::Type::Array - name: redirects - description: | - An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, - triggers Hosting to respond with a redirect to the specified destination path. - item_type: !ruby/object:Api::Type::NestedObject - description: | - A Redirect specifies a URL pattern that, if matched to the request URL path, triggers Hosting to - respond with a redirect to the specified destination path. - properties: - - !ruby/object:Api::Type::String - name: glob - description: The user-supplied glob to match against the request URL path. - exactly_one_of: - - glob - - regex - - !ruby/object:Api::Type::String - name: regex - description: The user-supplied RE2 regular expression to match against the request URL path. - exactly_one_of: - - glob - - regex - - !ruby/object:Api::Type::Integer - name: statusCode - required: true - description: The status HTTP code to return in the response. It must be a valid 3xx status code. - - !ruby/object:Api::Type::String - name: location - required: true - description: | - The value to put in the HTTP location header of the response. - The location can contain capture group values from the pattern using a : prefix to identify - the segment and an optional * to capture the rest of the URL. For example: - - ```hcl - redirects { - glob = "/:capture*" - status_code = 302 - location = "https://example.com/foo/:capture" - } - ``` diff --git a/mmv1/products/firebasehosting/product.yaml b/mmv1/products/firebasehosting/product.yaml new file mode 100644 index 000000000000..f1733f21b279 --- /dev/null +++ b/mmv1/products/firebasehosting/product.yaml @@ -0,0 +1,22 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: FirebaseHosting +display_name: Firebase Hosting +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://firebasehosting.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/firebasestorage/Bucket.yaml b/mmv1/products/firebasestorage/Bucket.yaml new file mode 100644 index 000000000000..5922070eeb14 --- /dev/null +++ b/mmv1/products/firebasestorage/Bucket.yaml @@ -0,0 +1,42 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Bucket" +min_version: beta +base_url: projects/{{project}}/buckets +self_link: projects/{{project}}/buckets/{{bucket_id}} +create_url: projects/{{project}}/buckets/{{bucket_id}}:addFirebase +delete_url: projects/{{project}}/buckets/{{bucket_id}}:removeFirebase +delete_verb: :POST +description: | + An association between a Firebase project and a Google Cloud Storage bucket. + This association enables integration of Cloud Storage buckets with Firebase such as Firebase SDKS, Authentication, and Security Rules. +immutable: true # Does not support update operation. There is nothing to update. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Official Documentation": "https://firebase.google.com/docs/storage/" + api: "https://firebase.google.com/docs/reference/rest/storage/rest/v1beta/projects.buckets" +parameters: + - !ruby/object:Api::Type::String + name: bucket_id + description: Required. Immutable. The ID of the underlying Google Cloud Storage bucket + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + pattern: projects/{{project}}/buckets/{{bucket_id}} + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID + output: true + diff --git a/mmv1/products/firebasestorage/api.yaml b/mmv1/products/firebasestorage/api.yaml deleted file mode 100644 index a27449b9c6f3..000000000000 --- a/mmv1/products/firebasestorage/api.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -!ruby/object:Api::Product -name: FirebaseStorage -display_name: Cloud Storage for Firebase -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://firebasestorage.googleapis.com/v1beta/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: "Bucket" - min_version: beta - base_url: projects/{{project}}/buckets - self_link: projects/{{project}}/buckets/{{bucket_id}} - create_url: projects/{{project}}/buckets/{{bucket_id}}:addFirebase - delete_url: projects/{{project}}/buckets/{{bucket_id}}:removeFirebase - delete_verb: :POST - description: | - An association between a Firebase project and a Google Cloud Storage bucket. - This association enables integration of Cloud Storage buckets with Firebase such as Firebase SDKS, Authentication, and Security Rules. - input: true # Does not support update operation. There is nothing to update. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Official Documentation": "https://firebase.google.com/docs/storage/" - api: "https://firebase.google.com/docs/reference/rest/storage/rest/v1beta/projects.buckets" - parameters: - - !ruby/object:Api::Type::String - name: bucket_id - description: Required. Immutable. The ID of the underlying Google Cloud Storage bucket - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - pattern: projects/{{project}}/buckets/{{bucket_id}} - description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID - output: true diff --git a/mmv1/products/firebasestorage/product.yaml b/mmv1/products/firebasestorage/product.yaml new file mode 100644 index 000000000000..de780dd2a3b8 --- /dev/null +++ b/mmv1/products/firebasestorage/product.yaml @@ -0,0 +1,23 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +!ruby/object:Api::Product +name: FirebaseStorage +display_name: Cloud Storage for Firebase +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://firebasestorage.googleapis.com/v1beta/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/firestore/Database.yaml b/mmv1/products/firestore/Database.yaml new file mode 100644 index 000000000000..773623aba6e1 --- /dev/null +++ b/mmv1/products/firestore/Database.yaml @@ -0,0 +1,108 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Database' +base_url: 'projects/{{project}}/databases' +create_url: 'projects/{{project}}/databases?databaseId={{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Cloud Firestore Database. Currently only one database is allowed per + cloud project; this database must have a `database_id` of '(default)'. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/firestore/docs/' + api: 'https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases' +async: !ruby/object:Api::OpAsync + actions: ['create','update'] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: | + Required. The ID to use for the database, which will become the final + component of the database's resource name. This value should be 4-63 + characters. Valid characters are /[a-z][0-9]-/ with first character + a letter and the last a letter or a number. Must not be + UUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/. + "(default)" database id is also valid. + immutable: true + - !ruby/object:Api::Type::String + name: locationId + required: true + description: | + The location of the database. Available databases are listed at + https://cloud.google.com/firestore/docs/locations. + immutable: true + - !ruby/object:Api::Type::Enum + name: type + required: true + description: | + The type of the database. + See https://cloud.google.com/datastore/docs/firestore-or-datastore + for information about how to choose. + values: + - :FIRESTORE_NATIVE + - :DATASTORE_MODE + - !ruby/object:Api::Type::Enum + name: concurrencyMode + description: | + The concurrency control mode to use for this database. + values: + - :OPTIMISTIC + - :PESSIMISTIC + - :OPTIMISTIC_WITH_ENTITY_GROUPS + - !ruby/object:Api::Type::Enum + name: appEngineIntegrationMode + description: | + The App Engine integration mode to use for this database. + values: + - :ENABLED + - :DISABLED + - !ruby/object:Api::Type::String + name: key_prefix + description: | + Output only. The keyPrefix for this database. + This keyPrefix is used, in combination with the project id ("~") to construct the application id + that is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes. + This value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo). + output: true + - !ruby/object:Api::Type::Fingerprint + name: etag + description: | + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an + up-to-date value before proceeding. + output: true + - !ruby/object:Api::Type::String + name: create_time + description: | + The timestamp at which this database was created. + output: true diff --git a/mmv1/products/firestore/Document.yaml b/mmv1/products/firestore/Document.yaml new file mode 100644 index 000000000000..2b0ad068ec19 --- /dev/null +++ b/mmv1/products/firestore/Document.yaml @@ -0,0 +1,72 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Document' +base_url: projects/{{project}}/databases/{{database}}/documents/{{collection}} +create_url: projects/{{project}}/databases/{{database}}/documents/{{collection}}?documentId={{document_id}} +update_verb: :PATCH +self_link: '{{name}}' +description: | + In Cloud Firestore, the unit of storage is the document. A document is a lightweight record + that contains fields, which map to values. Each document is identified by a name. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/firestore/docs/manage-data/add-data' + api: 'https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents' +parameters: + - !ruby/object:Api::Type::String + name: 'database' + default_value: '(default)' + description: | + The Firestore database id. Defaults to `"(default)"`. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'collection' + description: | + The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages. + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'documentId' + description: | + The client-assigned document ID to use for this document during creation. + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + A server defined name for this index. Format: + `projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}` + - !ruby/object:Api::Type::String + name: path + output: true + description: | + A relative path to the collection this document exists within + - !ruby/object:Api::Type::String + # This is a string instead of a NestedObject because fields can be deeply nested + name: fields + required: true + description: | + The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string. + - !ruby/object:Api::Type::Time + name: 'createTime' + description: 'Creation timestamp in RFC3339 format.' + output: true + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: 'Last update timestamp in RFC3339 format.' + output: true + diff --git a/mmv1/products/firestore/Index.yaml b/mmv1/products/firestore/Index.yaml new file mode 100644 index 000000000000..c90667960d31 --- /dev/null +++ b/mmv1/products/firestore/Index.yaml @@ -0,0 +1,101 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Index' +base_url: projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes +self_link: '{{name}}' +immutable: true +description: | + Cloud Firestore indexes enable simple and complex queries against documents in a database. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/firestore/docs/query-data/indexing' + api: 'https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.collectionGroups.indexes' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + A server defined name for this index. Format: + `projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}` + - !ruby/object:Api::Type::String + name: database + default_value: '(default)' + description: | + The Firestore database id. Defaults to `"(default)"`. + - !ruby/object:Api::Type::String + name: collection + required: true + description: | + The collection being indexed. + - !ruby/object:Api::Type::Enum + name: queryScope + description: | + The scope at which a query is run. + default_value: :COLLECTION + values: + - :COLLECTION + - :COLLECTION_GROUP + - !ruby/object:Api::Type::Array + name: fields + description: | + The fields supported by this index. The last field entry is always for + the field path `__name__`. If, on creation, `__name__` was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the `__name__` will be + ordered `"ASCENDING"` (unless explicitly specified otherwise). + required: true + # Single field indexes _exist_, but the API only lets us manage composite ones. + min_size: 2 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'fieldPath' + description: | + Name of the field. + - !ruby/object:Api::Type::Enum + name: 'order' + # TODO (mbang): Exactly one of order or arrayConfig must be set + description: | + Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of `order` and `arrayConfig` can be specified. + values: + - :ASCENDING + - :DESCENDING + - !ruby/object:Api::Type::Enum + name: 'arrayConfig' + # TODO (mbang): Exactly one of order or arrayConfig must be set + description: | + Indicates that this field supports operations on arrayValues. Only one of `order` and `arrayConfig` can + be specified. + values: + - :CONTAINS diff --git a/mmv1/products/firestore/api.yaml b/mmv1/products/firestore/api.yaml deleted file mode 100644 index a7e68b79d5c8..000000000000 --- a/mmv1/products/firestore/api.yaml +++ /dev/null @@ -1,270 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Firestore -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://firestore.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://firestore.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Google Cloud Firestore API - url: https://console.cloud.google.com/apis/library/firestore.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Database' - base_url: 'projects/{{project}}/databases' - create_url: 'projects/{{project}}/databases?databaseId={{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Cloud Firestore Database. Currently only one database is allowed per - cloud project; this database must have a `database_id` of '(default)'. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/firestore/docs/' - api: 'https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases' - async: !ruby/object:Api::OpAsync - actions: ['create','update'] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: | - Required. The ID to use for the database, which will become the final - component of the database's resource name. This value should be 4-63 - characters. Valid characters are /[a-z][0-9]-/ with first character - a letter and the last a letter or a number. Must not be - UUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/. - "(default)" database id is also valid. - input: true - - !ruby/object:Api::Type::String - name: locationId - required: true - description: | - The location of the database. Available databases are listed at - https://cloud.google.com/firestore/docs/locations. - input: true - - !ruby/object:Api::Type::Enum - name: type - required: true - description: | - The type of the database. - See https://cloud.google.com/datastore/docs/firestore-or-datastore - for information about how to choose. - values: - - :FIRESTORE_NATIVE - - :DATASTORE_MODE - - !ruby/object:Api::Type::Enum - name: concurrencyMode - description: | - The concurrency control mode to use for this database. - values: - - :OPTIMISTIC - - :PESSIMISTIC - - :OPTIMISTIC_WITH_ENTITY_GROUPS - - !ruby/object:Api::Type::Enum - name: appEngineIntegrationMode - description: | - The App Engine integration mode to use for this database. - values: - - :ENABLED - - :DISABLED - - !ruby/object:Api::Type::String - name: key_prefix - description: | - Output only. The keyPrefix for this database. - This keyPrefix is used, in combination with the project id ("~") to construct the application id - that is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes. - This value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo). - output: true - - !ruby/object:Api::Type::Fingerprint - name: etag - description: | - This checksum is computed by the server based on the value of other fields, - and may be sent on update and delete requests to ensure the client has an - up-to-date value before proceeding. - output: true - - !ruby/object:Api::Type::String - name: create_time - description: | - The timestamp at which this database was created. - output: true - - !ruby/object:Api::Resource - name: 'Index' - base_url: projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes - self_link: '{{name}}' - input: true - description: | - Cloud Firestore indexes enable simple and complex queries against documents in a database. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/firestore/docs/query-data/indexing' - api: 'https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.collectionGroups.indexes' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - A server defined name for this index. Format: - `projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}` - - !ruby/object:Api::Type::String - name: database - default_value: '(default)' - description: | - The Firestore database id. Defaults to `"(default)"`. - - !ruby/object:Api::Type::String - name: collection - required: true - description: | - The collection being indexed. - - !ruby/object:Api::Type::Enum - name: queryScope - description: | - The scope at which a query is run. - default_value: :COLLECTION - values: - - :COLLECTION - - :COLLECTION_GROUP - - !ruby/object:Api::Type::Array - name: fields - description: | - The fields supported by this index. The last field entry is always for - the field path `__name__`. If, on creation, `__name__` was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the `__name__` will be - ordered `"ASCENDING"` (unless explicitly specified otherwise). - required: true - # Single field indexes _exist_, but the API only lets us manage composite ones. - min_size: 2 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'fieldPath' - description: | - Name of the field. - - !ruby/object:Api::Type::Enum - name: 'order' - # TODO (mbang): Exactly one of order or arrayConfig must be set - description: | - Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of `order` and `arrayConfig` can be specified. - values: - - :ASCENDING - - :DESCENDING - - !ruby/object:Api::Type::Enum - name: 'arrayConfig' - # TODO (mbang): Exactly one of order or arrayConfig must be set - description: | - Indicates that this field supports operations on arrayValues. Only one of `order` and `arrayConfig` can - be specified. - values: - - :CONTAINS - - !ruby/object:Api::Resource - name: 'Document' - base_url: projects/{{project}}/databases/{{database}}/documents/{{collection}} - create_url: projects/{{project}}/databases/{{database}}/documents/{{collection}}?documentId={{document_id}} - update_verb: :PATCH - self_link: '{{name}}' - description: | - In Cloud Firestore, the unit of storage is the document. A document is a lightweight record - that contains fields, which map to values. Each document is identified by a name. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/firestore/docs/manage-data/add-data' - api: 'https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents' - parameters: - - !ruby/object:Api::Type::String - name: 'database' - default_value: '(default)' - description: | - The Firestore database id. Defaults to `"(default)"`. - url_param_only: true - - !ruby/object:Api::Type::String - name: 'collection' - description: | - The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages. - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'documentId' - description: | - The client-assigned document ID to use for this document during creation. - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - A server defined name for this index. Format: - `projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}` - - !ruby/object:Api::Type::String - name: path - output: true - description: | - A relative path to the collection this document exists within - - !ruby/object:Api::Type::String - # This is a string instead of a NestedObject because fields can be deeply nested - name: fields - required: true - description: | - The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string. - - !ruby/object:Api::Type::Time - name: 'createTime' - description: 'Creation timestamp in RFC3339 format.' - output: true - - !ruby/object:Api::Type::Time - name: 'updateTime' - description: 'Last update timestamp in RFC3339 format.' - output: true diff --git a/mmv1/products/firestore/product.yaml b/mmv1/products/firestore/product.yaml new file mode 100644 index 000000000000..1f5a68462689 --- /dev/null +++ b/mmv1/products/firestore/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Firestore +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://firestore.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://firestore.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Google Cloud Firestore API + url: https://console.cloud.google.com/apis/library/firestore.googleapis.com diff --git a/mmv1/products/gameservices/GameServerCluster.yaml b/mmv1/products/gameservices/GameServerCluster.yaml new file mode 100644 index 000000000000..0114a368bec3 --- /dev/null +++ b/mmv1/products/gameservices/GameServerCluster.yaml @@ -0,0 +1,117 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: GameServerCluster +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/game-servers/docs' + api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.realms.gameServerClusters' +update_verb: :PATCH +update_mask: true +base_url: projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters +create_url: projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters?gameServerClusterId={{cluster_id}} +self_link: projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters/{{cluster_id}} +description: A game server cluster resource. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: +- !ruby/object:Api::Type::String + immutable: true + name: clusterId + required: true + url_param_only: true + description: |- + Required. The resource name of the game server cluster +- !ruby/object:Api::Type::String + name: name + output: true + description: |- + The resource id of the game server cluster, eg: + + `projects/{project_id}/locations/{location}/realms/{realm_id}/gameServerClusters/{cluster_id}`. + For example, + + `projects/my-project/locations/{location}/realms/zanzibar/gameServerClusters/my-onprem-cluster`. +- !ruby/object:Api::Type::ResourceRef + name: realmId + url_param_only: true + resource: Realm + imports: name + required: true + description: |- + The realm id of the game server realm. +- !ruby/object:Api::Type::String + name: location + url_param_only: true + default_value: global + description: Location of the Cluster. +- !ruby/object:Api::Type::KeyValuePairs + name: labels + description: |- + The labels associated with this game server cluster. Each label is a + key-value pair. +- !ruby/object:Api::Type::NestedObject + name: connectionInfo + required: true + immutable: true + description: |- + Game server cluster connection information. This information is used to + manage game server clusters. + properties: + - !ruby/object:Api::Type::NestedObject + name: gkeClusterReference + required: true + immutable: true + description: Reference of the GKE cluster where the game servers are installed. + properties: + - !ruby/object:Api::Type::String + name: cluster + required: true + immutable: true + description: |- + The full or partial name of a GKE cluster, using one of the following + forms: + + * `projects/{project_id}/locations/{location}/clusters/{cluster_id}` + * `locations/{location}/clusters/{cluster_id}` + * `{cluster_id}` + + If project and location are not specified, the project and location of the + GameServerCluster resource are used to generate the full name of the + GKE cluster. + - !ruby/object:Api::Type::String + name: namespace + required: true + description: |- + Namespace designated on the game server cluster where the game server + instances will be created. The namespace existence will be validated + during creation. +- !ruby/object:Api::Type::String + name: description + description: Human readable description of the cluster. diff --git a/mmv1/products/gameservices/GameServerConfig.yaml b/mmv1/products/gameservices/GameServerConfig.yaml new file mode 100644 index 000000000000..cb2a728cf58d --- /dev/null +++ b/mmv1/products/gameservices/GameServerConfig.yaml @@ -0,0 +1,157 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: GameServerConfig +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/game-servers/docs' + api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.gameServerDeployments.configs' +create_url: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs?configId={{config_id}} +base_url: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs +self_link: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs/{{config_id}} +immutable: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +description: A game server config resource. Configs are global and immutable. +properties: +- !ruby/object:Api::Type::String + name: name + output: true + description: |- + The resource name of the game server config, in the form: + + `projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`. +- !ruby/object:Api::Type::String + name: configId + immutable: true + required: true + url_param_only: true + description: | + A unique id for the deployment config. +- !ruby/object:Api::Type::String + name: location + # The only acceptable location currently is 'global' + # TODO - either hard code or set as computed + url_param_only: true + default_value: global + description: Location of the Deployment. +- !ruby/object:Api::Type::ResourceRef + name: deploymentId + resource: 'GameServerDeployment' + imports: 'deploymentId' + immutable: true + required: true + url_param_only: true + description: | + A unique id for the deployment. +- !ruby/object:Api::Type::String + name: description + description: The description of the game server config. +- !ruby/object:Api::Type::KeyValuePairs + name: labels + description: |- + The labels associated with this game server config. Each label is a + key-value pair. +- !ruby/object:Api::Type::Array + name: fleetConfigs + required: true + description: |- + The fleet config contains list of fleet specs. In the Single Cloud, there + will be only one. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + required: true + name: fleetSpec + description: |- + The fleet spec, which is sent to Agones to configure fleet. This must be a valid json payload. + + The format of the spec can be found : + `https://agones.dev/site/docs/reference/fleet/`. + - !ruby/object:Api::Type::String + name: name + required: true + description: The name of the FleetConfig. +- !ruby/object:Api::Type::Array + name: scalingConfigs + description: Optional. This contains the autoscaling settings. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: The name of the ScalingConfig + - !ruby/object:Api::Type::String + required: true + name: fleetAutoscalerSpec + description: |- + Fleet autoscaler spec, which is sent to Agones. + Example spec can be found : + https://agones.dev/site/docs/reference/fleetautoscaler/ + - !ruby/object:Api::Type::Array + name: selectors + description: |- + Labels used to identify the clusters to which this scaling config + applies. A cluster is subject to this scaling config if its labels match + any of the selector entries. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: Set of labels to group by. + - !ruby/object:Api::Type::Array + name: schedules + description: The schedules to which this scaling config applies. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: startTime + description: |- + The start time of the event. + + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: endTime + description: |- + The end time of the event. + + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: cronJobDuration + description: |- + The duration for the cron job event. The duration of the event is effective + after the cron job's start time. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: cronSpec + description: |- + The cron definition of the scheduled event. See + https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as + defined by the realm. diff --git a/mmv1/products/gameservices/GameServerDeployment.yaml b/mmv1/products/gameservices/GameServerDeployment.yaml new file mode 100644 index 000000000000..4786b27401b3 --- /dev/null +++ b/mmv1/products/gameservices/GameServerDeployment.yaml @@ -0,0 +1,75 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: GameServerDeployment +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/game-servers/docs' + api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.gameServerDeployments' +base_url: projects/{{project}}/locations/{{location}}/gameServerDeployments +create_url: projects/{{project}}/locations/{{location}}/gameServerDeployments?deploymentId={{deployment_id}} +self_link: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}} +update_mask: true +update_verb: :PATCH +description: A game server deployment resource. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +properties: +- !ruby/object:Api::Type::String + name: name + output: true + description: |- + The resource id of the game server deployment, eg: + + `projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}`. + For example, + + `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`. +- !ruby/object:Api::Type::String + name: description + description: Human readable description of the game server deployment. +- !ruby/object:Api::Type::String + name: deploymentId + immutable: true + required: true + url_param_only: true + description: | + A unique id for the deployment. +- !ruby/object:Api::Type::String + name: location + # The only acceptable location currently is 'global' + # TODO - either hard code or set as computed + url_param_only: true + default_value: global + description: Location of the Deployment. +- !ruby/object:Api::Type::KeyValuePairs + name: labels + description: |- + The labels associated with this game server deployment. Each label is a + key-value pair. diff --git a/mmv1/products/gameservices/GameServerDeploymentRollout.yaml b/mmv1/products/gameservices/GameServerDeploymentRollout.yaml new file mode 100644 index 000000000000..1826a962e541 --- /dev/null +++ b/mmv1/products/gameservices/GameServerDeploymentRollout.yaml @@ -0,0 +1,93 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: GameServerDeploymentRollout +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/game-servers/docs' + api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/GameServerDeploymentRollout' +create_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout +base_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout +update_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout +# Deleting a rollout is synonymous with removing the default game server config +delete_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout?updateMask=defaultGameServerConfig +update_verb: :PATCH +delete_verb: :PATCH +update_mask: true +self_link: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +description: |- + This represents the rollout state. This is part of the game server + deployment. +properties: +- !ruby/object:Api::Type::String + name: name + output: true + description: |- + The resource id of the game server deployment + + eg: `projects/my-project/locations/global/gameServerDeployments/my-deployment/rollout`. +- !ruby/object:Api::Type::ResourceRef + name: deploymentId + resource: GameServerDeployment + url_param_only: true + required: true + imports: name + description: | + The deployment to rollout the new config to. Only 1 rollout must be associated with each deployment. +- !ruby/object:Api::Type::String + name: defaultGameServerConfig + required: true + description: |- + This field points to the game server config that is + applied by default to all realms and clusters. For example, + + `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`. +- !ruby/object:Api::Type::Array + name: gameServerConfigOverrides + description: |- + The game_server_config_overrides contains the per game server config + overrides. The overrides are processed in the order they are listed. As + soon as a match is found for a cluster, the rest of the list is not + processed. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: realmsSelector + description: Selection by realms. + properties: + - !ruby/object:Api::Type::Array + name: realms + description: List of realms to match against. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: configVersion + description: Version of the configuration. + diff --git a/mmv1/products/gameservices/Realm.yaml b/mmv1/products/gameservices/Realm.yaml new file mode 100644 index 000000000000..1807942b7f06 --- /dev/null +++ b/mmv1/products/gameservices/Realm.yaml @@ -0,0 +1,80 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Realm +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/game-servers/docs' + api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.realms' +create_url: projects/{{project}}/locations/{{location}}/realms?realmId={{realm_id}} +base_url: projects/{{project}}/locations/{{location}}/realms +self_link: projects/{{project}}/locations/{{location}}/realms/{{realm_id}} +update_verb: :PATCH +update_mask: true +description: A Realm resource. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +parameters: +- !ruby/object:Api::Type::String + name: location + url_param_only: true + default_value: global + description: Location of the Realm. +- !ruby/object:Api::Type::String + name: realmId + immutable: true + url_param_only: true + required: true + description: GCP region of the Realm. +properties: +- !ruby/object:Api::Type::String + name: name + output: true + description: |- + The resource id of the realm, of the form: + `projects/{project_id}/locations/{location}/realms/{realm_id}`. For + example, `projects/my-project/locations/{location}/realms/my-realm`. +- !ruby/object:Api::Type::KeyValuePairs + name: labels + description: The labels associated with this realm. Each label is a key-value + pair. +- !ruby/object:Api::Type::String + name: timeZone + required: true + description: |- + Required. Time zone where all realm-specific policies are evaluated. The value of + this field must be from the IANA time zone database: + https://www.iana.org/time-zones. +- !ruby/object:Api::Type::String + name: etag + output: true + description: ETag of the resource. +- !ruby/object:Api::Type::String + name: description + description: Human readable description of the realm. diff --git a/mmv1/products/gameservices/api.yaml b/mmv1/products/gameservices/api.yaml deleted file mode 100644 index e9df8ee43365..000000000000 --- a/mmv1/products/gameservices/api.yaml +++ /dev/null @@ -1,492 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: GameServices -display_name: Game Servers -scopes: -- https://www.googleapis.com/auth/compute -versions: -- !ruby/object:Api::Product::Version - name: ga - base_url: https://gameservices.googleapis.com/v1/ -- !ruby/object:Api::Product::Version - name: beta - base_url: https://gameservices.googleapis.com/v1beta/ - -objects: -### Realm ### -- !ruby/object:Api::Resource - name: Realm - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/game-servers/docs' - api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.realms' - create_url: projects/{{project}}/locations/{{location}}/realms?realmId={{realm_id}} - base_url: projects/{{project}}/locations/{{location}}/realms - self_link: projects/{{project}}/locations/{{location}}/realms/{{realm_id}} - update_verb: :PATCH - update_mask: true - description: A Realm resource. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: location - url_param_only: true - default_value: global - description: Location of the Realm. - - !ruby/object:Api::Type::String - name: realmId - input: true - url_param_only: true - required: true - description: GCP region of the Realm. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: |- - The resource id of the realm, of the form: - `projects/{project_id}/locations/{location}/realms/{realm_id}`. For - example, `projects/my-project/locations/{location}/realms/my-realm`. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: The labels associated with this realm. Each label is a key-value - pair. - - !ruby/object:Api::Type::String - name: timeZone - required: true - description: |- - Required. Time zone where all realm-specific policies are evaluated. The value of - this field must be from the IANA time zone database: - https://www.iana.org/time-zones. - - !ruby/object:Api::Type::String - name: etag - output: true - description: ETag of the resource. - - !ruby/object:Api::Type::String - name: description - description: Human readable description of the realm. - -### GameServerCluster ### -- !ruby/object:Api::Resource - name: GameServerCluster - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/game-servers/docs' - api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.realms.gameServerClusters' - update_verb: :PATCH - update_mask: true - base_url: projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters - create_url: projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters?gameServerClusterId={{cluster_id}} - self_link: projects/{{project}}/locations/{{location}}/realms/{{realm_id}}/gameServerClusters/{{cluster_id}} - description: A game server cluster resource. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - input: true - name: clusterId - required: true - url_param_only: true - description: |- - Required. The resource name of the game server cluster - - !ruby/object:Api::Type::String - name: name - output: true - description: |- - The resource id of the game server cluster, eg: - - `projects/{project_id}/locations/{location}/realms/{realm_id}/gameServerClusters/{cluster_id}`. - For example, - - `projects/my-project/locations/{location}/realms/zanzibar/gameServerClusters/my-onprem-cluster`. - - !ruby/object:Api::Type::ResourceRef - name: realmId - url_param_only: true - resource: Realm - imports: name - required: true - description: |- - The realm id of the game server realm. - - !ruby/object:Api::Type::String - name: location - url_param_only: true - default_value: global - description: Location of the Cluster. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: |- - The labels associated with this game server cluster. Each label is a - key-value pair. - - !ruby/object:Api::Type::NestedObject - name: connectionInfo - required: true - input: true - description: |- - Game server cluster connection information. This information is used to - manage game server clusters. - properties: - - !ruby/object:Api::Type::NestedObject - name: gkeClusterReference - required: true - input: true - description: Reference of the GKE cluster where the game servers are installed. - properties: - - !ruby/object:Api::Type::String - name: cluster - required: true - input: true - description: |- - The full or partial name of a GKE cluster, using one of the following - forms: - - * `projects/{project_id}/locations/{location}/clusters/{cluster_id}` - * `locations/{location}/clusters/{cluster_id}` - * `{cluster_id}` - - If project and location are not specified, the project and location of the - GameServerCluster resource are used to generate the full name of the - GKE cluster. - - !ruby/object:Api::Type::String - name: namespace - required: true - description: |- - Namespace designated on the game server cluster where the game server - instances will be created. The namespace existence will be validated - during creation. - - !ruby/object:Api::Type::String - name: description - description: Human readable description of the cluster. - -### GameServerDeployment ### -- !ruby/object:Api::Resource - name: GameServerDeployment - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/game-servers/docs' - api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.gameServerDeployments' - base_url: projects/{{project}}/locations/{{location}}/gameServerDeployments - create_url: projects/{{project}}/locations/{{location}}/gameServerDeployments?deploymentId={{deployment_id}} - self_link: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}} - update_mask: true - update_verb: :PATCH - description: A game server deployment resource. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: |- - The resource id of the game server deployment, eg: - - `projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}`. - For example, - - `projects/my-project/locations/{location}/gameServerDeployments/my-deployment`. - - !ruby/object:Api::Type::String - name: description - description: Human readable description of the game server deployment. - - !ruby/object:Api::Type::String - name: deploymentId - input: true - required: true - url_param_only: true - description: | - A unique id for the deployment. - - !ruby/object:Api::Type::String - name: location - # The only acceptable location currently is 'global' - # TODO - either hard code or set as computed - url_param_only: true - default_value: global - description: Location of the Deployment. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: |- - The labels associated with this game server deployment. Each label is a - key-value pair. - -### GameServerConfig ### -- !ruby/object:Api::Resource - name: GameServerConfig - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/game-servers/docs' - api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/projects.locations.gameServerDeployments.configs' - create_url: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs?configId={{config_id}} - base_url: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs - self_link: projects/{{project}}/locations/{{location}}/gameServerDeployments/{{deployment_id}}/configs/{{config_id}} - input: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - description: A game server config resource. Configs are global and immutable. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: |- - The resource name of the game server config, in the form: - - `projects/{project_id}/locations/{location}/gameServerDeployments/{deployment_id}/configs/{config_id}`. - - !ruby/object:Api::Type::String - name: configId - input: true - required: true - url_param_only: true - description: | - A unique id for the deployment config. - - !ruby/object:Api::Type::String - name: location - # The only acceptable location currently is 'global' - # TODO - either hard code or set as computed - url_param_only: true - default_value: global - description: Location of the Deployment. - - !ruby/object:Api::Type::ResourceRef - name: deploymentId - resource: 'GameServerDeployment' - imports: 'deploymentId' - input: true - required: true - url_param_only: true - description: | - A unique id for the deployment. - - !ruby/object:Api::Type::String - name: description - description: The description of the game server config. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: |- - The labels associated with this game server config. Each label is a - key-value pair. - - !ruby/object:Api::Type::Array - name: fleetConfigs - required: true - description: |- - The fleet config contains list of fleet specs. In the Single Cloud, there - will be only one. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - required: true - name: fleetSpec - description: |- - The fleet spec, which is sent to Agones to configure fleet. This must be a valid json payload. - - The format of the spec can be found : - `https://agones.dev/site/docs/reference/fleet/`. - - !ruby/object:Api::Type::String - name: name - required: true - description: The name of the FleetConfig. - - !ruby/object:Api::Type::Array - name: scalingConfigs - description: Optional. This contains the autoscaling settings. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: The name of the ScalingConfig - - !ruby/object:Api::Type::String - required: true - name: fleetAutoscalerSpec - description: |- - Fleet autoscaler spec, which is sent to Agones. - Example spec can be found : - https://agones.dev/site/docs/reference/fleetautoscaler/ - - !ruby/object:Api::Type::Array - name: selectors - description: |- - Labels used to identify the clusters to which this scaling config - applies. A cluster is subject to this scaling config if its labels match - any of the selector entries. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: Set of labels to group by. - - !ruby/object:Api::Type::Array - name: schedules - description: The schedules to which this scaling config applies. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: startTime - description: |- - The start time of the event. - - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: endTime - description: |- - The end time of the event. - - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: cronJobDuration - description: |- - The duration for the cron job event. The duration of the event is effective - after the cron job's start time. - - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::String - name: cronSpec - description: |- - The cron definition of the scheduled event. See - https://en.wikipedia.org/wiki/Cron. Cron spec specifies the local time as - defined by the realm. - -### GameServerDeploymentRollout ### -- !ruby/object:Api::Resource - name: GameServerDeploymentRollout - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/game-servers/docs' - api: 'https://cloud.google.com/game-servers/docs/reference/rest/v1beta/GameServerDeploymentRollout' - create_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout - base_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout - update_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout - # Deleting a rollout is synonymous with removing the default game server config - delete_url: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout?updateMask=defaultGameServerConfig - update_verb: :PATCH - delete_verb: :PATCH - update_mask: true - self_link: projects/{{project}}/locations/global/gameServerDeployments/{{deployment_id}}/rollout - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - description: |- - This represents the rollout state. This is part of the game server - deployment. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: |- - The resource id of the game server deployment - - eg: `projects/my-project/locations/global/gameServerDeployments/my-deployment/rollout`. - - !ruby/object:Api::Type::ResourceRef - name: deploymentId - resource: GameServerDeployment - url_param_only: true - required: true - imports: name - description: | - The deployment to rollout the new config to. Only 1 rollout must be associated with each deployment. - - !ruby/object:Api::Type::String - name: defaultGameServerConfig - required: true - description: |- - This field points to the game server config that is - applied by default to all realms and clusters. For example, - - `projects/my-project/locations/global/gameServerDeployments/my-game/configs/my-config`. - - !ruby/object:Api::Type::Array - name: gameServerConfigOverrides - description: |- - The game_server_config_overrides contains the per game server config - overrides. The overrides are processed in the order they are listed. As - soon as a match is found for a cluster, the rest of the list is not - processed. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: realmsSelector - description: Selection by realms. - properties: - - !ruby/object:Api::Type::Array - name: realms - description: List of realms to match against. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: configVersion - description: Version of the configuration. diff --git a/mmv1/products/gameservices/product.yaml b/mmv1/products/gameservices/product.yaml new file mode 100644 index 000000000000..d847049c5640 --- /dev/null +++ b/mmv1/products/gameservices/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: GameServices +display_name: Game Servers +scopes: +- https://www.googleapis.com/auth/compute +versions: +- !ruby/object:Api::Product::Version + name: ga + base_url: https://gameservices.googleapis.com/v1/ +- !ruby/object:Api::Product::Version + name: beta + base_url: https://gameservices.googleapis.com/v1beta/ diff --git a/mmv1/products/gameservices/terraform.yaml b/mmv1/products/gameservices/terraform.yaml index d7729189f4e9..6226ff0162a7 100644 --- a/mmv1/products/gameservices/terraform.yaml +++ b/mmv1/products/gameservices/terraform.yaml @@ -29,6 +29,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides - !ruby/object:Provider::Terraform::Examples name: "game_service_cluster_basic" primary_resource_id: "default" + # NO_TEST: Not worth setting up as it is complicated and game servers are being deprecated + skip_test: true vars: realm_id: "realm" test_vars_overrides: diff --git a/mmv1/products/gkebackup/BackupPlan.yaml b/mmv1/products/gkebackup/BackupPlan.yaml new file mode 100644 index 000000000000..690b8e964506 --- /dev/null +++ b/mmv1/products/gkebackup/BackupPlan.yaml @@ -0,0 +1,211 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BackupPlan' +base_url: "projects/{{project}}/locations/{{location}}/backupPlans" +create_url: projects/{{project}}/locations/{{location}}/backupPlans?backupPlanId={{name}} +update_verb: :PATCH +update_mask: true +description: | + Represents a Backup Plan instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke' + api: 'https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.backupPlans' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'name' + base_url: projects/{{project}}/locations/{{location}}/backupPlans/{{name}} + import_format: ["projects/{{project}}/locations/{{location}}/backupPlans/{{name}}", "{{name}}"] +parameters: + - !ruby/object:Api::Type::String + name: 'location' + url_param_only: true + required: true + immutable: true + description: | + The region of the Backup Plan. +properties: + - !ruby/object:Api::Type::String + name: name + required: true + immutable: true + description: | + The full name of the BackupPlan Resource. + - !ruby/object:Api::Type::String + name: uid + output: true + description: | + Server generated, unique identifier of UUID format. + - !ruby/object:Api::Type::String + name: description + description: | + User specified descriptive string for this BackupPlan. + - !ruby/object:Api::Type::String + name: 'cluster' + required: true + immutable: true + description: | + The source cluster from which Backups will be created via this BackupPlan. + - !ruby/object:Api::Type::NestedObject + name: retentionPolicy + description: RetentionPolicy governs lifecycle of Backups created under this plan. + properties: + - !ruby/object:Api::Type::Integer + name: backupDeleteLockDays + description: | + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + - !ruby/object:Api::Type::Integer + name: backupRetainDays + description: | + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.] + - !ruby/object:Api::Type::Boolean + name: locked + description: | + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: | + Description: A set of custom labels supplied by the user. + A list of key->value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::NestedObject + name: backupSchedule + description: Defines a schedule for automatic Backup creation via this BackupPlan. + properties: + - !ruby/object:Api::Type::String + name: cronSchedule + description: | + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + - !ruby/object:Api::Type::Boolean + name: paused + description: | + This flag denotes whether automatic Backup creation is paused for this BackupPlan. + - !ruby/object:Api::Type::String + name: etag + output: true + description: | + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. + - !ruby/object:Api::Type::Boolean + name: deactivated + description: | + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + - !ruby/object:Api::Type::NestedObject + name: backupConfig + description: | + Defines the configuration of Backups created via this BackupPlan. + properties: + - !ruby/object:Api::Type::Boolean + name: includeVolumeData + description: | + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + - !ruby/object:Api::Type::Boolean + name: includeSecrets + description: | + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + - !ruby/object:Api::Type::NestedObject + name: encryptionKey + description: | + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. + properties: + - !ruby/object:Api::Type::String + name: gcpKmsEncryptionKey + required: true + description: | + Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/* + - !ruby/object:Api::Type::Boolean + name: allNamespaces + description: | + If True, include all namespaced resources. + exactly_one_of: + - backupConfig.0.allNamespaces + - backupConfig.0.selectedNamespaces + - backupConfig.0.selectedApplications + - !ruby/object:Api::Type::NestedObject + name: selectedNamespaces + description: | + If set, include just the resources in the listed namespaces. + exactly_one_of: + - backupConfig.0.allNamespaces + - backupConfig.0.selectedNamespaces + - backupConfig.0.selectedApplications + properties: + - !ruby/object:Api::Type::Array + name: namespaces + required: true + description: | + A list of Kubernetes Namespaces. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: selectedApplications + description: | + A list of namespaced Kubernetes Resources. + exactly_one_of: + - backupConfig.0.allNamespaces + - backupConfig.0.selectedNamespaces + - backupConfig.0.selectedApplications + properties: + - !ruby/object:Api::Type::Array + name: namespacedNames + required: true + description: | + A list of namespaced Kubernetes resources. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: namespace + required: true + description: | + The namespace of a Kubernetes Resource. + - !ruby/object:Api::Type::String + name: name + required: true + description: | + The name of a Kubernetes Resource. + - !ruby/object:Api::Type::Integer + name: protectedPodCount + output: true + description: | + The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan. + diff --git a/mmv1/products/gkebackup/api.yaml b/mmv1/products/gkebackup/api.yaml deleted file mode 100644 index 75698a93e72f..000000000000 --- a/mmv1/products/gkebackup/api.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: GKEBackup -display_name: Backup for GKE -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://gkebackup.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://gkebackup.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Backup for GKE API - url: https://console.cloud.google.com/apis/library/gkebackup.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'BackupPlan' - base_url: "projects/{{project}}/locations/{{location}}/backupPlans" - create_url: projects/{{project}}/locations/{{location}}/backupPlans?backupPlanId={{name}} - update_verb: :PATCH - update_mask: true - description: | - Represents a Backup Plan instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke' - api: 'https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/projects.locations.backupPlans' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'name' - base_url: projects/{{project}}/locations/{{location}}/backupPlans/{{name}} - import_format: ["projects/{{project}}/locations/{{location}}/backupPlans/{{name}}", "{{name}}"] - parameters: - - !ruby/object:Api::Type::String - name: 'location' - url_param_only: true - required: true - input: true - description: | - The region of the Backup Plan. - properties: - - !ruby/object:Api::Type::String - name: name - required: true - input: true - description: | - The full name of the BackupPlan Resource. - - !ruby/object:Api::Type::String - name: uid - output: true - description: | - Server generated, unique identifier of UUID format. - - !ruby/object:Api::Type::String - name: description - description: | - User specified descriptive string for this BackupPlan. - - !ruby/object:Api::Type::String - name: 'cluster' - required: true - input: true - description: | - The source cluster from which Backups will be created via this BackupPlan. - - !ruby/object:Api::Type::NestedObject - name: retentionPolicy - description: RetentionPolicy governs lifecycle of Backups created under this plan. - properties: - - !ruby/object:Api::Type::Integer - name: backupDeleteLockDays - description: | - Minimum age for a Backup created via this BackupPlan (in days). - Must be an integer value between 0-90 (inclusive). - A Backup created under this BackupPlan will not be deletable - until it reaches Backup's (create time + backup_delete_lock_days). - Updating this field of a BackupPlan does not affect existing Backups. - Backups created after a successful update will inherit this new value. - - !ruby/object:Api::Type::Integer - name: backupRetainDays - description: | - The default maximum age of a Backup created via this BackupPlan. - This field MUST be an integer value >= 0 and <= 365. If specified, - a Backup created under this BackupPlan will be automatically deleted - after its age reaches (createTime + backupRetainDays). - If not specified, Backups created under this BackupPlan will NOT be - subject to automatic deletion. Updating this field does NOT affect - existing Backups under it. Backups created AFTER a successful update - will automatically pick up the new value. - NOTE: backupRetainDays must be >= backupDeleteLockDays. - If cronSchedule is defined, then this must be <= 360 * the creation interval.] - - !ruby/object:Api::Type::Boolean - name: locked - description: | - This flag denotes whether the retention policy of this BackupPlan is locked. - If set to True, no further update is allowed on this policy, including - the locked field itself. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: | - Description: A set of custom labels supplied by the user. - A list of key->value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::NestedObject - name: backupSchedule - description: Defines a schedule for automatic Backup creation via this BackupPlan. - properties: - - !ruby/object:Api::Type::String - name: cronSchedule - description: | - A standard cron string that defines a repeating schedule for - creating Backups via this BackupPlan. - If this is defined, then backupRetainDays must also be defined. - - !ruby/object:Api::Type::Boolean - name: paused - description: | - This flag denotes whether automatic Backup creation is paused for this BackupPlan. - - !ruby/object:Api::Type::String - name: etag - output: true - description: | - etag is used for optimistic concurrency control as a way to help prevent simultaneous - updates of a backup plan from overwriting each other. It is strongly suggested that - systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates - in order to avoid race conditions: An etag is returned in the response to backupPlans.get, - and systems are expected to put that etag in the request to backupPlans.patch or - backupPlans.delete to ensure that their change will be applied to the same version of the resource. - - !ruby/object:Api::Type::Boolean - name: deactivated - description: | - This flag indicates whether this BackupPlan has been deactivated. - Setting this field to True locks the BackupPlan such that no further updates will be allowed - (except deletes), including the deactivated field itself. It also prevents any new Backups - from being created via this BackupPlan (including scheduled Backups). - - !ruby/object:Api::Type::NestedObject - name: backupConfig - description: | - Defines the configuration of Backups created via this BackupPlan. - properties: - - !ruby/object:Api::Type::Boolean - name: includeVolumeData - description: | - This flag specifies whether volume data should be backed up when PVCs are - included in the scope of a Backup. - - !ruby/object:Api::Type::Boolean - name: includeSecrets - description: | - This flag specifies whether Kubernetes Secret resources should be included - when they fall into the scope of Backups. - - !ruby/object:Api::Type::NestedObject - name: encryptionKey - description: | - This defines a customer managed encryption key that will be used to encrypt the "config" - portion (the Kubernetes resources) of Backups created via this plan. - properties: - - !ruby/object:Api::Type::String - name: gcpKmsEncryptionKey - required: true - description: | - Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/* - - !ruby/object:Api::Type::Boolean - name: allNamespaces - description: | - If True, include all namespaced resources. - exactly_one_of: - - backupConfig.0.allNamespaces - - backupConfig.0.selectedNamespaces - - backupConfig.0.selectedApplications - - !ruby/object:Api::Type::NestedObject - name: selectedNamespaces - description: | - If set, include just the resources in the listed namespaces. - exactly_one_of: - - backupConfig.0.allNamespaces - - backupConfig.0.selectedNamespaces - - backupConfig.0.selectedApplications - properties: - - !ruby/object:Api::Type::Array - name: namespaces - required: true - description: | - A list of Kubernetes Namespaces. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: selectedApplications - description: | - A list of namespaced Kubernetes Resources. - exactly_one_of: - - backupConfig.0.allNamespaces - - backupConfig.0.selectedNamespaces - - backupConfig.0.selectedApplications - properties: - - !ruby/object:Api::Type::Array - name: namespacedNames - required: true - description: | - A list of namespaced Kubernetes resources. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: namespace - required: true - description: | - The namespace of a Kubernetes Resource. - - !ruby/object:Api::Type::String - name: name - required: true - description: | - The name of a Kubernetes Resource. - - !ruby/object:Api::Type::Integer - name: protectedPodCount - output: true - description: | - The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan. - \ No newline at end of file diff --git a/mmv1/products/gkebackup/product.yaml b/mmv1/products/gkebackup/product.yaml new file mode 100644 index 000000000000..243ef5390b52 --- /dev/null +++ b/mmv1/products/gkebackup/product.yaml @@ -0,0 +1,46 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: GKEBackup +display_name: Backup for GKE +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://gkebackup.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://gkebackup.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Backup for GKE API + url: https://console.cloud.google.com/apis/library/gkebackup.googleapis.com diff --git a/mmv1/products/gkehub/Membership.yaml b/mmv1/products/gkehub/Membership.yaml new file mode 100644 index 000000000000..96570ad9512a --- /dev/null +++ b/mmv1/products/gkehub/Membership.yaml @@ -0,0 +1,111 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Membership' +base_url: "projects/{{project}}/locations/global/memberships" +create_url: "projects/{{project}}/locations/global/memberships?membershipId={{membership_id}}" +update_url: "projects/{{project}}/locations/global/memberships/{{membership_id}}" +self_link: "projects/{{project}}/locations/global/memberships/{{membership_id}}" +update_verb: :PATCH +update_mask: true +description: | + Membership contains information about a member cluster. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Registering a Cluster': + 'https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster' + api: 'https://cloud.google.com/anthos/multicluster-management/reference/rest/v1/projects.locations.memberships' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'gkehub#operation' + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: 'true' + allowed: + - 'true' + - 'false' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' +iam_policy: !ruby/object:Api::Resource::IamPolicy + parent_resource_attribute: membership_id + exclude: false + method_name_separator: ':' + import_format: ["projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}", "{{membership_id}}"] +properties: + - !ruby/object:Api::Type::String + name: 'membershipId' + description: | + The client-provided identifier of the membership. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the membership. + - !ruby/object:Api::Type::String + name: 'description' + deprecation_message: This field is unavailable in the GA provider and will be removed from the beta provider in a future release. + min_version: beta + description: | + The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this membership. + - !ruby/object:Api::Type::NestedObject + name: 'endpoint' + immutable: true + description: | + If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'gkeCluster' + immutable: true + description: | + If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. + properties: + - !ruby/object:Api::Type::String + name: 'resourceLink' + description: | + Self-link of the GCP resource for the GKE cluster. + For example: `//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster`. + It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, + this can be `"//container.googleapis.com/${google_container_cluster.my-cluster.id}"` or + `google_container_cluster.my-cluster.id`. + immutable: true + required: true + - !ruby/object:Api::Type::NestedObject + name: 'authority' + description: | + Authority encodes how Google will recognize identities from this Membership. + See the workload identity documentation for more details: + https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity + properties: + - !ruby/object:Api::Type::String + name: 'issuer' + immutable: true + required: true + description: | + A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and // be a valid + with length <2000 characters. For example: `https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster` (must be `locations` rather than `zones`). If the cluster is provisioned with Terraform, this is `"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}"`. + diff --git a/mmv1/products/gkehub/api.yaml b/mmv1/products/gkehub/api.yaml deleted file mode 100644 index 1c3811a12c02..000000000000 --- a/mmv1/products/gkehub/api.yaml +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: GKEHub -display_name: GKEHub -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://gkehub.googleapis.com/v1beta1/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://gkehub.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: GKEHub API - url: https://console.cloud.google.com/apis/library/gkehub.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Membership' - base_url: "projects/{{project}}/locations/global/memberships" - create_url: "projects/{{project}}/locations/global/memberships?membershipId={{membership_id}}" - update_url: "projects/{{project}}/locations/global/memberships/{{membership_id}}" - self_link: "projects/{{project}}/locations/global/memberships/{{membership_id}}" - update_verb: :PATCH - update_mask: true - description: | - Membership contains information about a member cluster. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Registering a Cluster': - 'https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster' - api: 'https://cloud.google.com/anthos/multicluster-management/reference/rest/v1/projects.locations.memberships' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'gkehub#operation' - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: 'true' - allowed: - - 'true' - - 'false' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' - iam_policy: !ruby/object:Api::Resource::IamPolicy - parent_resource_attribute: membership_id - exclude: false - method_name_separator: ':' - import_format: ["projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}", "{{membership_id}}"] - properties: - - !ruby/object:Api::Type::String - name: 'membershipId' - description: | - The client-provided identifier of the membership. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The unique identifier of the membership. - - !ruby/object:Api::Type::String - name: 'description' - deprecation_message: This field is unavailable in the GA provider and will be removed from the beta provider in a future release. - min_version: beta - description: | - The name of this entity type to be displayed on the console. This field is unavailable in v1 of the API. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this membership. - - !ruby/object:Api::Type::NestedObject - name: 'endpoint' - input: true - description: | - If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'gkeCluster' - input: true - description: | - If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. - properties: - - !ruby/object:Api::Type::String - name: 'resourceLink' - description: | - Self-link of the GCP resource for the GKE cluster. - For example: `//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster`. - It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, - this can be `"//container.googleapis.com/${google_container_cluster.my-cluster.id}"` or - `google_container_cluster.my-cluster.id`. - input: true - required: true - - !ruby/object:Api::Type::NestedObject - name: 'authority' - description: | - Authority encodes how Google will recognize identities from this Membership. - See the workload identity documentation for more details: - https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity - properties: - - !ruby/object:Api::Type::String - name: 'issuer' - input: true - required: true - description: | - A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and // be a valid - with length <2000 characters. For example: `https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster` (must be `locations` rather than `zones`). If the cluster is provisioned with Terraform, this is `"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}"`. diff --git a/mmv1/products/gkehub/product.yaml b/mmv1/products/gkehub/product.yaml new file mode 100644 index 000000000000..ee2137d5a6c4 --- /dev/null +++ b/mmv1/products/gkehub/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: GKEHub +display_name: GKEHub +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://gkehub.googleapis.com/v1beta1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://gkehub.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: GKEHub API + url: https://console.cloud.google.com/apis/library/gkehub.googleapis.com diff --git a/mmv1/products/healthcare/ConsentStore.yaml b/mmv1/products/healthcare/ConsentStore.yaml new file mode 100644 index 000000000000..1002381561ab --- /dev/null +++ b/mmv1/products/healthcare/ConsentStore.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ConsentStore' +kind: "healthcare#consentStore" +base_url: "{{dataset}}/consentStores?consentStoreId={{name}}" +self_link: "{{dataset}}/consentStores/{{name}}" +update_verb: :PATCH +update_mask: true +description: | + The Consent Management API is a tool for tracking user consents and the documentation associated with the consents. +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :GET + parent_resource_attribute: 'consent_store_id' + import_format: ["{{%dataset}}/consentStores/{{name}}", "{{name}}"] + base_url: "{{%dataset}}/consentStores/{{name}}" + self_link: "{{%dataset}}/consentStores/{{name}}" +parameters: + - !ruby/object:Api::Type::ResourceRef + name: "dataset" + description: | + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + required: true + immutable: true + resource: 'Dataset' + imports: 'selfLink' + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of this ConsentStore, for example: + "consent1" + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'defaultConsentTtl' + required: false + description: | + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::Boolean + name: 'enableConsentCreateOnUpdate' + required: false + description: | + If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist. + - !ruby/object:Api::Type::KeyValuePairs + name: labels + required: false + description: | + User-supplied key-value pairs used to organize Consent stores. + + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must + conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}` + + Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 + bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` + + No more than 64 labels can be associated with a given store. + + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a Consent store': + 'https://cloud.google.com/healthcare/docs/how-tos/consent' + api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.consentStores' + diff --git a/mmv1/products/healthcare/Dataset.yaml b/mmv1/products/healthcare/Dataset.yaml new file mode 100644 index 000000000000..8e7926ba872b --- /dev/null +++ b/mmv1/products/healthcare/Dataset.yaml @@ -0,0 +1,61 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Dataset' +kind: "healthcare#dataset" +base_url: 'projects/{{project}}/locations/{{location}}/datasets?datasetId={{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/datasets/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Healthcare `Dataset` is a toplevel logical grouping of `dicomStores`, `fhirStores` and `hl7V2Stores`. +parameters: + - !ruby/object:Api::Type::String + name: 'location' + description: | + The location for the Dataset. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the Dataset. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: "timeZone" + description: | + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + required: false + - !ruby/object:Api::Type::Time + name: 'creationTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + required: false + output: true + - !ruby/object:Api::Type::String + name: 'selfLink' + description: | + The fully qualified name of this dataset + output: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a dataset': + 'https://cloud.google.com/healthcare/docs/how-tos/datasets' + api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets' diff --git a/mmv1/products/healthcare/DicomStore.yaml b/mmv1/products/healthcare/DicomStore.yaml new file mode 100644 index 000000000000..99bdc1a7a6e1 --- /dev/null +++ b/mmv1/products/healthcare/DicomStore.yaml @@ -0,0 +1,112 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DicomStore' +kind: "healthcare#dicomStore" +base_url: '{{dataset}}/dicomStores?dicomStoreId={{name}}' +self_link: '{{dataset}}/dicomStores/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A DicomStore is a datastore inside a Healthcare dataset that conforms to the DICOM + (https://www.dicomstandard.org/about/) standard for Healthcare information exchange +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'dataset' + description: | + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + required: true + immutable: true + resource: 'Dataset' + imports: 'selfLink' + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the DicomStore. + + ** Changing this property may recreate the Dicom store (removing all data) ** + required: true + immutable: true + - !ruby/object:Api::Type::KeyValuePairs + name: labels + required: false + description: | + User-supplied key-value pairs used to organize DICOM stores. + + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must + conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} + + Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 + bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} + + No more than 64 labels can be associated with a given store. + + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + - !ruby/object:Api::Type::NestedObject + name: notificationConfig + required: false + properties: + - !ruby/object:Api::Type::String + name: pubsubTopic + description: | + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + required: true + + - !ruby/object:Api::Type::Time + name: 'creationTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'selfLink' + description: | + The fully qualified name of this dataset + output: true + - !ruby/object:Api::Type::Array + name: streamConfigs + required: false + min_version: beta + description: | + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: bigqueryDestination + required: true + description: | + BigQueryDestination to include a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. + properties: + - !ruby/object:Api::Type::String + name: tableUri + required: true + description: | + a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. + +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a DICOM store': + 'https://cloud.google.com/healthcare/docs/how-tos/dicom' + api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.dicomStores' diff --git a/mmv1/products/healthcare/FhirStore.yaml b/mmv1/products/healthcare/FhirStore.yaml new file mode 100644 index 000000000000..20a5bb4d354f --- /dev/null +++ b/mmv1/products/healthcare/FhirStore.yaml @@ -0,0 +1,247 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'FhirStore' +kind: "healthcare#fhirStore" +base_url: '{{dataset}}/fhirStores?fhirStoreId={{name}}' +self_link: '{{dataset}}/fhirStores/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A FhirStore is a datastore inside a Healthcare dataset that conforms to the FHIR (https://www.hl7.org/fhir/STU3/) + standard for Healthcare information exchange +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'dataset' + description: | + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + required: true + immutable: true + resource: 'Dataset' + imports: 'selfLink' + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the FhirStore. + + ** Changing this property may recreate the FHIR store (removing all data) ** + required: true + immutable: true + # Version is duplicated because it is optional in beta but required in GA. + - !ruby/object:Api::Type::Enum + name: version + description: | + The FHIR specification version. + exact_version: beta + required: false + immutable: true + default_value: :STU3 + values: + - :DSTU2 + - :STU3 + - :R4 + - !ruby/object:Api::Type::Enum + name: version + description: | + The FHIR specification version. + exact_version: ga + required: true + immutable: true + values: + - :DSTU2 + - :STU3 + - :R4 + - !ruby/object:Api::Type::Boolean + name: 'enableUpdateCreate' + description: | + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + required: false + - !ruby/object:Api::Type::Boolean + name: 'disableReferentialIntegrity' + description: | + Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) ** + required: false + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'disableResourceVersioning' + description: | + Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) ** + required: false + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'enableHistoryImport' + description: | + Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store ** + required: false + immutable: true + - !ruby/object:Api::Type::KeyValuePairs + name: labels + required: false + description: | + User-supplied key-value pairs used to organize FHIR stores. + + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must + conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} + + Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 + bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} + + No more than 64 labels can be associated with a given store. + + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + - !ruby/object:Api::Type::NestedObject + name: notificationConfig + required: false + properties: + - !ruby/object:Api::Type::String + name: pubsubTopic + description: | + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + required: true + + - !ruby/object:Api::Type::Time + name: 'creationTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'selfLink' + description: | + The fully qualified name of this dataset + output: true + - !ruby/object:Api::Type::Array + name: streamConfigs + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'resourceTypes' + description: | + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: bigqueryDestination + required: true + description: | + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. + properties: + - !ruby/object:Api::Type::String + name: datasetUri + required: true + description: | + BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId + - !ruby/object:Api::Type::NestedObject + name: schemaConfig + required: true + description: | + The configuration for the exported BigQuery schema. + properties: + - !ruby/object:Api::Type::Enum + name: schemaType + description: | + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. + default_value: :ANALYTICS + values: + - :ANALYTICS + - :ANALYTICS_V2 + - :LOSSLESS + - !ruby/object:Api::Type::Integer + name: recursiveStructureDepth + required: true + description: | + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + - !ruby/object:Api::Type::Array + name: notificationConfigs + description: |- + A list of notifcation configs that configure the notification for every resource mutation in this FHIR store. + min_version: beta + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: pubsubTopic + required: true + description: | + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + - !ruby/object:Api::Type::Boolean + name: sendFullResource + description: | + Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. + Note that setting this to true does not guarantee that all resources will be sent in the format of + full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be + sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether + it needs to fetch the full resource as a separate operation. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a FHIR store': + 'https://cloud.google.com/healthcare/docs/how-tos/fhir' + api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.fhirStores' diff --git a/mmv1/products/healthcare/Hl7V2Store.yaml b/mmv1/products/healthcare/Hl7V2Store.yaml new file mode 100644 index 000000000000..38a41068e46c --- /dev/null +++ b/mmv1/products/healthcare/Hl7V2Store.yaml @@ -0,0 +1,184 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Hl7V2Store' +kind: "healthcare#hl7V2Store" +base_url: '{{dataset}}/hl7V2Stores?hl7V2StoreId={{name}}' +self_link: '{{dataset}}/hl7V2Stores/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Hl7V2Store is a datastore inside a Healthcare dataset that conforms to the FHIR (https://www.hl7.org/hl7V2/STU3/) + standard for Healthcare information exchange +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'dataset' + description: | + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + required: true + immutable: true + resource: 'Dataset' + imports: 'selfLink' + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the Hl7V2Store. + + ** Changing this property may recreate the Hl7v2 store (removing all data) ** + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: parserConfig + required: false + properties: + - !ruby/object:Api::Type::Boolean + name: allowNullHeader + at_least_one_of: + - parser_config.0.allow_null_header + - parser_config.0.segment_terminator + - parser_config.0.schema + description: | + Determines whether messages with no header are allowed. + - !ruby/object:Api::Type::String + name: segmentTerminator + at_least_one_of: + - parser_config.0.allow_null_header + - parser_config.0.segment_terminator + - parser_config.0.schema + description: | + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + - !ruby/object:Api::Type::String + name: schema + at_least_one_of: + - parser_config.0.allow_null_header + - parser_config.0.segment_terminator + - parser_config.0.schema + - parser_config.0.version + description: | + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + - !ruby/object:Api::Type::Enum + name: version + description: | + The version of the unschematized parser to be used when a custom `schema` is not set. + immutable: true + default_value: :V1 + values: + - :V1 + - :V2 + - :V3 + - !ruby/object:Api::Type::KeyValuePairs + name: labels + required: false + description: | + User-supplied key-value pairs used to organize HL7v2 stores. + + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must + conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} + + Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 + bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} + + No more than 64 labels can be associated with a given store. + + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::Array + name: notificationConfigs + description: |- + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: pubsubTopic + description: | + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver + required: true + - !ruby/object:Api::Type::String + name: filter + description: | + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + - !ruby/object:Api::Type::NestedObject + name: notificationConfig + removed_message: This field has been replaced by notificationConfigs + exact_version: ga + required: false + properties: + - !ruby/object:Api::Type::String + name: pubsubTopic + description: | + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + required: true + - !ruby/object:Api::Type::NestedObject + name: notificationConfig + # This field is duplicated because beta and ga have different behaviors. + deprecation_message: This field has been replaced by notificationConfigs + exact_version: beta + required: false + properties: + - !ruby/object:Api::Type::String + name: pubsubTopic + description: | + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + required: true + - !ruby/object:Api::Type::Time + name: 'creationTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'selfLink' + description: | + The fully qualified name of this dataset + output: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a HL7v2 Store': + 'https://cloud.google.com/healthcare/docs/how-tos/hl7v2' + api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.hl7V2Stores' diff --git a/mmv1/products/healthcare/api.yaml b/mmv1/products/healthcare/api.yaml deleted file mode 100644 index 7de832409f28..000000000000 --- a/mmv1/products/healthcare/api.yaml +++ /dev/null @@ -1,652 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Healthcare -display_name: Cloud Healthcare -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://healthcare.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://healthcare.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Healthcare API - url: https://console.cloud.google.com/apis/library/healthcare.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Dataset' - kind: "healthcare#dataset" - base_url: 'projects/{{project}}/locations/{{location}}/datasets?datasetId={{name}}' - self_link: 'projects/{{project}}/locations/{{location}}/datasets/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Healthcare `Dataset` is a toplevel logical grouping of `dicomStores`, `fhirStores` and `hl7V2Stores`. - parameters: - - !ruby/object:Api::Type::String - name: 'location' - description: | - The location for the Dataset. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the Dataset. - required: true - input: true - - !ruby/object:Api::Type::String - name: "timeZone" - description: | - The default timezone used by this dataset. Must be a either a valid IANA time zone name such as - "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources - (e.g., HL7 messages) where no explicit timezone is specified. - required: false - - !ruby/object:Api::Type::Time - name: 'creationTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - required: false - output: true - - !ruby/object:Api::Type::String - name: 'selfLink' - description: | - The fully qualified name of this dataset - output: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a dataset': - 'https://cloud.google.com/healthcare/docs/how-tos/datasets' - api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets' - - !ruby/object:Api::Resource - name: 'DicomStore' - kind: "healthcare#dicomStore" - base_url: '{{dataset}}/dicomStores?dicomStoreId={{name}}' - self_link: '{{dataset}}/dicomStores/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A DicomStore is a datastore inside a Healthcare dataset that conforms to the DICOM - (https://www.dicomstandard.org/about/) standard for Healthcare information exchange - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'dataset' - description: | - Identifies the dataset addressed by this request. Must be in the format - 'projects/{project}/locations/{location}/datasets/{dataset}' - required: true - input: true - resource: 'Dataset' - imports: 'selfLink' - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the DicomStore. - - ** Changing this property may recreate the Dicom store (removing all data) ** - required: true - input: true - - !ruby/object:Api::Type::KeyValuePairs - name: labels - required: false - description: | - User-supplied key-value pairs used to organize DICOM stores. - - Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must - conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} - - Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 - bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} - - No more than 64 labels can be associated with a given store. - - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - - !ruby/object:Api::Type::NestedObject - name: notificationConfig - required: false - properties: - - !ruby/object:Api::Type::String - name: pubsubTopic - description: | - The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. - PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. - It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message - was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a - project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given - Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. - required: true - - - !ruby/object:Api::Type::Time - name: 'creationTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'selfLink' - description: | - The fully qualified name of this dataset - output: true - - !ruby/object:Api::Type::Array - name: streamConfigs - required: false - min_version: beta - description: | - To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. - streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: bigqueryDestination - required: true - description: | - BigQueryDestination to include a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. - properties: - - !ruby/object:Api::Type::String - name: tableUri - required: true - description: | - a fully qualified BigQuery table URI where DICOM instance metadata will be streamed. - - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a DICOM store': - 'https://cloud.google.com/healthcare/docs/how-tos/dicom' - api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.dicomStores' - - !ruby/object:Api::Resource - name: 'FhirStore' - kind: "healthcare#fhirStore" - base_url: '{{dataset}}/fhirStores?fhirStoreId={{name}}' - self_link: '{{dataset}}/fhirStores/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A FhirStore is a datastore inside a Healthcare dataset that conforms to the FHIR (https://www.hl7.org/fhir/STU3/) - standard for Healthcare information exchange - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'dataset' - description: | - Identifies the dataset addressed by this request. Must be in the format - 'projects/{project}/locations/{location}/datasets/{dataset}' - required: true - input: true - resource: 'Dataset' - imports: 'selfLink' - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the FhirStore. - - ** Changing this property may recreate the FHIR store (removing all data) ** - required: true - input: true - # Version is duplicated because it is optional in beta but required in GA. - - !ruby/object:Api::Type::Enum - name: version - description: | - The FHIR specification version. - exact_version: beta - required: false - input: true - default_value: :STU3 - values: - - :DSTU2 - - :STU3 - - :R4 - - !ruby/object:Api::Type::Enum - name: version - description: | - The FHIR specification version. - exact_version: ga - required: true - input: true - values: - - :DSTU2 - - :STU3 - - :R4 - - !ruby/object:Api::Type::Boolean - name: 'enableUpdateCreate' - description: | - Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update - operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through - the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit - logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient - identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub - notifications. - required: false - - !ruby/object:Api::Type::Boolean - name: 'disableReferentialIntegrity' - description: | - Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store - creation. The default value is false, meaning that the API will enforce referential integrity and fail the - requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API - will skip referential integrity check. Consequently, operations that rely on references, such as - Patient.get$everything, will not return all the results if broken references exist. - - ** Changing this property may recreate the FHIR store (removing all data) ** - required: false - input: true - - !ruby/object:Api::Type::Boolean - name: 'disableResourceVersioning' - description: | - Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation - of FHIR store. If set to false, which is the default behavior, all write operations will cause historical - versions to be recorded automatically. The historical versions can be fetched through the history APIs, but - cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for - attempts to read the historical versions. - - ** Changing this property may recreate the FHIR store (removing all data) ** - required: false - input: true - - !ruby/object:Api::Type::Boolean - name: 'enableHistoryImport' - description: | - Whether to allow the bulk import API to accept history bundles and directly insert historical resource - versions into the FHIR store. Importing resource histories creates resource interactions that appear to have - occurred in the past, which clients may not want to allow. If set to false, history bundles within an import - will fail with an error. - - ** Changing this property may recreate the FHIR store (removing all data) ** - - ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store ** - required: false - input: true - - !ruby/object:Api::Type::KeyValuePairs - name: labels - required: false - description: | - User-supplied key-value pairs used to organize FHIR stores. - - Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must - conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} - - Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 - bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} - - No more than 64 labels can be associated with a given store. - - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - - !ruby/object:Api::Type::NestedObject - name: notificationConfig - required: false - properties: - - !ruby/object:Api::Type::String - name: pubsubTopic - description: | - The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. - PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. - It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message - was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a - project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given - Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. - required: true - - - !ruby/object:Api::Type::Time - name: 'creationTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'selfLink' - description: | - The fully qualified name of this dataset - output: true - - !ruby/object:Api::Type::Array - name: streamConfigs - description: |- - A list of streaming configs that configure the destinations of streaming export for every resource mutation in - this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next - resource mutation is streamed to the new location in addition to the existing ones. When a location is removed - from the list, the server stops streaming to that location. Before adding a new config, you must add the required - bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on - the order of dozens of seconds) is expected before the results show up in the streaming destination. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'resourceTypes' - description: | - Supply a FHIR resource type (such as "Patient" or "Observation"). See - https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats - an empty list as an intent to stream all the supported resource types in this FHIR store. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: bigqueryDestination - required: true - description: | - The destination BigQuery structure that contains both the dataset location and corresponding schema config. - The output is organized in one table per resource type. The server reuses the existing tables (if any) that - are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given - resource type, the server attempts to create one. - See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. - properties: - - !ruby/object:Api::Type::String - name: datasetUri - required: true - description: | - BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId - - !ruby/object:Api::Type::NestedObject - name: schemaConfig - required: true - description: | - The configuration for the exported BigQuery schema. - properties: - - !ruby/object:Api::Type::Enum - name: schemaType - description: | - Specifies the output schema type. - * ANALYTICS: Analytics schema defined by the FHIR community. - See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. - * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. - * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. - default_value: :ANALYTICS - values: - - :ANALYTICS - - :ANALYTICS_V2 - - :LOSSLESS - - !ruby/object:Api::Type::Integer - name: recursiveStructureDepth - required: true - description: | - The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem - resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called - concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default - value 2. The maximum depth allowed is 5. - - !ruby/object:Api::Type::Array - name: notificationConfigs - description: |- - A list of notifcation configs that configure the notification for every resource mutation in this FHIR store. - min_version: beta - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: pubsubTopic - required: true - description: | - The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. - PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. - It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message - was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a - project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given - Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. - - !ruby/object:Api::Type::Boolean - name: sendFullResource - description: | - Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. - Note that setting this to true does not guarantee that all resources will be sent in the format of - full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be - sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether - it needs to fetch the full resource as a separate operation. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a FHIR store': - 'https://cloud.google.com/healthcare/docs/how-tos/fhir' - api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.fhirStores' - - !ruby/object:Api::Resource - name: 'Hl7V2Store' - kind: "healthcare#hl7V2Store" - base_url: '{{dataset}}/hl7V2Stores?hl7V2StoreId={{name}}' - self_link: '{{dataset}}/hl7V2Stores/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Hl7V2Store is a datastore inside a Healthcare dataset that conforms to the FHIR (https://www.hl7.org/hl7V2/STU3/) - standard for Healthcare information exchange - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'dataset' - description: | - Identifies the dataset addressed by this request. Must be in the format - 'projects/{project}/locations/{location}/datasets/{dataset}' - required: true - input: true - resource: 'Dataset' - imports: 'selfLink' - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the Hl7V2Store. - - ** Changing this property may recreate the Hl7v2 store (removing all data) ** - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: parserConfig - required: false - properties: - - !ruby/object:Api::Type::Boolean - name: allowNullHeader - at_least_one_of: - - parser_config.0.allow_null_header - - parser_config.0.segment_terminator - - parser_config.0.schema - description: | - Determines whether messages with no header are allowed. - - !ruby/object:Api::Type::String - name: segmentTerminator - at_least_one_of: - - parser_config.0.allow_null_header - - parser_config.0.segment_terminator - - parser_config.0.schema - description: | - Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. - - A base64-encoded string. - - !ruby/object:Api::Type::String - name: schema - at_least_one_of: - - parser_config.0.allow_null_header - - parser_config.0.segment_terminator - - parser_config.0.schema - - parser_config.0.version - description: | - JSON encoded string for schemas used to parse messages in this - store if schematized parsing is desired. - - !ruby/object:Api::Type::Enum - name: version - description: | - The version of the unschematized parser to be used when a custom `schema` is not set. - input: true - default_value: :V1 - values: - - :V1 - - :V2 - - :V3 - - !ruby/object:Api::Type::KeyValuePairs - name: labels - required: false - description: | - User-supplied key-value pairs used to organize HL7v2 stores. - - Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must - conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} - - Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 - bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} - - No more than 64 labels can be associated with a given store. - - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::Array - name: notificationConfigs - description: |- - A list of notification configs. Each configuration uses a filter to determine whether to publish a - message (both Ingest & Create) on the corresponding notification destination. Only the message name - is sent as part of the notification. Supplied by the client. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: pubsubTopic - description: | - The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. - PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. - It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message - was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a - project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given - Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. - - If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver - required: true - - !ruby/object:Api::Type::String - name: filter - description: | - Restricts notifications sent for messages matching a filter. If this is empty, all messages - are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings - - Fields/functions available for filtering are: - - * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". - * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". - * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". - * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". - * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). - * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. - - !ruby/object:Api::Type::NestedObject - name: notificationConfig - removed_message: This field has been replaced by notificationConfigs - exact_version: ga - required: false - properties: - - !ruby/object:Api::Type::String - name: pubsubTopic - description: | - The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. - PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. - It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message - was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a - project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given - Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. - required: true - - !ruby/object:Api::Type::NestedObject - name: notificationConfig - # This field is duplicated because beta and ga have different behaviors. - deprecation_message: This field has been replaced by notificationConfigs - exact_version: beta - required: false - properties: - - !ruby/object:Api::Type::String - name: pubsubTopic - description: | - The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. - PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. - It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message - was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a - project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given - Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. - required: true - - !ruby/object:Api::Type::Time - name: 'creationTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'selfLink' - description: | - The fully qualified name of this dataset - output: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a HL7v2 Store': - 'https://cloud.google.com/healthcare/docs/how-tos/hl7v2' - api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.hl7V2Stores' - - !ruby/object:Api::Resource - name: 'ConsentStore' - kind: "healthcare#consentStore" - base_url: "{{dataset}}/consentStores?consentStoreId={{name}}" - self_link: "{{dataset}}/consentStores/{{name}}" - update_verb: :PATCH - update_mask: true - description: | - The Consent Management API is a tool for tracking user consents and the documentation associated with the consents. - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :GET - parent_resource_attribute: 'consent_store_id' - import_format: ["{{%dataset}}/consentStores/{{name}}", "{{name}}"] - base_url: "{{%dataset}}/consentStores/{{name}}" - self_link: "{{%dataset}}/consentStores/{{name}}" - parameters: - - !ruby/object:Api::Type::ResourceRef - name: "dataset" - description: | - Identifies the dataset addressed by this request. Must be in the format - 'projects/{project}/locations/{location}/datasets/{dataset}' - required: true - input: true - resource: 'Dataset' - imports: 'selfLink' - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of this ConsentStore, for example: - "consent1" - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'defaultConsentTtl' - required: false - description: | - Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. - - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::Boolean - name: 'enableConsentCreateOnUpdate' - required: false - description: | - If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - required: false - description: | - User-supplied key-value pairs used to organize Consent stores. - - Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must - conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}` - - Label values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 - bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` - - No more than 64 labels can be associated with a given store. - - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a Consent store': - 'https://cloud.google.com/healthcare/docs/how-tos/consent' - api: 'https://cloud.google.com/healthcare/docs/reference/rest/v1/projects.locations.datasets.consentStores' diff --git a/mmv1/products/healthcare/product.yaml b/mmv1/products/healthcare/product.yaml new file mode 100644 index 000000000000..b75131d30f7d --- /dev/null +++ b/mmv1/products/healthcare/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Healthcare +display_name: Cloud Healthcare +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://healthcare.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://healthcare.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Healthcare API + url: https://console.cloud.google.com/apis/library/healthcare.googleapis.com/ diff --git a/mmv1/products/healthcare/terraform.yaml b/mmv1/products/healthcare/terraform.yaml index c7a2ea01d731..7c9a25701074 100644 --- a/mmv1/products/healthcare/terraform.yaml +++ b/mmv1/products/healthcare/terraform.yaml @@ -60,7 +60,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides pubsub_topic: "fhir-notifications" bq_dataset_name: "bq_example_dataset" test_vars_overrides: - policyChanged: 'BootstrapPSARoles(t, "gsp-sa-healthcare", []string{"roles/bigquery.dataEditor", "roles/bigquery.jobUser"})' + policyChanged: ' + BootstrapPSARoles(t, "service-", "gcp-sa-healthcare", + []string{"roles/bigquery.dataEditor", "roles/bigquery.jobUser"})' - !ruby/object:Provider::Terraform::Examples name: "healthcare_fhir_store_notification_config" primary_resource_id: "default" @@ -110,7 +112,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides bq_dataset_name: "dicom_bq_ds" bq_table_name: "dicom_bq_tb" test_vars_overrides: - policyChanged: 'BootstrapPSARoles(t, "gsp-sa-healthcare", []string{"roles/bigquery.dataEditor", "roles/bigquery.jobUser"})' + policyChanged: ' + BootstrapPSARoles(t, "service-", "gcp-sa-healthcare", + []string{"roles/bigquery.dataEditor", "roles/bigquery.jobUser"})' properties: creationTime: !ruby/object:Overrides::Terraform::PropertyOverride exclude: true @@ -178,7 +182,11 @@ overrides: !ruby/object:Overrides::ResourceOverrides - !ruby/object:Provider::Terraform::Examples name: "healthcare_consent_store_basic" primary_resource_id: "my-consent" - primary_resource_name: "fmt.Sprintf(\"projects/%s/locations/%s/datasets/tf-test-my-dataset%s\", GetTestProjectFromEnv(), GetTestRegionFromEnv(), context[\"random_suffix\"]) , fmt.Sprintf(\"tf-test-my-consent-store%s\", context[\"random_suffix\"])" + primary_resource_name: ' + fmt.Sprintf("projects/%s/locations/%s/datasets/tf-test-my-dataset%s", + GetTestProjectFromEnv(), GetTestRegionFromEnv(), + context["random_suffix"]), + fmt.Sprintf("tf-test-my-consent-store%s", context["random_suffix"])' vars: dataset_id: "my-dataset" consent_id: "my-consent-store" diff --git a/mmv1/products/iam2/AccessBoundaryPolicy.yaml b/mmv1/products/iam2/AccessBoundaryPolicy.yaml new file mode 100644 index 000000000000..da27cbd6f739 --- /dev/null +++ b/mmv1/products/iam2/AccessBoundaryPolicy.yaml @@ -0,0 +1,92 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AccessBoundaryPolicy' +base_url: policies/{{parent}}/accessboundarypolicies +create_url: policies/{{parent}}/accessboundarypolicies?policyId={{name}} +description: | + Represents a collection of access boundary policies to apply to a given resource. + **NOTE**: This is a private feature and users should contact GCP support + if they would like to test it. +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the policy. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The attachment point is identified by its URL-encoded full resource name. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The display name of the rule. + - !ruby/object:Api::Type::Fingerprint + name: 'etag' + description: | + The hash of the resource. Used internally during updates. + - !ruby/object:Api::Type::Array + name: 'rules' + required: true + description: | + Rules to be applied. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of the rule. + - !ruby/object:Api::Type::NestedObject + name: 'accessBoundaryRule' + description: | + An access boundary rule in an IAM policy. + properties: + - !ruby/object:Api::Type::String + name: 'availableResource' + description: The full resource name of a Google Cloud resource entity. + - !ruby/object:Api::Type::Array + name: 'availablePermissions' + description: A list of permissions that may be allowed for use on the specified resource. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'availabilityCondition' + description: The availability condition further constrains the access allowed by the access boundary rule. + properties: + - !ruby/object:Api::Type::String + name: 'expression' + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - !ruby/object:Api::Type::String + name: 'title' + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: 'location' + description: | + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + diff --git a/mmv1/products/iam2/DenyPolicy.yaml b/mmv1/products/iam2/DenyPolicy.yaml new file mode 100644 index 000000000000..c989c839ff03 --- /dev/null +++ b/mmv1/products/iam2/DenyPolicy.yaml @@ -0,0 +1,113 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DenyPolicy' +min_version: beta +base_url: policies/{{parent}}/denypolicies +create_url: policies/{{parent}}/denypolicies?policyId={{name}} +description: | + Represents a collection of denial policies to apply to a given resource. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Permissions supported in deny policies': + 'https://cloud.google.com/iam/docs/deny-permissions-support' + api: 'https://cloud.google.com/iam/docs/reference/rest/v2beta/policies' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the policy. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The attachment point is identified by its URL-encoded full resource name. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The display name of the rule. + - !ruby/object:Api::Type::Fingerprint + name: 'etag' + description: | + The hash of the resource. Used internally during updates. + - !ruby/object:Api::Type::Array + name: 'rules' + required: true + description: | + Rules to be applied. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description of the rule. + - !ruby/object:Api::Type::NestedObject + name: 'denyRule' + description: | + A deny rule in an IAM deny policy. + properties: + - !ruby/object:Api::Type::Array + name: 'deniedPrincipals' + description: The identities that are prevented from using one or more permissions on Google Cloud resources. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exceptionPrincipals' + description: | + The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. + For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'deniedPermissions' + description: | + The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, + where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exceptionPermissions' + description: | + Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. + If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. + The excluded permissions can be specified using the same syntax as deniedPermissions. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'denialCondition' + description: + User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, + source.region_code and contents in the request header. + properties: + - !ruby/object:Api::Type::String + name: 'expression' + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - !ruby/object:Api::Type::String + name: 'title' + description: | + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: 'location' + description: | + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. diff --git a/mmv1/products/iam2/api.yaml b/mmv1/products/iam2/api.yaml deleted file mode 100644 index 03c830af6902..000000000000 --- a/mmv1/products/iam2/api.yaml +++ /dev/null @@ -1,224 +0,0 @@ -# Copyright 2023 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: IAM2 -display_name: Cloud IAM -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://iam.googleapis.com/v2beta/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://iam.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/iam -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Identity and Access Management (IAM) API - url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'DenyPolicy' - min_version: beta - base_url: policies/{{parent}}/denypolicies - create_url: policies/{{parent}}/denypolicies?policyId={{name}} - description: | - Represents a collection of denial policies to apply to a given resource. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Permissions supported in deny policies': - 'https://cloud.google.com/iam/docs/deny-permissions-support' - api: 'https://cloud.google.com/iam/docs/reference/rest/v2beta/policies' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the policy. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'parent' - description: | - The attachment point is identified by its URL-encoded full resource name. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The display name of the rule. - - !ruby/object:Api::Type::Fingerprint - name: 'etag' - description: | - The hash of the resource. Used internally during updates. - - !ruby/object:Api::Type::Array - name: 'rules' - required: true - description: | - Rules to be applied. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of the rule. - - !ruby/object:Api::Type::NestedObject - name: 'denyRule' - description: | - A deny rule in an IAM deny policy. - properties: - - !ruby/object:Api::Type::Array - name: 'deniedPrincipals' - description: The identities that are prevented from using one or more permissions on Google Cloud resources. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exceptionPrincipals' - description: | - The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals. - For example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'deniedPermissions' - description: | - The permissions that are explicitly denied by this rule. Each permission uses the format `{service-fqdn}/{resource}.{verb}`, - where `{service-fqdn}` is the fully qualified domain name for the service. For example, `iam.googleapis.com/roles.list`. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exceptionPermissions' - description: | - Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions. - If a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied. - The excluded permissions can be specified using the same syntax as deniedPermissions. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'denialCondition' - description: - User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, - source.region_code and contents in the request header. - properties: - - !ruby/object:Api::Type::String - name: 'expression' - description: | - Textual representation of an expression in Common Expression Language syntax. - required: true - - !ruby/object:Api::Type::String - name: 'title' - description: | - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: 'location' - description: | - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - - !ruby/object:Api::Resource - name: 'AccessBoundaryPolicy' - base_url: policies/{{parent}}/accessboundarypolicies - create_url: policies/{{parent}}/accessboundarypolicies?policyId={{name}} - description: | - Represents a collection of access boundary policies to apply to a given resource. - **NOTE**: This is a private feature and users should contact GCP support - if they would like to test it. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the policy. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'parent' - description: | - The attachment point is identified by its URL-encoded full resource name. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The display name of the rule. - - !ruby/object:Api::Type::Fingerprint - name: 'etag' - description: | - The hash of the resource. Used internally during updates. - - !ruby/object:Api::Type::Array - name: 'rules' - required: true - description: | - Rules to be applied. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description of the rule. - - !ruby/object:Api::Type::NestedObject - name: 'accessBoundaryRule' - description: | - An access boundary rule in an IAM policy. - properties: - - !ruby/object:Api::Type::String - name: 'availableResource' - description: The full resource name of a Google Cloud resource entity. - - !ruby/object:Api::Type::Array - name: 'availablePermissions' - description: A list of permissions that may be allowed for use on the specified resource. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'availabilityCondition' - description: The availability condition further constrains the access allowed by the access boundary rule. - properties: - - !ruby/object:Api::Type::String - name: 'expression' - description: | - Textual representation of an expression in Common Expression Language syntax. - required: true - - !ruby/object:Api::Type::String - name: 'title' - description: | - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: 'location' - description: | - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. diff --git a/mmv1/products/iam2/product.yaml b/mmv1/products/iam2/product.yaml new file mode 100644 index 000000000000..ba9f3564ec9f --- /dev/null +++ b/mmv1/products/iam2/product.yaml @@ -0,0 +1,45 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: IAM2 +display_name: Cloud IAM +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://iam.googleapis.com/v2beta/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://iam.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/iam +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Identity and Access Management (IAM) API + url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/iambeta/WorkloadIdentityPool.yaml b/mmv1/products/iambeta/WorkloadIdentityPool.yaml new file mode 100644 index 000000000000..07dcdf81e626 --- /dev/null +++ b/mmv1/products/iambeta/WorkloadIdentityPool.yaml @@ -0,0 +1,73 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WorkloadIdentityPool' +base_url: projects/{{project}}/locations/global/workloadIdentityPools +self_link: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}} +create_url: projects/{{project}}/locations/global/workloadIdentityPools?workloadIdentityPoolId={{workload_identity_pool_id}} +update_verb: :PATCH +update_mask: true +description: | + Represents a collection of external workload identities. You can define IAM policies to + grant these identities access to Google Cloud resources. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing workload identity pools': + 'https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#pools' + api: 'https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools' +properties: + - !ruby/object:Api::Type::String + name: 'workloadIdentityPoolId' + description: | + The ID to use for the pool, which becomes the final component of the resource name. This + value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix + `gcp-` is reserved for use by Google, and may not be specified. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The state of the pool. + * STATE_UNSPECIFIED: State unspecified. + * ACTIVE: The pool is active, and may be used in Google Cloud policies. + * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after + approximately 30 days. You can restore a soft-deleted pool using + UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is + permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or + use existing tokens to access resources. If the pool is undeleted, existing tokens grant + access again. + output: true + values: + - :STATE_UNSPECIFIED + - :ACTIVE + - :DELETED + - !ruby/object:Api::Type::String + name: 'displayName' + description: A display name for the pool. Cannot exceed 32 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: A description of the pool. Cannot exceed 256 characters. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the pool as + `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`. + output: true + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use + existing tokens to access resources. If the pool is re-enabled, existing tokens grant + access again. diff --git a/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml b/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml new file mode 100644 index 000000000000..ad98175433cf --- /dev/null +++ b/mmv1/products/iambeta/WorkloadIdentityPoolProvider.yaml @@ -0,0 +1,201 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WorkloadIdentityPoolProvider' +base_url: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers +self_link: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}} +create_url: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers?workloadIdentityPoolProviderId={{workload_identity_pool_provider_id}} +update_verb: :PATCH +update_mask: true +description: A configuration for an external identity provider. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing workload identity providers': + 'https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#managing_workload_identity_providers' + api: 'https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers' +properties: + - !ruby/object:Api::Type::String + name: 'workloadIdentityPoolId' + description: | + The ID used for the pool, which is the final component of the pool resource name. This + value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix + `gcp-` is reserved for use by Google, and may not be specified. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'workloadIdentityPoolProviderId' + description: | + The ID for the provider, which becomes the final component of the resource name. This + value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix + `gcp-` is reserved for use by Google, and may not be specified. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The state of the provider. + * STATE_UNSPECIFIED: State unspecified. + * ACTIVE: The provider is active, and may be used to validate authentication credentials. + * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted + after approximately 30 days. You can restore a soft-deleted provider using + UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider + until it is permanently deleted. + output: true + values: + - :STATE_UNSPECIFIED + - :ACTIVE + - :DELETED + - !ruby/object:Api::Type::String + name: 'displayName' + description: A display name for the provider. Cannot exceed 32 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: A description for the provider. Cannot exceed 256 characters. + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the provider as + `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`. + output: true + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. + However, existing tokens still grant access. + - !ruby/object:Api::Type::KeyValuePairs + name: 'attributeMapping' + description: | + Maps attributes from authentication credentials issued by an external identity provider + to Google Cloud attributes, such as `subject` and `segment`. + + Each key must be a string specifying the Google Cloud IAM attribute to map to. + + The following keys are supported: + * `google.subject`: The principal IAM is authenticating. You can reference this value + in IAM bindings. This is also the subject that appears in Cloud Logging logs. + Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You can grant groups + access to resources using an IAM `principalSet` binding; access applies to all + members of the group. + + You can also provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to be mapped. You can + define a maximum of 50 custom attributes. The maximum length of a mapped attribute key + is 100 characters, and the key may only contain the characters [a-z0-9_]. + + You can reference these attributes in IAM policies to define fine-grained access for a + workload to Google Cloud resources. For example: + * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: + `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: + `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + + Each value must be a [Common Expression Language](https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized attribute specified + by the corresponding map key. + + You can use the `assertion` keyword in the expression to access a JSON representation of + the authentication credential issued by the provider. + + The maximum length of an attribute mapping expression is 2048 characters. When evaluated, + the total size of all mapped attributes must not exceed 8KB. + + For AWS providers, the following rules apply: + - If no attribute mapping is defined, the following default mapping applies: + ``` + { + "google.subject":"assertion.arn", + "attribute.aws_role": + "assertion.arn.contains('assumed-role')" + " ? assertion.arn.extract('{account_arn}assumed-role/')" + " + 'assumed-role/'" + " + assertion.arn.extract('assumed-role/{role_name}/')" + " : assertion.arn", + } + ``` + - If any custom attribute mappings are defined, they must include a mapping to the + `google.subject` attribute. + + For OIDC providers, the following rules apply: + - Custom attribute mappings must be defined, and must include a mapping to the + `google.subject` attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token. + ``` + {"google.subject": "assertion.sub"} + ``` + - !ruby/object:Api::Type::String + name: 'attributeCondition' + description: | + [A Common Expression Language](https://opensource.google/projects/cel) expression, in + plain text, to restrict what otherwise valid authentication credentials issued by the + provider should not be accepted. + + The expression must output a boolean representing whether to allow the federation. + + The following keywords may be referenced in the expressions: + * `assertion`: JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. + * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. + + The maximum length of the attribute condition expression is 4096 characters. If + unspecified, all valid authentication credential are accepted. + + The following example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: + ``` + "'admins' in google.groups" + ``` + - !ruby/object:Api::Type::NestedObject + name: aws + description: An Amazon Web Services identity provider. Not compatible with the property oidc. + exactly_one_of: + - aws + - oidc + properties: + - !ruby/object:Api::Type::String + name: accountId + description: The AWS account ID. + required: true + - !ruby/object:Api::Type::NestedObject + name: oidc + description: An OpenId Connect 1.0 identity provider. Not compatible with the property aws. + exactly_one_of: + - aws + - oidc + properties: + - !ruby/object:Api::Type::Array + name: allowedAudiences + item_type: Api::Type::String + description: | + Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange + requests are rejected if the token audience does not match one of the configured + values. Each audience may be at most 256 characters. A maximum of 10 audiences may + be configured. + + If this list is empty, the OIDC token audience must be equal to the full canonical + resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. + For example: + ``` + //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ``` + - !ruby/object:Api::Type::String + name: issuerUri + description: The OIDC issuer URL. + required: true + diff --git a/mmv1/products/iambeta/api.yaml b/mmv1/products/iambeta/api.yaml deleted file mode 100644 index ae35e3fcaa63..000000000000 --- a/mmv1/products/iambeta/api.yaml +++ /dev/null @@ -1,293 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: IAMBeta -display_name: Cloud IAM -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://iam.googleapis.com/v1beta/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://iam.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/iam -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Identity and Access Management (IAM) API - url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'WorkloadIdentityPool' - base_url: projects/{{project}}/locations/global/workloadIdentityPools - self_link: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}} - create_url: projects/{{project}}/locations/global/workloadIdentityPools?workloadIdentityPoolId={{workload_identity_pool_id}} - update_verb: :PATCH - update_mask: true - description: | - Represents a collection of external workload identities. You can define IAM policies to - grant these identities access to Google Cloud resources. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing workload identity pools': - 'https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#pools' - api: 'https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools' - properties: - - !ruby/object:Api::Type::String - name: 'workloadIdentityPoolId' - description: | - The ID to use for the pool, which becomes the final component of the resource name. This - value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix - `gcp-` is reserved for use by Google, and may not be specified. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The state of the pool. - * STATE_UNSPECIFIED: State unspecified. - * ACTIVE: The pool is active, and may be used in Google Cloud policies. - * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after - approximately 30 days. You can restore a soft-deleted pool using - UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is - permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or - use existing tokens to access resources. If the pool is undeleted, existing tokens grant - access again. - output: true - values: - - :STATE_UNSPECIFIED - - :ACTIVE - - :DELETED - - !ruby/object:Api::Type::String - name: 'displayName' - description: A display name for the pool. Cannot exceed 32 characters. - - !ruby/object:Api::Type::String - name: 'description' - description: A description of the pool. Cannot exceed 256 characters. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the pool as - `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}`. - output: true - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use - existing tokens to access resources. If the pool is re-enabled, existing tokens grant - access again. - - !ruby/object:Api::Resource - name: 'WorkloadIdentityPoolProvider' - base_url: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers - self_link: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers/{{workload_identity_pool_provider_id}} - create_url: projects/{{project}}/locations/global/workloadIdentityPools/{{workload_identity_pool_id}}/providers?workloadIdentityPoolProviderId={{workload_identity_pool_provider_id}} - update_verb: :PATCH - update_mask: true - description: A configuration for an external identity provider. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing workload identity providers': - 'https://cloud.google.com/iam/docs/manage-workload-identity-pools-providers#managing_workload_identity_providers' - api: 'https://cloud.google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.providers' - properties: - - !ruby/object:Api::Type::String - name: 'workloadIdentityPoolId' - description: | - The ID used for the pool, which is the final component of the pool resource name. This - value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix - `gcp-` is reserved for use by Google, and may not be specified. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'workloadIdentityPoolProviderId' - description: | - The ID for the provider, which becomes the final component of the resource name. This - value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix - `gcp-` is reserved for use by Google, and may not be specified. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The state of the provider. - * STATE_UNSPECIFIED: State unspecified. - * ACTIVE: The provider is active, and may be used to validate authentication credentials. - * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted - after approximately 30 days. You can restore a soft-deleted provider using - UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider - until it is permanently deleted. - output: true - values: - - :STATE_UNSPECIFIED - - :ACTIVE - - :DELETED - - !ruby/object:Api::Type::String - name: 'displayName' - description: A display name for the provider. Cannot exceed 32 characters. - - !ruby/object:Api::Type::String - name: 'description' - description: A description for the provider. Cannot exceed 256 characters. - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the provider as - `projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}`. - output: true - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. - However, existing tokens still grant access. - - !ruby/object:Api::Type::KeyValuePairs - name: 'attributeMapping' - description: | - Maps attributes from authentication credentials issued by an external identity provider - to Google Cloud attributes, such as `subject` and `segment`. - - Each key must be a string specifying the Google Cloud IAM attribute to map to. - - The following keys are supported: - * `google.subject`: The principal IAM is authenticating. You can reference this value - in IAM bindings. This is also the subject that appears in Cloud Logging logs. - Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You can grant groups - access to resources using an IAM `principalSet` binding; access applies to all - members of the group. - - You can also provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to be mapped. You can - define a maximum of 50 custom attributes. The maximum length of a mapped attribute key - is 100 characters, and the key may only contain the characters [a-z0-9_]. - - You can reference these attributes in IAM policies to define fine-grained access for a - workload to Google Cloud resources. For example: - * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: - `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: - `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - - Each value must be a [Common Expression Language](https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized attribute specified - by the corresponding map key. - - You can use the `assertion` keyword in the expression to access a JSON representation of - the authentication credential issued by the provider. - - The maximum length of an attribute mapping expression is 2048 characters. When evaluated, - the total size of all mapped attributes must not exceed 8KB. - - For AWS providers, the following rules apply: - - If no attribute mapping is defined, the following default mapping applies: - ``` - { - "google.subject":"assertion.arn", - "attribute.aws_role": - "assertion.arn.contains('assumed-role')" - " ? assertion.arn.extract('{account_arn}assumed-role/')" - " + 'assumed-role/'" - " + assertion.arn.extract('assumed-role/{role_name}/')" - " : assertion.arn", - } - ``` - - If any custom attribute mappings are defined, they must include a mapping to the - `google.subject` attribute. - - For OIDC providers, the following rules apply: - - Custom attribute mappings must be defined, and must include a mapping to the - `google.subject` attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token. - ``` - {"google.subject": "assertion.sub"} - ``` - - !ruby/object:Api::Type::String - name: 'attributeCondition' - description: | - [A Common Expression Language](https://opensource.google/projects/cel) expression, in - plain text, to restrict what otherwise valid authentication credentials issued by the - provider should not be accepted. - - The expression must output a boolean representing whether to allow the federation. - - The following keywords may be referenced in the expressions: - * `assertion`: JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. - * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. - - The maximum length of the attribute condition expression is 4096 characters. If - unspecified, all valid authentication credential are accepted. - - The following example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: - ``` - "'admins' in google.groups" - ``` - - !ruby/object:Api::Type::NestedObject - name: aws - description: An Amazon Web Services identity provider. Not compatible with the property oidc. - exactly_one_of: - - aws - - oidc - properties: - - !ruby/object:Api::Type::String - name: accountId - description: The AWS account ID. - required: true - - !ruby/object:Api::Type::NestedObject - name: oidc - description: An OpenId Connect 1.0 identity provider. Not compatible with the property aws. - exactly_one_of: - - aws - - oidc - properties: - - !ruby/object:Api::Type::Array - name: allowedAudiences - item_type: Api::Type::String - description: | - Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange - requests are rejected if the token audience does not match one of the configured - values. Each audience may be at most 256 characters. A maximum of 10 audiences may - be configured. - - If this list is empty, the OIDC token audience must be equal to the full canonical - resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. - For example: - ``` - //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ``` - - !ruby/object:Api::Type::String - name: issuerUri - description: The OIDC issuer URL. - required: true diff --git a/mmv1/products/iambeta/product.yaml b/mmv1/products/iambeta/product.yaml new file mode 100644 index 000000000000..b9b45cf13c26 --- /dev/null +++ b/mmv1/products/iambeta/product.yaml @@ -0,0 +1,45 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: IAMBeta +display_name: Cloud IAM +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://iam.googleapis.com/v1beta/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://iam.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/iam +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Identity and Access Management (IAM) API + url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/iamworkforcepool/WorkforcePool.yaml b/mmv1/products/iamworkforcepool/WorkforcePool.yaml new file mode 100644 index 000000000000..2cc7fac9ba3a --- /dev/null +++ b/mmv1/products/iamworkforcepool/WorkforcePool.yaml @@ -0,0 +1,94 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WorkforcePool' +base_url: locations/{{location}}/workforcePools +self_link: locations/{{location}}/workforcePools/{{workforce_pool_id}} +create_url: locations/{{location}}/workforcePools?workforcePoolId={{workforce_pool_id}} +update_verb: :PATCH +update_mask: true +description: | + Represents a collection of external workforces. Provides namespaces for + federated users that can be referenced in IAM policies. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Manage pools': + 'https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#manage_pools' + api: 'https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools' +properties: + - !ruby/object:Api::Type::String + name: 'location' + description: The location for the resource. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'workforcePoolId' + description: | + The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, + digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. + The prefix `gcp-` is reserved for use by Google, and may not be specified. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Output only. The resource name of the pool. + Format: `locations/{location}/workforcePools/{workforcePoolId}` + output: true + - !ruby/object:Api::Type::String + name: 'parent' + description: | + Immutable. The resource name of the parent. Format: `organizations/{org-id}`. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: A user-specified description of the pool. Cannot exceed 256 characters. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + Output only. The state of the pool. + * STATE_UNSPECIFIED: State unspecified. + * ACTIVE: The pool is active, and may be used in Google Cloud policies. + * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted + after approximately 30 days. You can restore a soft-deleted pool using + [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool). + You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. + While a pool is deleted, you cannot use it to exchange tokens, or use + existing tokens to access resources. If the pool is undeleted, existing + tokens grant access again. + output: true + values: + - :STATE_UNSPECIFIED + - :ACTIVE + - :DELETED + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, + or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. + - !ruby/object:Api::Type::String + name: 'sessionDuration' + description: | + Duration that the Google Cloud access tokens, console sign-in sessions, + and `gcloud` sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). + A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". + default_value: '3600s' diff --git a/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml b/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml new file mode 100644 index 000000000000..1b7cd1404713 --- /dev/null +++ b/mmv1/products/iamworkforcepool/WorkforcePoolProvider.yaml @@ -0,0 +1,202 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WorkforcePoolProvider' +base_url: locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers +self_link: locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}} +create_url: locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers?workforcePoolProviderId={{provider_id}} +update_verb: :PATCH +update_mask: true +description: | + A configuration for an external identity provider. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configure a provider within the workforce pool': + 'https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#configure_a_provider_within_the_workforce_pool' + api: 'https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers' +properties: + - !ruby/object:Api::Type::String + name: 'location' + description: The location for the resource. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'workforcePoolId' + description: | + The ID to use for the pool, which becomes the final component of the resource name. + The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. + It must start with a letter, and cannot have a trailing hyphen. + The prefix `gcp-` is reserved for use by Google, and may not be specified. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'providerId' + description: | + The ID for the provider, which becomes the final component of the resource name. + This value must be 4-32 characters, and may contain the characters [a-z0-9-]. + The prefix `gcp-` is reserved for use by Google, and may not be specified. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + Output only. The resource name of the provider. + Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}` + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: A user-specified display name for the provider. Cannot exceed 32 characters. + - !ruby/object:Api::Type::String + name: 'description' + description: A user-specified description of the provider. Cannot exceed 256 characters. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The current state of the provider. + * STATE_UNSPECIFIED: State unspecified. + * ACTIVE: The provider is active and may be used to validate authentication credentials. + * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently + deleted after approximately 30 days. You can restore a soft-deleted provider using + [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider). + output: true + values: + - :STATE_UNSPECIFIED + - :ACTIVE + - :DELETED + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. + However, existing tokens still grant access. + - !ruby/object:Api::Type::KeyValuePairs + name: 'attributeMapping' + description: | + Maps attributes from the authentication credentials issued by an external identity provider + to Google Cloud attributes, such as `subject` and `segment`. + + Each key must be a string specifying the Google Cloud IAM attribute to map to. + + The following keys are supported: + * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. + This is also the subject that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. + * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to + resources using an IAM `principalSet` binding; access applies to all members of the group. + * `google.display_name`: The name of the authenticated user. This is an optional field and + the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. + This attribute cannot be referenced in IAM bindings. + * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. + This is an optional field. When set, the image will be visible as the user's profile picture. + If not set, a generic user icon will be displayed instead. + This attribute cannot be referenced in IAM bindings. + + You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} + is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. + The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. + + You can reference these attributes in IAM policies to define fine-grained access for a workforce pool + to Google Cloud resources. For example: + * `google.subject`: + `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}` + * `google.groups`: + `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: + `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}` + + Each value must be a [Common Expression Language](https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized attribute specified + by the corresponding map key. + + You can use the `assertion` keyword in the expression to access a JSON representation of + the authentication credential issued by the provider. + + The maximum length of an attribute mapping expression is 2048 characters. When evaluated, + the total size of all mapped attributes must not exceed 8KB. + + For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. + For example, the following maps the sub claim of the incoming credential to the `subject` attribute + on a Google token: + ``` + {"google.subject": "assertion.sub"} + ``` + + An object containing a list of `"key": value` pairs. + Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`. + - !ruby/object:Api::Type::String + name: 'attributeCondition' + description: | + A [Common Expression Language](https://opensource.google/projects/cel) expression, in + plain text, to restrict what otherwise valid authentication credentials issued by the + provider should not be accepted. + + The expression must output a boolean representing whether to allow the federation. + + The following keywords may be referenced in the expressions: + * `assertion`: JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. + `google.profile_photo` and `google.display_name` are not supported. + * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. + + The maximum length of the attribute condition expression is 4096 characters. + If unspecified, all valid authentication credentials will be accepted. + + The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: + ``` + "'admins' in google.groups" + ``` + - !ruby/object:Api::Type::NestedObject + name: 'saml' + description: Represents a SAML identity provider. + exactly_one_of: + - saml + - oidc + properties: + - !ruby/object:Api::Type::String + name: idpMetadataXml + description: | + SAML Identity provider configuration metadata xml doc. + The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded to 128k characters. + + The metadata xml document should satisfy the following constraints: + 1) Must contain an Identity Provider Entity ID. + 2) Must contain at least one non-expired signing key certificate. + 3) For each signing key: + a) Valid from should be no more than 7 days from now. + b) Valid to should be no more than 10 years in the future. + 4) Up to 3 IdP signing keys are allowed in the metadata xml. + + When updating the provider's metadata xml, at least one non-expired signing key + must overlap with the existing metadata. This requirement is skipped if there are + no non-expired signing keys present in the existing metadata. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'oidc' + description: Represents an OpenId Connect 1.0 identity provider. + exactly_one_of: + - saml + - oidc + properties: + - !ruby/object:Api::Type::String + name: issuerUri + description: The OIDC issuer URI. Must be a valid URI using the 'https' scheme. + required: true + - !ruby/object:Api::Type::String + name: clientId + description: The client ID. Must match the audience claim of the JWT issued by the identity provider. + required: true + diff --git a/mmv1/products/iamworkforcepool/api.yaml b/mmv1/products/iamworkforcepool/api.yaml deleted file mode 100644 index 171c77b922d8..000000000000 --- a/mmv1/products/iamworkforcepool/api.yaml +++ /dev/null @@ -1,315 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: IAMWorkforcePool -display_name: Cloud IAM -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://iam.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://iam.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/iam -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Identity and Access Management (IAM) API - url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'WorkforcePool' - base_url: locations/{{location}}/workforcePools - self_link: locations/{{location}}/workforcePools/{{workforce_pool_id}} - create_url: locations/{{location}}/workforcePools?workforcePoolId={{workforce_pool_id}} - update_verb: :PATCH - update_mask: true - description: | - Represents a collection of external workforces. Provides namespaces for - federated users that can be referenced in IAM policies. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Manage pools': - 'https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#manage_pools' - api: 'https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools' - properties: - - !ruby/object:Api::Type::String - name: 'location' - description: The location for the resource. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'workforcePoolId' - description: | - The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters, - digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen. - The prefix `gcp-` is reserved for use by Google, and may not be specified. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Output only. The resource name of the pool. - Format: `locations/{location}/workforcePools/{workforcePoolId}` - output: true - - !ruby/object:Api::Type::String - name: 'parent' - description: | - Immutable. The resource name of the parent. Format: `organizations/{org-id}`. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. - - !ruby/object:Api::Type::String - name: 'description' - description: A user-specified description of the pool. Cannot exceed 256 characters. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - Output only. The state of the pool. - * STATE_UNSPECIFIED: State unspecified. - * ACTIVE: The pool is active, and may be used in Google Cloud policies. - * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted - after approximately 30 days. You can restore a soft-deleted pool using - [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool). - You cannot reuse the ID of a soft-deleted pool until it is permanently deleted. - While a pool is deleted, you cannot use it to exchange tokens, or use - existing tokens to access resources. If the pool is undeleted, existing - tokens grant access again. - output: true - values: - - :STATE_UNSPECIFIED - - :ACTIVE - - :DELETED - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, - or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. - - !ruby/object:Api::Type::String - name: 'sessionDuration' - description: | - Duration that the Google Cloud access tokens, console sign-in sessions, - and `gcloud` sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s). - A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`". - default_value: '3600s' - - !ruby/object:Api::Resource - name: 'WorkforcePoolProvider' - base_url: locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers - self_link: locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers/{{provider_id}} - create_url: locations/{{location}}/workforcePools/{{workforce_pool_id}}/providers?workforcePoolProviderId={{provider_id}} - update_verb: :PATCH - update_mask: true - description: | - A configuration for an external identity provider. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configure a provider within the workforce pool': - 'https://cloud.google.com/iam/docs/manage-workforce-identity-pools-providers#configure_a_provider_within_the_workforce_pool' - api: 'https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers' - properties: - - !ruby/object:Api::Type::String - name: 'location' - description: The location for the resource. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'workforcePoolId' - description: | - The ID to use for the pool, which becomes the final component of the resource name. - The IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens. - It must start with a letter, and cannot have a trailing hyphen. - The prefix `gcp-` is reserved for use by Google, and may not be specified. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'providerId' - description: | - The ID for the provider, which becomes the final component of the resource name. - This value must be 4-32 characters, and may contain the characters [a-z0-9-]. - The prefix `gcp-` is reserved for use by Google, and may not be specified. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - Output only. The resource name of the provider. - Format: `locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}` - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: A user-specified display name for the provider. Cannot exceed 32 characters. - - !ruby/object:Api::Type::String - name: 'description' - description: A user-specified description of the provider. Cannot exceed 256 characters. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The current state of the provider. - * STATE_UNSPECIFIED: State unspecified. - * ACTIVE: The provider is active and may be used to validate authentication credentials. - * DELETED: The provider is soft-deleted. Soft-deleted providers are permanently - deleted after approximately 30 days. You can restore a soft-deleted provider using - [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider). - output: true - values: - - :STATE_UNSPECIFIED - - :ACTIVE - - :DELETED - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. - However, existing tokens still grant access. - - !ruby/object:Api::Type::KeyValuePairs - name: 'attributeMapping' - description: | - Maps attributes from the authentication credentials issued by an external identity provider - to Google Cloud attributes, such as `subject` and `segment`. - - Each key must be a string specifying the Google Cloud IAM attribute to map to. - - The following keys are supported: - * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. - This is also the subject that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. - * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to - resources using an IAM `principalSet` binding; access applies to all members of the group. - * `google.display_name`: The name of the authenticated user. This is an optional field and - the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. - This attribute cannot be referenced in IAM bindings. - * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. - This is an optional field. When set, the image will be visible as the user's profile picture. - If not set, a generic user icon will be displayed instead. - This attribute cannot be referenced in IAM bindings. - - You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} - is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. - The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. - - You can reference these attributes in IAM policies to define fine-grained access for a workforce pool - to Google Cloud resources. For example: - * `google.subject`: - `principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}` - * `google.groups`: - `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: - `principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}` - - Each value must be a [Common Expression Language](https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized attribute specified - by the corresponding map key. - - You can use the `assertion` keyword in the expression to access a JSON representation of - the authentication credential issued by the provider. - - The maximum length of an attribute mapping expression is 2048 characters. When evaluated, - the total size of all mapped attributes must not exceed 8KB. - - For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. - For example, the following maps the sub claim of the incoming credential to the `subject` attribute - on a Google token: - ``` - {"google.subject": "assertion.sub"} - ``` - - An object containing a list of `"key": value` pairs. - Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`. - - !ruby/object:Api::Type::String - name: 'attributeCondition' - description: | - A [Common Expression Language](https://opensource.google/projects/cel) expression, in - plain text, to restrict what otherwise valid authentication credentials issued by the - provider should not be accepted. - - The expression must output a boolean representing whether to allow the federation. - - The following keywords may be referenced in the expressions: - * `assertion`: JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. - `google.profile_photo` and `google.display_name` are not supported. - * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. - - The maximum length of the attribute condition expression is 4096 characters. - If unspecified, all valid authentication credentials will be accepted. - - The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: - ``` - "'admins' in google.groups" - ``` - - !ruby/object:Api::Type::NestedObject - name: 'saml' - description: Represents a SAML identity provider. - exactly_one_of: - - saml - - oidc - properties: - - !ruby/object:Api::Type::String - name: idpMetadataXml - description: | - SAML Identity provider configuration metadata xml doc. - The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded to 128k characters. - - The metadata xml document should satisfy the following constraints: - 1) Must contain an Identity Provider Entity ID. - 2) Must contain at least one non-expired signing key certificate. - 3) For each signing key: - a) Valid from should be no more than 7 days from now. - b) Valid to should be no more than 10 years in the future. - 4) Up to 3 IdP signing keys are allowed in the metadata xml. - - When updating the provider's metadata xml, at least one non-expired signing key - must overlap with the existing metadata. This requirement is skipped if there are - no non-expired signing keys present in the existing metadata. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'oidc' - description: Represents an OpenId Connect 1.0 identity provider. - exactly_one_of: - - saml - - oidc - properties: - - !ruby/object:Api::Type::String - name: issuerUri - description: The OIDC issuer URI. Must be a valid URI using the 'https' scheme. - required: true - - !ruby/object:Api::Type::String - name: clientId - description: The client ID. Must match the audience claim of the JWT issued by the identity provider. - required: true diff --git a/mmv1/products/iamworkforcepool/product.yaml b/mmv1/products/iamworkforcepool/product.yaml new file mode 100644 index 000000000000..e7ebb83cbd92 --- /dev/null +++ b/mmv1/products/iamworkforcepool/product.yaml @@ -0,0 +1,45 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: IAMWorkforcePool +display_name: Cloud IAM +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://iam.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://iam.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/iam +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Identity and Access Management (IAM) API + url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/iap/AppEngineService.yaml b/mmv1/products/iap/AppEngineService.yaml new file mode 100644 index 000000000000..cceb5da66566 --- /dev/null +++ b/mmv1/products/iap/AppEngineService.yaml @@ -0,0 +1,31 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AppEngineService' +base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}' +self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'appId' + description: Id of the App Engine application. + required: true + - !ruby/object:Api::Type::String + name: 'service' + description: Service id of the App Engine application + required: true diff --git a/mmv1/products/iap/AppEngineVersion.yaml b/mmv1/products/iap/AppEngineVersion.yaml new file mode 100644 index 000000000000..d53d8fa018a9 --- /dev/null +++ b/mmv1/products/iap/AppEngineVersion.yaml @@ -0,0 +1,35 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AppEngineVersion' +base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}' +self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'appId' + description: Id of the App Engine application. + required: true + - !ruby/object:Api::Type::String + name: 'service' + description: Service id of the App Engine application + required: true + - !ruby/object:Api::Type::String + name: 'versionId' + description: Version id of the App Engine application + required: true diff --git a/mmv1/products/iap/Brand.yaml b/mmv1/products/iap/Brand.yaml new file mode 100644 index 000000000000..2e4393b38a85 --- /dev/null +++ b/mmv1/products/iap/Brand.yaml @@ -0,0 +1,58 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Brand' +base_url: 'projects/{{project}}/brands' +self_link: '{{name}}' +immutable: true +identity: + - name +description: | + OAuth brand data. Only "Organization Internal" brands can be created + programmatically via API. To convert it into an external brands + please use the GCP Console. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Setting up IAP Brand': + 'https://cloud.google.com/iap/docs/tutorial-gce#set_up_iap' + api: 'https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Output only. Identifier of the brand, in the format `projects/{project_number}/brands/{brand_id}` + NOTE: The name can also be expressed as `projects/{project_id}/brands/{brand_id}`, e.g. when importing. + NOTE: The brand identification corresponds to the project number as only one + brand can be created per project. + output: true +properties: + - !ruby/object:Api::Type::String + name: 'supportEmail' + description: | + Support email displayed on the OAuth consent screen. Can be either a + user or group email. When a user email is specified, the caller must + be the user with the associated email address. When a group email is + specified, the caller can be either a user or a service account which + is an owner of the specified group in Cloud Identity. + required: true + - !ruby/object:Api::Type::String + name: 'applicationTitle' + description: | + Application name displayed on OAuth consent screen. + required: true + - !ruby/object:Api::Type::Boolean + name: 'orgInternalOnly' + description: | + Whether the brand is only intended for usage inside the GSuite organization only. + output: true diff --git a/mmv1/products/iap/Client.yaml b/mmv1/products/iap/Client.yaml new file mode 100644 index 000000000000..fe80bf3112b4 --- /dev/null +++ b/mmv1/products/iap/Client.yaml @@ -0,0 +1,57 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Client' +base_url: '{{brand}}/identityAwareProxyClients' +self_link: '{{client_id}}' +immutable: true +description: | + Contains the data that describes an Identity Aware Proxy owned client. + + ~> **Note:** Only internal org clients can be created via declarative tools. External clients must be + manually created via the GCP console. This restriction is due to the existing APIs and not lack of support + in this tool. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Setting up IAP Client': + 'https://cloud.google.com/iap/docs/authentication-howto' + api: 'https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands.identityAwareProxyClients' +parameters: + - !ruby/object:Api::Type::String + name: 'clientId' + api_name: name + description: | + Output only. Unique identifier of the OAuth client. + output: true + - !ruby/object:Api::Type::String + name: 'brand' + description: | + Identifier of the brand to which this client + is attached to. The format is + `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`. + immutable: true + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'secret' + description: | + Output only. Client secret of the OAuth client. + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + Human-friendly name given to the OAuth client. + required: true + diff --git a/mmv1/products/iap/Tunnel.yaml b/mmv1/products/iap/Tunnel.yaml new file mode 100644 index 000000000000..e08635c15a32 --- /dev/null +++ b/mmv1/products/iap/Tunnel.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Tunnel' +base_url: 'projects/{{project}}/iap_tunnel' +self_link: 'projects/{{project}}/iap_tunnel' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'project' + description: Project ID. + required: true diff --git a/mmv1/products/iap/TunnelInstance.yaml b/mmv1/products/iap/TunnelInstance.yaml new file mode 100644 index 000000000000..f6f1772400df --- /dev/null +++ b/mmv1/products/iap/TunnelInstance.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TunnelInstance' +base_url: 'projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}' +self_link: 'projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Name of the instance. + required: true diff --git a/mmv1/products/iap/Web.yaml b/mmv1/products/iap/Web.yaml new file mode 100644 index 000000000000..7aae5c33e67d --- /dev/null +++ b/mmv1/products/iap/Web.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Web' +base_url: 'projects/{{project}}/iap_web' +self_link: 'projects/{{project}}/iap_web' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Dummy property. + required: true diff --git a/mmv1/products/iap/WebBackendService.yaml b/mmv1/products/iap/WebBackendService.yaml new file mode 100644 index 000000000000..72f547321d48 --- /dev/null +++ b/mmv1/products/iap/WebBackendService.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WebBackendService' +base_url: 'projects/{{project}}/iap_web/compute/services/{{name}}' +self_link: 'projects/{{project}}/iap_web/compute/services/{{name}}' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Name or self link of a backend service. + required: true diff --git a/mmv1/products/iap/WebTypeAppEngine.yaml b/mmv1/products/iap/WebTypeAppEngine.yaml new file mode 100644 index 000000000000..7dc6cc3db07b --- /dev/null +++ b/mmv1/products/iap/WebTypeAppEngine.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WebTypeAppEngine' +base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}' +self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'appId' + description: Id of the App Engine application. + required: true diff --git a/mmv1/products/iap/WebTypeCompute.yaml b/mmv1/products/iap/WebTypeCompute.yaml new file mode 100644 index 000000000000..571fe90ab249 --- /dev/null +++ b/mmv1/products/iap/WebTypeCompute.yaml @@ -0,0 +1,27 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'WebTypeCompute' +base_url: 'projects/{{project}}/iap_web/compute' +self_link: 'projects/{{project}}/iap_web/compute' +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Dummy property. + required: true diff --git a/mmv1/products/iap/api.yaml b/mmv1/products/iap/api.yaml deleted file mode 100644 index 0b27a1376c77..000000000000 --- a/mmv1/products/iap/api.yaml +++ /dev/null @@ -1,239 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Iap -display_name: Identity-Aware Proxy -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://iap.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Identity-Aware Proxy - url: https://console.cloud.google.com/apis/library/iap.googleapis.com/ -objects: - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'Web' - base_url: 'projects/{{project}}/iap_web' - self_link: 'projects/{{project}}/iap_web' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Dummy property. - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'WebTypeCompute' - base_url: 'projects/{{project}}/iap_web/compute' - self_link: 'projects/{{project}}/iap_web/compute' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Dummy property. - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'WebTypeAppEngine' - base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}' - self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'appId' - description: Id of the App Engine application. - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'AppEngineVersion' - base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}' - self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'appId' - description: Id of the App Engine application. - required: true - - !ruby/object:Api::Type::String - name: 'service' - description: Service id of the App Engine application - required: true - - !ruby/object:Api::Type::String - name: 'versionId' - description: Version id of the App Engine application - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'AppEngineService' - base_url: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}' - self_link: 'projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'appId' - description: Id of the App Engine application. - required: true - - !ruby/object:Api::Type::String - name: 'service' - description: Service id of the App Engine application - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'WebBackendService' - base_url: 'projects/{{project}}/iap_web/compute/services/{{name}}' - self_link: 'projects/{{project}}/iap_web/compute/services/{{name}}' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Name or self link of a backend service. - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'TunnelInstance' - base_url: 'projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}' - self_link: 'projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Name of the instance. - required: true - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'Tunnel' - base_url: 'projects/{{project}}/iap_tunnel' - self_link: 'projects/{{project}}/iap_tunnel' - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'project' - description: Project ID. - required: true - - !ruby/object:Api::Resource - name: 'Brand' - base_url: 'projects/{{project}}/brands' - self_link: '{{name}}' - input: true - identity: - - name - description: | - OAuth brand data. Only "Organization Internal" brands can be created - programmatically via API. To convert it into an external brands - please use the GCP Console. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Setting up IAP Brand': - 'https://cloud.google.com/iap/docs/tutorial-gce#set_up_iap' - api: 'https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Output only. Identifier of the brand, in the format `projects/{project_number}/brands/{brand_id}` - NOTE: The name can also be expressed as `projects/{project_id}/brands/{brand_id}`, e.g. when importing. - NOTE: The brand identification corresponds to the project number as only one - brand can be created per project. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'supportEmail' - description: | - Support email displayed on the OAuth consent screen. Can be either a - user or group email. When a user email is specified, the caller must - be the user with the associated email address. When a group email is - specified, the caller can be either a user or a service account which - is an owner of the specified group in Cloud Identity. - required: true - - !ruby/object:Api::Type::String - name: 'applicationTitle' - description: | - Application name displayed on OAuth consent screen. - required: true - - !ruby/object:Api::Type::Boolean - name: 'orgInternalOnly' - description: | - Whether the brand is only intended for usage inside the GSuite organization only. - output: true - - !ruby/object:Api::Resource - name: 'Client' - base_url: '{{brand}}/identityAwareProxyClients' - self_link: '{{client_id}}' - input: true - description: | - Contains the data that describes an Identity Aware Proxy owned client. - - ~> **Note:** Only internal org clients can be created via declarative tools. External clients must be - manually created via the GCP console. This restriction is due to the existing APIs and not lack of support - in this tool. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Setting up IAP Client': - 'https://cloud.google.com/iap/docs/authentication-howto' - api: 'https://cloud.google.com/iap/docs/reference/rest/v1/projects.brands.identityAwareProxyClients' - parameters: - - !ruby/object:Api::Type::String - name: 'clientId' - api_name: name - description: | - Output only. Unique identifier of the OAuth client. - output: true - - !ruby/object:Api::Type::String - name: 'brand' - description: | - Identifier of the brand to which this client - is attached to. The format is - `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'secret' - description: | - Output only. Client secret of the OAuth client. - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - Human-friendly name given to the OAuth client. - required: true diff --git a/mmv1/products/iap/product.yaml b/mmv1/products/iap/product.yaml new file mode 100644 index 000000000000..851b68d1743c --- /dev/null +++ b/mmv1/products/iap/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Iap +display_name: Identity-Aware Proxy +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://iap.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Identity-Aware Proxy + url: https://console.cloud.google.com/apis/library/iap.googleapis.com/ diff --git a/mmv1/products/identityplatform/Config.yaml b/mmv1/products/identityplatform/Config.yaml new file mode 100644 index 000000000000..bd0588934b75 --- /dev/null +++ b/mmv1/products/identityplatform/Config.yaml @@ -0,0 +1,43 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Config' +base_url: 'projects/{{project}}/config' +self_link: 'projects/{{project}}/config' +create_url: 'projects/{{project}}/identityPlatform:initializeAuth' +update_verb: :PATCH +update_mask: true +description: | + Identity Platform configuration for a Cloud project. Identity Platform is an + end-to-end authentication system for third-party users to access apps + and services. + + This entity is created only once during intialization and cannot be deleted, + individual Identity Providers may be disabled instead. This resource may only + be created in billing-enabled projects. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/identity-platform/docs' + api: 'https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config' +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The name of the Config resource + - !ruby/object:Api::Type::Boolean + name: 'autodeleteAnonymousUsers' + description: | + Whether anonymous users will be auto-deleted after a period of 30 days diff --git a/mmv1/products/identityplatform/DefaultSupportedIdpConfig.yaml b/mmv1/products/identityplatform/DefaultSupportedIdpConfig.yaml new file mode 100644 index 000000000000..1f19c63c1caf --- /dev/null +++ b/mmv1/products/identityplatform/DefaultSupportedIdpConfig.yaml @@ -0,0 +1,74 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DefaultSupportedIdpConfig' +base_url: 'projects/{{project}}/defaultSupportedIdpConfigs' +self_link: 'projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}}' +create_url: 'projects/{{project}}/defaultSupportedIdpConfigs?idpId={{idp_id}}' +update_verb: :PATCH +update_mask: true +description: | + Configurations options for authenticating with a the standard set of Identity Toolkit-trusted IDPs. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The name of the DefaultSupportedIdpConfig resource + - !ruby/object:Api::Type::String + name: 'idpId' + description: | + ID of the IDP. Possible values include: + + * `apple.com` + + * `facebook.com` + + * `gc.apple.com` + + * `github.com` + + * `google.com` + + * `linkedin.com` + + * `microsoft.com` + + * `playgames.google.com` + + * `twitter.com` + + * `yahoo.com` + + immutable: true + url_param_only: true + required: true + - !ruby/object:Api::Type::String + name: 'clientId' + description: | + OAuth client ID + required: true + - !ruby/object:Api::Type::String + name: 'clientSecret' + description: | + OAuth client secret + required: true + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + If this IDP allows the user to sign in diff --git a/mmv1/products/identityplatform/InboundSamlConfig.yaml b/mmv1/products/identityplatform/InboundSamlConfig.yaml new file mode 100644 index 000000000000..1ae39e7a2156 --- /dev/null +++ b/mmv1/products/identityplatform/InboundSamlConfig.yaml @@ -0,0 +1,102 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InboundSamlConfig' +base_url: 'projects/{{project}}/inboundSamlConfigs' +self_link: 'projects/{{project}}/inboundSamlConfigs/{{name}}' +create_url: 'projects/{{project}}/inboundSamlConfigs?inboundSamlConfigId={{name}}' +update_verb: :PATCH +update_mask: true +description: | + Inbound SAML configuration for a Identity Toolkit project. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, + hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an + alphanumeric character, and have at least 2 characters. + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + Human friendly display name. + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + If this config allows users to sign in with the provider. + - !ruby/object:Api::Type::NestedObject + name: 'idpConfig' + required: true + description: | + SAML IdP configuration when the project acts as the relying party + properties: + - !ruby/object:Api::Type::String + name: 'idpEntityId' + required: true + description: | + Unique identifier for all SAML entities + - !ruby/object:Api::Type::String + name: 'ssoUrl' + required: true + description: | + URL to send Authentication request to. + - !ruby/object:Api::Type::Boolean + name: 'signRequest' + description: | + Indicates if outbounding SAMLRequest should be signed. + - !ruby/object:Api::Type::Array + name: 'idpCertificates' + required: true + description: | + The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'x509Certificate' + description: | + The IdP's x509 certificate. + - !ruby/object:Api::Type::NestedObject + name: 'spConfig' + required: true + description: | + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + - !ruby/object:Api::Type::String + name: 'spEntityId' + description: | + Unique identifier for all SAML entities. + - !ruby/object:Api::Type::String + name: 'callbackUri' + description: | + Callback URI where responses from IDP are handled. Must start with `https://`. + - !ruby/object:Api::Type::Array + name: 'spCertificates' + output: true + description: | + The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'x509Certificate' + output: true + description: | + The x509 certificate diff --git a/mmv1/products/identityplatform/OauthIdpConfig.yaml b/mmv1/products/identityplatform/OauthIdpConfig.yaml new file mode 100644 index 000000000000..243620d6d02a --- /dev/null +++ b/mmv1/products/identityplatform/OauthIdpConfig.yaml @@ -0,0 +1,55 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'OauthIdpConfig' +base_url: 'projects/{{project}}/oauthIdpConfigs' +self_link: 'projects/{{project}}/oauthIdpConfigs/{{name}}' +create_url: 'projects/{{project}}/oauthIdpConfigs?oauthIdpConfigId={{name}}' +update_verb: :PATCH +update_mask: true +description: | + OIDC IdP configuration for a Identity Toolkit project. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + The name of the OauthIdpConfig. Must start with `oidc.`. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + Human friendly display name. + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + If this config allows users to sign in with the provider. + - !ruby/object:Api::Type::String + name: 'issuer' + description: | + For OIDC Idps, the issuer identifier. + required: true + - !ruby/object:Api::Type::String + name: 'clientId' + description: | + The client id of an OAuth client. + required: true + - !ruby/object:Api::Type::String + name: 'clientSecret' + description: | + The client secret of the OAuth client, to enable OIDC code flow. diff --git a/mmv1/products/identityplatform/ProjectDefaultConfig.yaml b/mmv1/products/identityplatform/ProjectDefaultConfig.yaml new file mode 100644 index 000000000000..035e961fbd3e --- /dev/null +++ b/mmv1/products/identityplatform/ProjectDefaultConfig.yaml @@ -0,0 +1,106 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: ProjectDefaultConfig +base_url: 'projects/{{project}}/config' +self_link: 'projects/{{project}}/config' +update_verb: :PATCH +update_mask: true +description: | + There is no persistent data associated with this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the Config resource. Example: "projects/my-awesome-project/config" + output: true + - !ruby/object:Api::Type::NestedObject + name: 'signIn' + description: | + Configuration related to local sign in methods. + properties: + - !ruby/object:Api::Type::NestedObject + name: email + description: | + Configuration options related to authenticating a user by their email address. + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + description: | + Whether email auth is enabled for the project or not. + - !ruby/object:Api::Type::Boolean + name: 'passwordRequired' + description: | + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + - !ruby/object:Api::Type::NestedObject + name: phoneNumber + description: | + Configuration options related to authenticated a user by their phone number. + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + description: | + Whether phone number auth is enabled for the project or not. + - !ruby/object:Api::Type::KeyValuePairs + name: 'testPhoneNumbers' + description: | + A map of that can be used for phone auth testing. + - !ruby/object:Api::Type::NestedObject + name: anonymous + description: | + Configuration options related to authenticating an anonymous user. + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + required: true + description: | + Whether anonymous user auth is enabled for the project or not. + - !ruby/object:Api::Type::Boolean + name: allowDuplicateEmails + description: | + Whether to allow more than one account to have the same email. + - !ruby/object:Api::Type::NestedObject + name: hashConfig + output: true + description: | + Output only. Hash config information. + properties: + - !ruby/object:Api::Type::String + name: algorithm + output: true + description: | + Different password hash algorithms used in Identity Toolkit. + - !ruby/object:Api::Type::String + name: 'signerKey' + output: true + description: | + Signer key in base64. + - !ruby/object:Api::Type::String + name: 'saltSeparator' + output: true + description: | + Non-printable character to be inserted between the salt and plain text password in base64. + - !ruby/object:Api::Type::Integer + name: rounds + output: true + description: | + How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. + - !ruby/object:Api::Type::Integer + name: 'memoryCost' + output: true + description: | + Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. + diff --git a/mmv1/products/identityplatform/Tenant.yaml b/mmv1/products/identityplatform/Tenant.yaml new file mode 100644 index 000000000000..342f3a20b4ad --- /dev/null +++ b/mmv1/products/identityplatform/Tenant.yaml @@ -0,0 +1,53 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Tenant' +base_url: 'projects/{{project}}/tenants' +self_link: 'projects/{{project}}/tenants/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + Tenant configuration in a multi-tenant project. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. + + You must [enable multi-tenancy](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart) via + the Cloud Console prior to creating tenants. +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the tenant that is generated by the server + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + Human friendly display name of the tenant. + - !ruby/object:Api::Type::Boolean + name: 'allowPasswordSignup' + description: | + Whether to allow email/password user authentication. + - !ruby/object:Api::Type::Boolean + name: 'enableEmailLinkSignin' + description: | + Whether to enable email link user authentication. + - !ruby/object:Api::Type::Boolean + name: 'disableAuth' + description: | + Whether authentication is disabled for the tenant. If true, the users under + the disabled tenant are not allowed to sign-in. Admins of the disabled tenant + are not able to manage its users. diff --git a/mmv1/products/identityplatform/TenantDefaultSupportedIdpConfig.yaml b/mmv1/products/identityplatform/TenantDefaultSupportedIdpConfig.yaml new file mode 100644 index 000000000000..f5da11fd45c2 --- /dev/null +++ b/mmv1/products/identityplatform/TenantDefaultSupportedIdpConfig.yaml @@ -0,0 +1,81 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TenantDefaultSupportedIdpConfig' +base_url: 'projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs' +self_link: 'projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs/{{idp_id}}' +create_url: 'projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs?idpId={{idp_id}}' +update_verb: :PATCH +update_mask: true +description: | + Configurations options for the tenant for authenticating with a the standard set of Identity Toolkit-trusted IDPs. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The name of the default supported IDP config resource + - !ruby/object:Api::Type::String + name: 'idpId' + description: | + ID of the IDP. Possible values include: + + * `apple.com` + + * `facebook.com` + + * `gc.apple.com` + + * `github.com` + + * `google.com` + + * `linkedin.com` + + * `microsoft.com` + + * `playgames.google.com` + + * `twitter.com` + + * `yahoo.com` + + immutable: true + url_param_only: true + required: true + - !ruby/object:Api::Type::String + name: 'tenant' + required: true + url_param_only: true + immutable: true + description: | + The name of the tenant where this DefaultSupportedIdpConfig resource exists + - !ruby/object:Api::Type::String + name: 'clientId' + required: true + description: | + OAuth client ID + - !ruby/object:Api::Type::String + name: 'clientSecret' + required: true + description: | + OAuth client secret + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + If this IDP allows the user to sign in diff --git a/mmv1/products/identityplatform/TenantInboundSamlConfig.yaml b/mmv1/products/identityplatform/TenantInboundSamlConfig.yaml new file mode 100644 index 000000000000..e5cb42efd2eb --- /dev/null +++ b/mmv1/products/identityplatform/TenantInboundSamlConfig.yaml @@ -0,0 +1,111 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TenantInboundSamlConfig' +base_url: 'projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs' +self_link: 'projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}' +create_url: 'projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs?inboundSamlConfigId={{name}}' +update_verb: :PATCH +update_mask: true +description: | + Inbound SAML configuration for a Identity Toolkit tenant. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, + hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an + alphanumeric character, and have at least 2 characters. + - !ruby/object:Api::Type::String + name: 'tenant' + required: true + immutable: true + url_param_only: true + description: | + The name of the tenant where this inbound SAML config resource exists + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + Human friendly display name. + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + If this config allows users to sign in with the provider. + - !ruby/object:Api::Type::NestedObject + name: 'idpConfig' + required: true + description: | + SAML IdP configuration when the project acts as the relying party + properties: + - !ruby/object:Api::Type::String + name: 'idpEntityId' + required: true + description: | + Unique identifier for all SAML entities + - !ruby/object:Api::Type::String + name: 'ssoUrl' + required: true + description: | + URL to send Authentication request to. + - !ruby/object:Api::Type::Boolean + name: 'signRequest' + description: | + Indicates if outbounding SAMLRequest should be signed. + - !ruby/object:Api::Type::Array + name: 'idpCertificates' + required: true + description: | + The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'x509Certificate' + description: | + The x509 certificate + - !ruby/object:Api::Type::NestedObject + name: 'spConfig' + required: true + description: | + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + - !ruby/object:Api::Type::String + name: 'spEntityId' + required: true + description: | + Unique identifier for all SAML entities. + - !ruby/object:Api::Type::String + name: 'callbackUri' + required: true + description: | + Callback URI where responses from IDP are handled. Must start with `https://`. + - !ruby/object:Api::Type::Array + name: 'spCertificates' + output: true + description: | + The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'x509Certificate' + output: true + description: | + The x509 certificate diff --git a/mmv1/products/identityplatform/TenantOauthIdpConfig.yaml b/mmv1/products/identityplatform/TenantOauthIdpConfig.yaml new file mode 100644 index 000000000000..61d400e9dc02 --- /dev/null +++ b/mmv1/products/identityplatform/TenantOauthIdpConfig.yaml @@ -0,0 +1,63 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TenantOauthIdpConfig' +base_url: 'projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs' +self_link: 'projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs/{{name}}' +create_url: 'projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs?oauthIdpConfigId={{name}}' +update_verb: :PATCH +update_mask: true +description: | + OIDC IdP configuration for a Identity Toolkit project within a tenant. + + You must enable the + [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in + the marketplace prior to using this resource. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + The name of the OauthIdpConfig. Must start with `oidc.`. + - !ruby/object:Api::Type::String + name: 'tenant' + required: true + url_param_only: true + immutable: true + description: | + The name of the tenant where this OIDC IDP configuration resource exists + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + Human friendly display name. + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + If this config allows users to sign in with the provider. + - !ruby/object:Api::Type::String + name: 'issuer' + description: | + For OIDC Idps, the issuer identifier. + required: true + - !ruby/object:Api::Type::String + name: 'clientId' + description: | + The client id of an OAuth client. + required: true + - !ruby/object:Api::Type::String + name: 'clientSecret' + description: | + The client secret of the OAuth client, to enable OIDC code flow. diff --git a/mmv1/products/identityplatform/api.yaml b/mmv1/products/identityplatform/api.yaml deleted file mode 100644 index b8230d175781..000000000000 --- a/mmv1/products/identityplatform/api.yaml +++ /dev/null @@ -1,599 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: IdentityPlatform -display_name: Identity Platform -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://identitytoolkit.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/identitytoolkit - - https://www.googleapis.com/auth/firebase - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Google Identity Platform - url: https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity/ -objects: - - !ruby/object:Api::Resource - name: 'Config' - base_url: 'projects/{{project}}/config' - self_link: 'projects/{{project}}/config' - create_url: 'projects/{{project}}/identityPlatform:initializeAuth' - update_verb: :PATCH - update_mask: true - description: | - Identity Platform configuration for a Cloud project. Identity Platform is an - end-to-end authentication system for third-party users to access apps - and services. - - This entity is created only once during intialization and cannot be deleted, - individual Identity Providers may be disabled instead. This resource may only - be created in billing-enabled projects. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/identity-platform/docs' - api: 'https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config' - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The name of the Config resource - - !ruby/object:Api::Type::Boolean - name: 'autodeleteAnonymousUsers' - description: | - Whether anonymous users will be auto-deleted after a period of 30 days - - !ruby/object:Api::Resource - name: 'DefaultSupportedIdpConfig' - base_url: 'projects/{{project}}/defaultSupportedIdpConfigs' - self_link: 'projects/{{project}}/defaultSupportedIdpConfigs/{{idp_id}}' - create_url: 'projects/{{project}}/defaultSupportedIdpConfigs?idpId={{idp_id}}' - update_verb: :PATCH - update_mask: true - description: | - Configurations options for authenticating with a the standard set of Identity Toolkit-trusted IDPs. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The name of the DefaultSupportedIdpConfig resource - - !ruby/object:Api::Type::String - name: 'idpId' - description: | - ID of the IDP. Possible values include: - - * `apple.com` - - * `facebook.com` - - * `gc.apple.com` - - * `github.com` - - * `google.com` - - * `linkedin.com` - - * `microsoft.com` - - * `playgames.google.com` - - * `twitter.com` - - * `yahoo.com` - - input: true - url_param_only: true - required: true - - !ruby/object:Api::Type::String - name: 'clientId' - description: | - OAuth client ID - required: true - - !ruby/object:Api::Type::String - name: 'clientSecret' - description: | - OAuth client secret - required: true - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - If this IDP allows the user to sign in - - !ruby/object:Api::Resource - name: 'TenantDefaultSupportedIdpConfig' - base_url: 'projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs' - self_link: 'projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs/{{idp_id}}' - create_url: 'projects/{{project}}/tenants/{{tenant}}/defaultSupportedIdpConfigs?idpId={{idp_id}}' - update_verb: :PATCH - update_mask: true - description: | - Configurations options for the tenant for authenticating with a the standard set of Identity Toolkit-trusted IDPs. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The name of the default supported IDP config resource - - !ruby/object:Api::Type::String - name: 'idpId' - description: | - ID of the IDP. Possible values include: - - * `apple.com` - - * `facebook.com` - - * `gc.apple.com` - - * `github.com` - - * `google.com` - - * `linkedin.com` - - * `microsoft.com` - - * `playgames.google.com` - - * `twitter.com` - - * `yahoo.com` - - input: true - url_param_only: true - required: true - - !ruby/object:Api::Type::String - name: 'tenant' - required: true - url_param_only: true - input: true - description: | - The name of the tenant where this DefaultSupportedIdpConfig resource exists - - !ruby/object:Api::Type::String - name: 'clientId' - required: true - description: | - OAuth client ID - - !ruby/object:Api::Type::String - name: 'clientSecret' - required: true - description: | - OAuth client secret - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - If this IDP allows the user to sign in - - !ruby/object:Api::Resource - name: 'InboundSamlConfig' - base_url: 'projects/{{project}}/inboundSamlConfigs' - self_link: 'projects/{{project}}/inboundSamlConfigs/{{name}}' - create_url: 'projects/{{project}}/inboundSamlConfigs?inboundSamlConfigId={{name}}' - update_verb: :PATCH - update_mask: true - description: | - Inbound SAML configuration for a Identity Toolkit project. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, - hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an - alphanumeric character, and have at least 2 characters. - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - Human friendly display name. - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - If this config allows users to sign in with the provider. - - !ruby/object:Api::Type::NestedObject - name: 'idpConfig' - required: true - description: | - SAML IdP configuration when the project acts as the relying party - properties: - - !ruby/object:Api::Type::String - name: 'idpEntityId' - required: true - description: | - Unique identifier for all SAML entities - - !ruby/object:Api::Type::String - name: 'ssoUrl' - required: true - description: | - URL to send Authentication request to. - - !ruby/object:Api::Type::Boolean - name: 'signRequest' - description: | - Indicates if outbounding SAMLRequest should be signed. - - !ruby/object:Api::Type::Array - name: 'idpCertificates' - required: true - description: | - The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'x509Certificate' - description: | - The IdP's x509 certificate. - - !ruby/object:Api::Type::NestedObject - name: 'spConfig' - required: true - description: | - SAML SP (Service Provider) configuration when the project acts as the relying party to receive - and accept an authentication assertion issued by a SAML identity provider. - properties: - - !ruby/object:Api::Type::String - name: 'spEntityId' - description: | - Unique identifier for all SAML entities. - - !ruby/object:Api::Type::String - name: 'callbackUri' - description: | - Callback URI where responses from IDP are handled. Must start with `https://`. - - !ruby/object:Api::Type::Array - name: 'spCertificates' - output: true - description: | - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'x509Certificate' - output: true - description: | - The x509 certificate - - !ruby/object:Api::Resource - name: 'TenantInboundSamlConfig' - base_url: 'projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs' - self_link: 'projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs/{{name}}' - create_url: 'projects/{{project}}/tenants/{{tenant}}/inboundSamlConfigs?inboundSamlConfigId={{name}}' - update_verb: :PATCH - update_mask: true - description: | - Inbound SAML configuration for a Identity Toolkit tenant. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters, - hyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an - alphanumeric character, and have at least 2 characters. - - !ruby/object:Api::Type::String - name: 'tenant' - required: true - input: true - url_param_only: true - description: | - The name of the tenant where this inbound SAML config resource exists - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - Human friendly display name. - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - If this config allows users to sign in with the provider. - - !ruby/object:Api::Type::NestedObject - name: 'idpConfig' - required: true - description: | - SAML IdP configuration when the project acts as the relying party - properties: - - !ruby/object:Api::Type::String - name: 'idpEntityId' - required: true - description: | - Unique identifier for all SAML entities - - !ruby/object:Api::Type::String - name: 'ssoUrl' - required: true - description: | - URL to send Authentication request to. - - !ruby/object:Api::Type::Boolean - name: 'signRequest' - description: | - Indicates if outbounding SAMLRequest should be signed. - - !ruby/object:Api::Type::Array - name: 'idpCertificates' - required: true - description: | - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'x509Certificate' - description: | - The x509 certificate - - !ruby/object:Api::Type::NestedObject - name: 'spConfig' - required: true - description: | - SAML SP (Service Provider) configuration when the project acts as the relying party to receive - and accept an authentication assertion issued by a SAML identity provider. - properties: - - !ruby/object:Api::Type::String - name: 'spEntityId' - required: true - description: | - Unique identifier for all SAML entities. - - !ruby/object:Api::Type::String - name: 'callbackUri' - required: true - description: | - Callback URI where responses from IDP are handled. Must start with `https://`. - - !ruby/object:Api::Type::Array - name: 'spCertificates' - output: true - description: | - The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'x509Certificate' - output: true - description: | - The x509 certificate - - !ruby/object:Api::Resource - name: 'OauthIdpConfig' - base_url: 'projects/{{project}}/oauthIdpConfigs' - self_link: 'projects/{{project}}/oauthIdpConfigs/{{name}}' - create_url: 'projects/{{project}}/oauthIdpConfigs?oauthIdpConfigId={{name}}' - update_verb: :PATCH - update_mask: true - description: | - OIDC IdP configuration for a Identity Toolkit project. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - The name of the OauthIdpConfig. Must start with `oidc.`. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - Human friendly display name. - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - If this config allows users to sign in with the provider. - - !ruby/object:Api::Type::String - name: 'issuer' - description: | - For OIDC Idps, the issuer identifier. - required: true - - !ruby/object:Api::Type::String - name: 'clientId' - description: | - The client id of an OAuth client. - required: true - - !ruby/object:Api::Type::String - name: 'clientSecret' - description: | - The client secret of the OAuth client, to enable OIDC code flow. - - !ruby/object:Api::Resource - name: 'TenantOauthIdpConfig' - base_url: 'projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs' - self_link: 'projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs/{{name}}' - create_url: 'projects/{{project}}/tenants/{{tenant}}/oauthIdpConfigs?oauthIdpConfigId={{name}}' - update_verb: :PATCH - update_mask: true - description: | - OIDC IdP configuration for a Identity Toolkit project within a tenant. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - The name of the OauthIdpConfig. Must start with `oidc.`. - - !ruby/object:Api::Type::String - name: 'tenant' - required: true - url_param_only: true - input: true - description: | - The name of the tenant where this OIDC IDP configuration resource exists - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - Human friendly display name. - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - If this config allows users to sign in with the provider. - - !ruby/object:Api::Type::String - name: 'issuer' - description: | - For OIDC Idps, the issuer identifier. - required: true - - !ruby/object:Api::Type::String - name: 'clientId' - description: | - The client id of an OAuth client. - required: true - - !ruby/object:Api::Type::String - name: 'clientSecret' - description: | - The client secret of the OAuth client, to enable OIDC code flow. - - !ruby/object:Api::Resource - name: 'Tenant' - base_url: 'projects/{{project}}/tenants' - self_link: 'projects/{{project}}/tenants/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - Tenant configuration in a multi-tenant project. - - You must enable the - [Google Identity Platform](https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity) in - the marketplace prior to using this resource. - - You must [enable multi-tenancy](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart) via - the Cloud Console prior to creating tenants. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the tenant that is generated by the server - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - Human friendly display name of the tenant. - - !ruby/object:Api::Type::Boolean - name: 'allowPasswordSignup' - description: | - Whether to allow email/password user authentication. - - !ruby/object:Api::Type::Boolean - name: 'enableEmailLinkSignin' - description: | - Whether to enable email link user authentication. - - !ruby/object:Api::Type::Boolean - name: 'disableAuth' - description: | - Whether authentication is disabled for the tenant. If true, the users under - the disabled tenant are not allowed to sign-in. Admins of the disabled tenant - are not able to manage its users. - - !ruby/object:Api::Resource - name: ProjectDefaultConfig - base_url: 'projects/{{project}}/config' - self_link: 'projects/{{project}}/config' - update_verb: :PATCH - update_mask: true - description: | - There is no persistent data associated with this resource. - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the Config resource. Example: "projects/my-awesome-project/config" - output: true - - !ruby/object:Api::Type::NestedObject - name: 'signIn' - description: | - Configuration related to local sign in methods. - properties: - - !ruby/object:Api::Type::NestedObject - name: email - description: | - Configuration options related to authenticating a user by their email address. - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - description: | - Whether email auth is enabled for the project or not. - - !ruby/object:Api::Type::Boolean - name: 'passwordRequired' - description: | - Whether a password is required for email auth or not. If true, both an email and - password must be provided to sign in. If false, a user may sign in via either - email/password or email link. - - !ruby/object:Api::Type::NestedObject - name: phoneNumber - description: | - Configuration options related to authenticated a user by their phone number. - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - description: | - Whether phone number auth is enabled for the project or not. - - !ruby/object:Api::Type::KeyValuePairs - name: 'testPhoneNumbers' - description: | - A map of that can be used for phone auth testing. - - !ruby/object:Api::Type::NestedObject - name: anonymous - description: | - Configuration options related to authenticating an anonymous user. - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - required: true - description: | - Whether anonymous user auth is enabled for the project or not. - - !ruby/object:Api::Type::Boolean - name: allowDuplicateEmails - description: | - Whether to allow more than one account to have the same email. - - !ruby/object:Api::Type::NestedObject - name: hashConfig - output: true - description: | - Output only. Hash config information. - properties: - - !ruby/object:Api::Type::String - name: algorithm - output: true - description: | - Different password hash algorithms used in Identity Toolkit. - - !ruby/object:Api::Type::String - name: 'signerKey' - output: true - description: | - Signer key in base64. - - !ruby/object:Api::Type::String - name: 'saltSeparator' - output: true - description: | - Non-printable character to be inserted between the salt and plain text password in base64. - - !ruby/object:Api::Type::Integer - name: rounds - output: true - description: | - How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms. - - !ruby/object:Api::Type::Integer - name: 'memoryCost' - output: true - description: | - Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field. diff --git a/mmv1/products/identityplatform/product.yaml b/mmv1/products/identityplatform/product.yaml new file mode 100644 index 000000000000..c5ae1a8e323e --- /dev/null +++ b/mmv1/products/identityplatform/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: IdentityPlatform +display_name: Identity Platform +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://identitytoolkit.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/identitytoolkit + - https://www.googleapis.com/auth/firebase + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Google Identity Platform + url: https://console.cloud.google.com/marketplace/details/google-cloud-platform/customer-identity/ diff --git a/mmv1/products/kms/CryptoKey.yaml b/mmv1/products/kms/CryptoKey.yaml new file mode 100644 index 000000000000..0df6ae7d9225 --- /dev/null +++ b/mmv1/products/kms/CryptoKey.yaml @@ -0,0 +1,113 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CryptoKey' +base_url: '{{key_ring}}/cryptoKeys' +create_url: '{{key_ring}}/cryptoKeys?cryptoKeyId={{name}}&skipInitialVersionCreation={{skip_initial_version_creation}}' +self_link: '{{key_ring}}/cryptoKeys/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A `CryptoKey` represents a logical key that can be used for cryptographic operations. +parameters: + - !ruby/object:Api::Type::String + name: 'keyRing' + description: | + The KeyRing that this key belongs to. + Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Boolean + name: 'skipInitialVersionCreation' + description: | + If set to true, the request will create a CryptoKey without any CryptoKeyVersions. + You must use the `google_kms_key_ring_import_job` resource to import the CryptoKeyVersion. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the CryptoKey. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels with user-defined metadata to apply to this resource. + - !ruby/object:Api::Type::Enum + name: 'purpose' + description: | + The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. + values: + - "ENCRYPT_DECRYPT" + - "ASYMMETRIC_SIGN" + - "ASYMMETRIC_DECRYPT" + - "MAC" + default_value: :ENCRYPT_DECRYPT + immutable: true + - !ruby/object:Api::Type::String + name: 'rotationPeriod' + description: | + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter `s` (seconds). It must be greater than a day (ie, 86400). + - !ruby/object:Api::Type::NestedObject + name: 'versionTemplate' + description: | + A template describing settings for new crypto key versions. + properties: + - !ruby/object:Api::Type::String + name: 'algorithm' + description: | + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + required: true + - !ruby/object:Api::Type::String + name: 'protectionLevel' + description: | + The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + immutable: true + - !ruby/object:Api::Type::Time + name: 'nextRotationTime' + description: | + The time when KMS will create a new version of this Crypto Key. + output: true + - !ruby/object:Api::Type::String + name: 'destroyScheduledDuration' + immutable: true + description: | + The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + - !ruby/object:Api::Type::Boolean + name: 'importOnly' + immutable: true + description: | + Whether this key may contain imported versions only. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a key': + 'https://cloud.google.com/kms/docs/creating-keys#create_a_key' + api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys' diff --git a/mmv1/products/kms/CryptoKeyVersion.yaml b/mmv1/products/kms/CryptoKeyVersion.yaml new file mode 100644 index 000000000000..188d4cc2a35a --- /dev/null +++ b/mmv1/products/kms/CryptoKeyVersion.yaml @@ -0,0 +1,118 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CryptoKeyVersion' +base_url: '{{crypto_key}}/cryptoKeyVersions' +create_url: '{{crypto_key}}/cryptoKeyVersions' +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +delete_verb: :POST +delete_url: '{{name}}:destroy' +description: | + A `CryptoKeyVersion` represents an individual cryptographic key, and the associated key material. +parameters: + - !ruby/object:Api::Type::String + name: 'cryptoKey' + required: true + immutable: true + url_param_only: true + description: | + The name of the cryptoKey associated with the CryptoKeyVersions. + Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'` +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for this CryptoKeyVersion. + output: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The current state of the CryptoKeyVersion. + values: + - "PENDING_GENERATION" + - "ENABLED" + - "DISABLED" + - "DESTROYED" + - "DESTROY_SCHEDULED" + - "PENDING_IMPORT" + - "IMPORT_FAILED" + - !ruby/object:Api::Type::String + name: 'protectionLevel' + output: true + description: | + The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. + - !ruby/object:Api::Type::Time + name: 'generateTime' + description: | + The time this CryptoKeyVersion key material was generated + output: true + - !ruby/object:Api::Type::String + name: 'algorithm' + description: | + The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'attestation' + description: | + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'format' + description: | + The format of the attestation data. + output: true + - !ruby/object:Api::Type::String + name: 'content' + description: | + The attestation data provided by the HSM when the key operation was performed. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'certChains' + description: | + The certificate chains needed to validate the attestation + properties: + - !ruby/object:Api::Type::String + name: 'caviumCerts' + description: | + Cavium certificate chain corresponding to the attestation. + - !ruby/object:Api::Type::String + name: 'googleCardCerts' + description: | + Google card certificate chain corresponding to the attestation. + - !ruby/object:Api::Type::String + name: 'googlePartitionCerts' + description: | + Google partition certificate chain corresponding to the attestation. + - !ruby/object:Api::Type::NestedObject + name: 'externalProtectionLevelOptions' + description: | + ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + properties: + - !ruby/object:Api::Type::String + name: 'externalKeyUri' + description: | + The URI for an external resource that this CryptoKeyVersion represents. + - !ruby/object:Api::Type::String + name: 'ekmConnectionKeyPath' + description: | + The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a key Version': + 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions/create' + api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions' diff --git a/mmv1/products/kms/KeyRing.yaml b/mmv1/products/kms/KeyRing.yaml new file mode 100644 index 000000000000..0db838c35c51 --- /dev/null +++ b/mmv1/products/kms/KeyRing.yaml @@ -0,0 +1,50 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'KeyRing' +base_url: 'projects/{{project}}/locations/{{location}}/keyRings' +create_url: 'projects/{{project}}/locations/{{location}}/keyRings?keyRingId={{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/keyRings/{{name}}' +immutable: true +description: | + A `KeyRing` is a toplevel logical grouping of `CryptoKeys`. +parameters: + - !ruby/object:Api::Type::String + name: 'location' + description: | + The location for the KeyRing. + A full list of valid locations can be found by running `gcloud kms locations list`. + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the KeyRing. + required: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'keyRingUrl' + description: | + The full resource name for the KeyRing + exclude: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating a key ring': + 'https://cloud.google.com/kms/docs/creating-keys#create_a_key_ring' + api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings' diff --git a/mmv1/products/kms/KeyRingImportJob.yaml b/mmv1/products/kms/KeyRingImportJob.yaml new file mode 100644 index 000000000000..ea8a0a534a00 --- /dev/null +++ b/mmv1/products/kms/KeyRingImportJob.yaml @@ -0,0 +1,131 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'KeyRingImportJob' +base_url: '{{key_ring}}/importJobs' +create_url: '{{key_ring}}/importJobs?importJobId={{import_job_id}}' +self_link: '{{name}}' +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Importing a key': + 'https://cloud.google.com/kms/docs/importing-a-key' + api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.importJobs' +description: | + A `KeyRingImportJob` can be used to create `CryptoKeys` and `CryptoKeyVersions` using pre-existing + key material, generated outside of Cloud KMS. A `KeyRingImportJob` expires 3 days after it is created. + Once expired, Cloud KMS will no longer be able to import or unwrap any key material that + was wrapped with the `KeyRingImportJob`'s public key. +parameters: + - !ruby/object:Api::Type::String + name: 'keyRing' + description: | + The KeyRing that this import job belongs to. + Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'importJobId' + required: true + description: | + It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + output: true + - !ruby/object:Api::Type::Enum + name: 'importMethod' + immutable: true + required: true + description: | + The wrapping method to be used for incoming key material. + values: + - :RSA_OAEP_3072_SHA1_AES_256 + - :RSA_OAEP_4096_SHA1_AES_256 + - !ruby/object:Api::Type::Enum + name: 'protectionLevel' + immutable: true + required: true + description: | + The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. + values: + - :SOFTWARE + - :HSM + - :EXTERNAL + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Time + name: 'generateTime' + description: | + The time that this resource was generated. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Time + name: 'expireTime' + description: | + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Time + name: 'expireEventTime' + description: | + The time this resource expired. Only present if state is EXPIRED. + output: true + - !ruby/object:Api::Type::String + name: 'state' + description: | + The current state of the ImportJob, indicating if it can be used. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'publicKey' + description: | + The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'pem' + description: | + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'attestation' + description: | + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'format' + description: | + The format of the attestation data. + output: true + - !ruby/object:Api::Type::String + name: 'content' + description: | + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + output: true diff --git a/mmv1/products/kms/SecretCiphertext.yaml b/mmv1/products/kms/SecretCiphertext.yaml new file mode 100644 index 000000000000..f2dc143adbec --- /dev/null +++ b/mmv1/products/kms/SecretCiphertext.yaml @@ -0,0 +1,50 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SecretCiphertext' +base_url: '{{crypto_key}}' +create_url: '{{crypto_key}}:encrypt' +self_link: '{{crypto_key}}' +immutable: true +description: | + Encrypts secret data with Google Cloud KMS and provides access to the ciphertext. +parameters: + - !ruby/object:Api::Type::String + name: 'cryptoKey' + description: | + The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'` + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'plaintext' + description: | + The plaintext to be encrypted. + required: true + - !ruby/object:Api::Type::String + name: 'additionalAuthenticatedData' + description: | + The additional authenticated data used for integrity checks during encryption and decryption. + - !ruby/object:Api::Type::String + name: 'ciphertext' + description: | + Contains the result of encrypting the provided plaintext, encoded in base64. + output: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Encrypting and decrypting data with a symmetric key': + 'https://cloud.google.com/kms/docs/encrypt-decrypt' + api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt' + diff --git a/mmv1/products/kms/api.yaml b/mmv1/products/kms/api.yaml deleted file mode 100644 index 7c703f5dba21..000000000000 --- a/mmv1/products/kms/api.yaml +++ /dev/null @@ -1,423 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: KMS -display_name: Cloud Key Management Service -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudkms.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloudkms -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Key Management Service (KMS) API - url: https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'KeyRing' - base_url: 'projects/{{project}}/locations/{{location}}/keyRings' - create_url: 'projects/{{project}}/locations/{{location}}/keyRings?keyRingId={{name}}' - self_link: 'projects/{{project}}/locations/{{location}}/keyRings/{{name}}' - input: true - description: | - A `KeyRing` is a toplevel logical grouping of `CryptoKeys`. - parameters: - - !ruby/object:Api::Type::String - name: 'location' - description: | - The location for the KeyRing. - A full list of valid locations can be found by running `gcloud kms locations list`. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the KeyRing. - required: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'keyRingUrl' - description: | - The full resource name for the KeyRing - exclude: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a key ring': - 'https://cloud.google.com/kms/docs/creating-keys#create_a_key_ring' - api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings' - - !ruby/object:Api::Resource - name: 'CryptoKey' - base_url: '{{key_ring}}/cryptoKeys' - create_url: '{{key_ring}}/cryptoKeys?cryptoKeyId={{name}}&skipInitialVersionCreation={{skip_initial_version_creation}}' - self_link: '{{key_ring}}/cryptoKeys/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A `CryptoKey` represents a logical key that can be used for cryptographic operations. - parameters: - - !ruby/object:Api::Type::String - name: 'keyRing' - description: | - The KeyRing that this key belongs to. - Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Boolean - name: 'skipInitialVersionCreation' - description: | - If set to true, the request will create a CryptoKey without any CryptoKeyVersions. - You must use the `google_kms_key_ring_import_job` resource to import the CryptoKeyVersion. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the CryptoKey. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels with user-defined metadata to apply to this resource. - - !ruby/object:Api::Type::Enum - name: 'purpose' - description: | - The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. - values: - - "ENCRYPT_DECRYPT" - - "ASYMMETRIC_SIGN" - - "ASYMMETRIC_DECRYPT" - - "MAC" - default_value: :ENCRYPT_DECRYPT - input: true - - !ruby/object:Api::Type::String - name: 'rotationPeriod' - description: | - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter `s` (seconds). It must be greater than a day (ie, 86400). - - !ruby/object:Api::Type::NestedObject - name: 'versionTemplate' - description: | - A template describing settings for new crypto key versions. - properties: - - !ruby/object:Api::Type::String - name: 'algorithm' - description: | - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - required: true - - !ruby/object:Api::Type::String - name: 'protectionLevel' - description: | - The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - input: true - - !ruby/object:Api::Type::Time - name: 'nextRotationTime' - description: | - The time when KMS will create a new version of this Crypto Key. - output: true - - !ruby/object:Api::Type::String - name: 'destroyScheduledDuration' - input: true - description: | - The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - - !ruby/object:Api::Type::Boolean - name: 'importOnly' - input: true - description: | - Whether this key may contain imported versions only. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a key': - 'https://cloud.google.com/kms/docs/creating-keys#create_a_key' - api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys' - - !ruby/object:Api::Resource - name: 'CryptoKeyVersion' - base_url: '{{crypto_key}}/cryptoKeyVersions' - create_url: '{{crypto_key}}/cryptoKeyVersions' - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - delete_verb: :POST - delete_url: '{{name}}:destroy' - description: | - A `CryptoKeyVersion` represents an individual cryptographic key, and the associated key material. - parameters: - - !ruby/object:Api::Type::String - name: 'cryptoKey' - required: true - input: true - url_param_only: true - description: | - The name of the cryptoKey associated with the CryptoKeyVersions. - Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'` - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for this CryptoKeyVersion. - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The current state of the CryptoKeyVersion. - values: - - "PENDING_GENERATION" - - "ENABLED" - - "DISABLED" - - "DESTROYED" - - "DESTROY_SCHEDULED" - - "PENDING_IMPORT" - - "IMPORT_FAILED" - - !ruby/object:Api::Type::String - name: 'protectionLevel' - output: true - description: | - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. - - !ruby/object:Api::Type::Time - name: 'generateTime' - description: | - The time this CryptoKeyVersion key material was generated - output: true - - !ruby/object:Api::Type::String - name: 'algorithm' - description: | - The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'attestation' - description: | - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. - Only provided for key versions with protectionLevel HSM. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'format' - description: | - The format of the attestation data. - output: true - - !ruby/object:Api::Type::String - name: 'content' - description: | - The attestation data provided by the HSM when the key operation was performed. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'certChains' - description: | - The certificate chains needed to validate the attestation - properties: - - !ruby/object:Api::Type::String - name: 'caviumCerts' - description: | - Cavium certificate chain corresponding to the attestation. - - !ruby/object:Api::Type::String - name: 'googleCardCerts' - description: | - Google card certificate chain corresponding to the attestation. - - !ruby/object:Api::Type::String - name: 'googlePartitionCerts' - description: | - Google partition certificate chain corresponding to the attestation. - - !ruby/object:Api::Type::NestedObject - name: 'externalProtectionLevelOptions' - description: | - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. - properties: - - !ruby/object:Api::Type::String - name: 'externalKeyUri' - description: | - The URI for an external resource that this CryptoKeyVersion represents. - - !ruby/object:Api::Type::String - name: 'ekmConnectionKeyPath' - description: | - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating a key Version': - 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions/create' - api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions' - - !ruby/object:Api::Resource - name: 'KeyRingImportJob' - base_url: '{{key_ring}}/importJobs' - create_url: '{{key_ring}}/importJobs?importJobId={{import_job_id}}' - self_link: '{{name}}' - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Importing a key': - 'https://cloud.google.com/kms/docs/importing-a-key' - api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.importJobs' - description: | - A `KeyRingImportJob` can be used to create `CryptoKeys` and `CryptoKeyVersions` using pre-existing - key material, generated outside of Cloud KMS. A `KeyRingImportJob` expires 3 days after it is created. - Once expired, Cloud KMS will no longer be able to import or unwrap any key material that - was wrapped with the `KeyRingImportJob`'s public key. - parameters: - - !ruby/object:Api::Type::String - name: 'keyRing' - description: | - The KeyRing that this import job belongs to. - Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'importJobId' - required: true - description: | - It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. - output: true - - !ruby/object:Api::Type::Enum - name: 'importMethod' - input: true - required: true - description: | - The wrapping method to be used for incoming key material. - values: - - :RSA_OAEP_3072_SHA1_AES_256 - - :RSA_OAEP_4096_SHA1_AES_256 - - !ruby/object:Api::Type::Enum - name: 'protectionLevel' - input: true - required: true - description: | - The protection level of the ImportJob. This must match the protectionLevel of the - versionTemplate on the CryptoKey you attempt to import into. - values: - - :SOFTWARE - - :HSM - - :EXTERNAL - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::Time - name: 'generateTime' - description: | - The time that this resource was generated. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::Time - name: 'expireTime' - description: | - The time at which this resource is scheduled for expiration and can no longer be used. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::Time - name: 'expireEventTime' - description: | - The time this resource expired. Only present if state is EXPIRED. - output: true - - !ruby/object:Api::Type::String - name: 'state' - description: | - The current state of the ImportJob, indicating if it can be used. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'publicKey' - description: | - The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'pem' - description: | - The public key, encoded in PEM format. For more information, see the RFC 7468 sections - for General Considerations and Textual Encoding of Subject Public Key Info. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'attestation' - description: | - Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. - Use this statement to verify attributes of the key as stored on the HSM, independently of Google. - Only present if the chosen ImportMethod is one with a protection level of HSM. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'format' - description: | - The format of the attestation data. - output: true - - !ruby/object:Api::Type::String - name: 'content' - description: | - The attestation data provided by the HSM when the key operation was performed. - A base64-encoded string. - output: true - - !ruby/object:Api::Resource - name: 'SecretCiphertext' - base_url: '{{crypto_key}}' - create_url: '{{crypto_key}}:encrypt' - self_link: '{{crypto_key}}' - input: true - description: | - Encrypts secret data with Google Cloud KMS and provides access to the ciphertext. - parameters: - - !ruby/object:Api::Type::String - name: 'cryptoKey' - description: | - The full name of the CryptoKey that will be used to encrypt the provided plaintext. - Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'` - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'plaintext' - description: | - The plaintext to be encrypted. - required: true - - !ruby/object:Api::Type::String - name: 'additionalAuthenticatedData' - description: | - The additional authenticated data used for integrity checks during encryption and decryption. - - !ruby/object:Api::Type::String - name: 'ciphertext' - description: | - Contains the result of encrypting the provided plaintext, encoded in base64. - output: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Encrypting and decrypting data with a symmetric key': - 'https://cloud.google.com/kms/docs/encrypt-decrypt' - api: 'https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt' diff --git a/mmv1/products/kms/product.yaml b/mmv1/products/kms/product.yaml new file mode 100644 index 000000000000..d49d04acc121 --- /dev/null +++ b/mmv1/products/kms/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: KMS +display_name: Cloud Key Management Service +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudkms.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloudkms +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Key Management Service (KMS) API + url: https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/ diff --git a/mmv1/products/logging/FolderExclusion.yaml b/mmv1/products/logging/FolderExclusion.yaml new file mode 100644 index 000000000000..62fc004c0d14 --- /dev/null +++ b/mmv1/products/logging/FolderExclusion.yaml @@ -0,0 +1,44 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "FolderExclusion" +base_url: folders/{{folder}}/exclusions +self_link: folders/{{folder}}/exclusions/{{name}} +collection_url_key: 'exclusions' +description: | + Specifies a set of log entries that are not to be stored in Logging. +properties: + - !ruby/object:Api::Type::String + name: folder + description: | + Id of the folder that this exclusion applies to. + required: true + - !ruby/object:Api::Type::String + name: name + description: | + Name of the exclusion, specified by the server during create. + required: true + - !ruby/object:Api::Type::String + name: description + description: | + A user provided description of this exclusion. + - !ruby/object:Api::Type::String + name: filter + description: | + An advanced logs filter. The only exported log entries are those that are in the + resource owning the sink and that match the filter. + - !ruby/object:Api::Type::Boolean + name: disabled + description: | + If set to true then this exclusion is disabled and it does not exclude any log entries. diff --git a/mmv1/products/logging/FolderLogSink.yaml b/mmv1/products/logging/FolderLogSink.yaml new file mode 100644 index 000000000000..53761c928d5f --- /dev/null +++ b/mmv1/products/logging/FolderLogSink.yaml @@ -0,0 +1,54 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "FolderLogSink" +base_url: folders/{{folder}}/sinks +self_link: folders/{{folder}}/sinks/{{name}} +collection_url_key: 'sinks' +description: | + Describes a sink used to export log entries +properties: + - !ruby/object:Api::Type::String + name: folder + description: | + Id of the folder that this sink belongs to. + required: true + - !ruby/object:Api::Type::String + name: name + description: | + Name of the log sink. + required: true + - !ruby/object:Api::Type::String + name: filter + description: | + An advanced logs filter. The only exported log entries are those that are in the + resource owning the sink and that match the filter. + - !ruby/object:Api::Type::String + name: destination + description: | + The export destination. + - !ruby/object:Api::Type::String + name: writerIdentity + description: | + An IAM identity—a service account or group—under which Logging writes the exported + log entries to the sink's destination. This field is set by sinks.create and sinks.update + based on the value of uniqueWriterIdentity in those methods. + - !ruby/object:Api::Type::Boolean + name: includeChildren + description: | + If the field is false, the default, only the logs owned by the sink's parent resource are + available for export. If the field is true, then logs from all the projects, folders, and + billing accounts contained in the sink's parent resource are also available for export. + Whether a particular log entry from the children is exported depends on the sink's filter expression. + diff --git a/mmv1/products/logging/Metric.yaml b/mmv1/products/logging/Metric.yaml new file mode 100644 index 000000000000..bf5dc25c843d --- /dev/null +++ b/mmv1/products/logging/Metric.yaml @@ -0,0 +1,244 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Metric" +base_url: projects/{{project}}/metrics +# The % in self_link indicates that the name value should be URL-encoded. +self_link: "projects/{{project}}/metrics/{{%name}}" +update_verb: :PUT +description: | + Logs-based metric can also be used to extract values from logs and create a a distribution + of the values. The distribution records the statistics of the extracted values along with + an optional histogram of the values as specified by the bucket options. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Official Documentation": "https://cloud.google.com/logging/docs/apis" + api: "https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects.metrics/create" +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The client-assigned metric identifier. Examples - "error_count", "nginx/requests". + Metric identifiers are limited to 100 characters and can include only the following + characters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash + character (/) denotes a hierarchy of name pieces, and it cannot be the first character + of the name. + required: true + - !ruby/object:Api::Type::String + name: description + description: | + A description of this metric, which is used in documentation. The maximum length of the + description is 8000 characters. + required: false + - !ruby/object:Api::Type::String + name: bucketName + description: | + The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects + are supported. The bucket has to be in the same project as the metric. + - !ruby/object:Api::Type::String + name: filter + description: | + An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which + is used to match log entries. + required: true + - !ruby/object:Api::Type::NestedObject + name: metricDescriptor + description: | + The optional metric descriptor associated with the logs-based metric. + If unspecified, it uses a default metric descriptor with a DELTA metric kind, + INT64 value type, with no labels and a unit of "1". Such a metric counts the + number of log entries matching the filter expression. + properties: + - !ruby/object:Api::Type::String + name: unit + description: | + The unit in which the metric value is reported. It is only applicable if the valueType is + `INT64`, `DOUBLE`, or `DISTRIBUTION`. The supported units are a subset of + [The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard + default_value: "1" + - !ruby/object:Api::Type::Enum + name: valueType + description: | + Whether the measurement is an integer, a floating-point number, etc. + Some combinations of metricKind and valueType might not be supported. + For counter metrics, set this to INT64. + values: + - :BOOL + - :INT64 + - :DOUBLE + - :STRING + - :DISTRIBUTION + - :MONEY + required: true + - !ruby/object:Api::Type::Enum + name: metricKind + description: | + Whether the metric records instantaneous values, changes to a value, etc. + Some combinations of metricKind and valueType might not be supported. + For counter metrics, set this to DELTA. + values: + - :DELTA + - :GAUGE + - :CUMULATIVE + required: true + - !ruby/object:Api::Type::Array + name: labels + description: | + The set of labels that can be used to describe a specific instance of this metric type. For + example, the appengine.googleapis.com/http/server/response_latencies metric type has a label + for the HTTP response code, response_code, so you can look at latencies for successful responses + or just for responses that failed. + required: false + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: key + description: | + The label key. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: description + description: | + A human-readable description for the label. + required: false + - !ruby/object:Api::Type::Enum + name: valueType + description: | + The type of data that can be assigned to the label. + values: + - :BOOL + - :INT64 + - :STRING + required: false + default_value: :STRING + immutable: true + - !ruby/object:Api::Type::String + name: displayName + description: | + A concise name for the metric, which can be displayed in user interfaces. Use sentence case + without an ending period, for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible concepts, such as Quota. + - !ruby/object:Api::Type::String + name: type + output: true + description: | + The metric type, including its DNS name prefix. The type is not URL-encoded. + All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. + - !ruby/object:Api::Type::KeyValuePairs + name: labelExtractors + description: | + A map from a label key string to an extractor expression which is used to extract data from a log + entry field and assign as the label value. Each label key specified in the LabelDescriptor must + have an associated extractor expression in this map. The syntax of the extractor expression is + the same as for the valueExtractor field. + - !ruby/object:Api::Type::String + name: valueExtractor + description: | + A valueExtractor is required when using a distribution logs-based metric to extract the values to + record from a log entry. Two functions are supported for value extraction - EXTRACT(field) or + REGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which + the value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax + (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified + log entry field. The value of the field is converted to a string before applying the regex. It is an + error to specify a regex that does not include exactly one capture group. + - !ruby/object:Api::Type::NestedObject + name: bucketOptions + description: | + The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it + describes the bucket boundaries used to create a histogram of the extracted values. + properties: + - !ruby/object:Api::Type::NestedObject + name: linearBuckets + at_least_one_of: + - bucket_options.0.linear_buckets + - bucket_options.0.exponential_buckets + - bucket_options.0.explicit_buckets + description: | + Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). + Each bucket represents a constant absolute uncertainty on the specific value in the bucket. + properties: + - !ruby/object:Api::Type::Integer + name: numFiniteBuckets + at_least_one_of: + - bucket_options.0.linear_buckets.0.num_finite_buckets + - bucket_options.0.linear_buckets.0.width + - bucket_options.0.linear_buckets.0.offset + description: | + Must be greater than 0. + - !ruby/object:Api::Type::Double + name: width + at_least_one_of: + - bucket_options.0.linear_buckets.0.num_finite_buckets + - bucket_options.0.linear_buckets.0.width + - bucket_options.0.linear_buckets.0.offset + description: | + Must be greater than 0. + - !ruby/object:Api::Type::Double + name: offset + at_least_one_of: + - bucket_options.0.linear_buckets.0.num_finite_buckets + - bucket_options.0.linear_buckets.0.width + - bucket_options.0.linear_buckets.0.offset + description: | + Lower bound of the first bucket. + - !ruby/object:Api::Type::NestedObject + name: exponentialBuckets + at_least_one_of: + - bucket_options.0.linear_buckets + - bucket_options.0.exponential_buckets + - bucket_options.0.explicit_buckets + description: | + Specifies an exponential sequence of buckets that have a width that is proportional to the value of + the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket. + properties: + - !ruby/object:Api::Type::Integer + name: numFiniteBuckets + at_least_one_of: + - bucket_options.0.exponential_buckets.0.num_finite_buckets + - bucket_options.0.exponential_buckets.0.growth_factor + - bucket_options.0.exponential_buckets.0.scale + description: | + Must be greater than 0. + - !ruby/object:Api::Type::Double + name: growthFactor + at_least_one_of: + - bucket_options.0.exponential_buckets.0.num_finite_buckets + - bucket_options.0.exponential_buckets.0.growth_factor + - bucket_options.0.exponential_buckets.0.scale + description: | + Must be greater than 1. + - !ruby/object:Api::Type::Double + name: scale + at_least_one_of: + - bucket_options.0.exponential_buckets.0.num_finite_buckets + - bucket_options.0.exponential_buckets.0.growth_factor + - bucket_options.0.exponential_buckets.0.scale + description: | + Must be greater than 0. + - !ruby/object:Api::Type::NestedObject + name: explicitBuckets + at_least_one_of: + - bucket_options.0.linear_buckets + - bucket_options.0.exponential_buckets + - bucket_options.0.explicit_buckets + description: | + Specifies a set of buckets with arbitrary widths. + properties: + - !ruby/object:Api::Type::Array + name: bounds + required: true + item_type: Api::Type::Double + description: | + The values must be monotonically increasing. diff --git a/mmv1/products/logging/OrganizationLogSink.yaml b/mmv1/products/logging/OrganizationLogSink.yaml new file mode 100644 index 000000000000..845a91e4b38d --- /dev/null +++ b/mmv1/products/logging/OrganizationLogSink.yaml @@ -0,0 +1,53 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "OrganizationLogSink" +base_url: organizations/{{organization}}/sinks +self_link: organizations/{{organization}}/sinks/{{name}} +collection_url_key: 'sinks' +description: | + Describes a sink used to export log entries +properties: + - !ruby/object:Api::Type::String + name: organization + description: | + Id of the organization that this sink belongs to. + required: true + - !ruby/object:Api::Type::String + name: name + description: | + Name of the log sink. + required: true + - !ruby/object:Api::Type::String + name: filter + description: | + An advanced logs filter. The only exported log entries are those that are in the + resource owning the sink and that match the filter. + - !ruby/object:Api::Type::String + name: destination + description: | + The export destination. + - !ruby/object:Api::Type::String + name: writerIdentity + description: | + An IAM identity—a service account or group—under which Logging writes the exported + log entries to the sink's destination. This field is set by sinks.create and sinks.update + based on the value of uniqueWriterIdentity in those methods. + - !ruby/object:Api::Type::Boolean + name: includeChildren + description: | + If the field is false, the default, only the logs owned by the sink's parent resource are + available for export. If the field is true, then logs from all the projects, folders, and + billing accounts contained in the sink's parent resource are also available for export. + Whether a particular log entry from the children is exported depends on the sink's filter expression. diff --git a/mmv1/products/logging/ProjectExclusion.yaml b/mmv1/products/logging/ProjectExclusion.yaml new file mode 100644 index 000000000000..0d7af68ee421 --- /dev/null +++ b/mmv1/products/logging/ProjectExclusion.yaml @@ -0,0 +1,44 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "ProjectExclusion" +base_url: projects/{{project}}/exclusions +self_link: projects/{{project}}/exclusions/{{name}} +collection_url_key: 'exclusions' +description: | + Specifies a set of log entries that are not to be stored in Logging. +properties: + - !ruby/object:Api::Type::String + name: project + description: | + Id of the project that this exclusion applies to. + required: true + - !ruby/object:Api::Type::String + name: name + description: | + Name of the exclusion, specified by the server during create. + required: true + - !ruby/object:Api::Type::String + name: description + description: | + A user provided description of this exclusion. + - !ruby/object:Api::Type::String + name: filter + description: | + An advanced logs filter. The only exported log entries are those that are in the + resource owning the sink and that match the filter. + - !ruby/object:Api::Type::Boolean + name: disabled + description: | + If set to true then this exclusion is disabled and it does not exclude any log entries. diff --git a/mmv1/products/logging/ProjectLogSink.yaml b/mmv1/products/logging/ProjectLogSink.yaml new file mode 100644 index 000000000000..cc37ce0d7450 --- /dev/null +++ b/mmv1/products/logging/ProjectLogSink.yaml @@ -0,0 +1,53 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "ProjectLogSink" +base_url: projects/{{project}}/sinks +self_link: projects/{{project}}/sinks/{{name}} +collection_url_key: 'sinks' +description: | + Describes a sink used to export log entries +properties: + - !ruby/object:Api::Type::String + name: project + description: | + Id of the project that this sink belongs to. + required: true + - !ruby/object:Api::Type::String + name: name + description: | + Name of the log sink. + required: true + - !ruby/object:Api::Type::String + name: filter + description: | + An advanced logs filter. The only exported log entries are those that are in the + resource owning the sink and that match the filter. + - !ruby/object:Api::Type::String + name: destination + description: | + The export destination. + - !ruby/object:Api::Type::String + name: writerIdentity + description: | + An IAM identity—a service account or group—under which Logging writes the exported + log entries to the sink's destination. This field is set by sinks.create and sinks.update + based on the value of uniqueWriterIdentity in those methods. + - !ruby/object:Api::Type::Boolean + name: includeChildren + description: | + If the field is false, the default, only the logs owned by the sink's parent resource are + available for export. If the field is true, then logs from all the projects, folders, and + billing accounts contained in the sink's parent resource are also available for export. + Whether a particular log entry from the children is exported depends on the sink's filter expression. diff --git a/mmv1/products/logging/api.yaml b/mmv1/products/logging/api.yaml deleted file mode 100644 index fd57991b441c..000000000000 --- a/mmv1/products/logging/api.yaml +++ /dev/null @@ -1,440 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -!ruby/object:Api::Product -name: Logging -display_name: Cloud (Stackdriver) Logging -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://logging.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Stackdriver Logging API - url: https://console.cloud.google.com/apis/library/logging.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: "Metric" - base_url: projects/{{project}}/metrics - # The % in self_link indicates that the name value should be URL-encoded. - self_link: "projects/{{project}}/metrics/{{%name}}" - update_verb: :PUT - description: | - Logs-based metric can also be used to extract values from logs and create a a distribution - of the values. The distribution records the statistics of the extracted values along with - an optional histogram of the values as specified by the bucket options. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Official Documentation": "https://cloud.google.com/logging/docs/apis" - api: "https://cloud.google.com/logging/docs/reference/v2/rest/v2/projects.metrics/create" - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The client-assigned metric identifier. Examples - "error_count", "nginx/requests". - Metric identifiers are limited to 100 characters and can include only the following - characters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash - character (/) denotes a hierarchy of name pieces, and it cannot be the first character - of the name. - required: true - - !ruby/object:Api::Type::String - name: description - description: | - A description of this metric, which is used in documentation. The maximum length of the - description is 8000 characters. - required: false - - !ruby/object:Api::Type::String - name: bucketName - description: | - The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects - are supported. The bucket has to be in the same project as the metric. - - !ruby/object:Api::Type::String - name: filter - description: | - An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which - is used to match log entries. - required: true - - !ruby/object:Api::Type::NestedObject - name: metricDescriptor - description: | - The optional metric descriptor associated with the logs-based metric. - If unspecified, it uses a default metric descriptor with a DELTA metric kind, - INT64 value type, with no labels and a unit of "1". Such a metric counts the - number of log entries matching the filter expression. - properties: - - !ruby/object:Api::Type::String - name: unit - description: | - The unit in which the metric value is reported. It is only applicable if the valueType is - `INT64`, `DOUBLE`, or `DISTRIBUTION`. The supported units are a subset of - [The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard - default_value: "1" - - !ruby/object:Api::Type::Enum - name: valueType - description: | - Whether the measurement is an integer, a floating-point number, etc. - Some combinations of metricKind and valueType might not be supported. - For counter metrics, set this to INT64. - values: - - :BOOL - - :INT64 - - :DOUBLE - - :STRING - - :DISTRIBUTION - - :MONEY - required: true - - !ruby/object:Api::Type::Enum - name: metricKind - description: | - Whether the metric records instantaneous values, changes to a value, etc. - Some combinations of metricKind and valueType might not be supported. - For counter metrics, set this to DELTA. - values: - - :DELTA - - :GAUGE - - :CUMULATIVE - required: true - - !ruby/object:Api::Type::Array - name: labels - description: | - The set of labels that can be used to describe a specific instance of this metric type. For - example, the appengine.googleapis.com/http/server/response_latencies metric type has a label - for the HTTP response code, response_code, so you can look at latencies for successful responses - or just for responses that failed. - required: false - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: key - description: | - The label key. - required: true - input: true - - !ruby/object:Api::Type::String - name: description - description: | - A human-readable description for the label. - required: false - - !ruby/object:Api::Type::Enum - name: valueType - description: | - The type of data that can be assigned to the label. - values: - - :BOOL - - :INT64 - - :STRING - required: false - default_value: :STRING - input: true - - !ruby/object:Api::Type::String - name: displayName - description: | - A concise name for the metric, which can be displayed in user interfaces. Use sentence case - without an ending period, for example "Request count". This field is optional but it is - recommended to be set for any metrics associated with user-visible concepts, such as Quota. - - !ruby/object:Api::Type::String - name: type - output: true - description: | - The metric type, including its DNS name prefix. The type is not URL-encoded. - All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. - - !ruby/object:Api::Type::KeyValuePairs - name: labelExtractors - description: | - A map from a label key string to an extractor expression which is used to extract data from a log - entry field and assign as the label value. Each label key specified in the LabelDescriptor must - have an associated extractor expression in this map. The syntax of the extractor expression is - the same as for the valueExtractor field. - - !ruby/object:Api::Type::String - name: valueExtractor - description: | - A valueExtractor is required when using a distribution logs-based metric to extract the values to - record from a log entry. Two functions are supported for value extraction - EXTRACT(field) or - REGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which - the value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax - (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified - log entry field. The value of the field is converted to a string before applying the regex. It is an - error to specify a regex that does not include exactly one capture group. - - !ruby/object:Api::Type::NestedObject - name: bucketOptions - description: | - The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it - describes the bucket boundaries used to create a histogram of the extracted values. - properties: - - !ruby/object:Api::Type::NestedObject - name: linearBuckets - at_least_one_of: - - bucket_options.0.linear_buckets - - bucket_options.0.exponential_buckets - - bucket_options.0.explicit_buckets - description: | - Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). - Each bucket represents a constant absolute uncertainty on the specific value in the bucket. - properties: - - !ruby/object:Api::Type::Integer - name: numFiniteBuckets - at_least_one_of: - - bucket_options.0.linear_buckets.0.num_finite_buckets - - bucket_options.0.linear_buckets.0.width - - bucket_options.0.linear_buckets.0.offset - description: | - Must be greater than 0. - - !ruby/object:Api::Type::Double - name: width - at_least_one_of: - - bucket_options.0.linear_buckets.0.num_finite_buckets - - bucket_options.0.linear_buckets.0.width - - bucket_options.0.linear_buckets.0.offset - description: | - Must be greater than 0. - - !ruby/object:Api::Type::Double - name: offset - at_least_one_of: - - bucket_options.0.linear_buckets.0.num_finite_buckets - - bucket_options.0.linear_buckets.0.width - - bucket_options.0.linear_buckets.0.offset - description: | - Lower bound of the first bucket. - - !ruby/object:Api::Type::NestedObject - name: exponentialBuckets - at_least_one_of: - - bucket_options.0.linear_buckets - - bucket_options.0.exponential_buckets - - bucket_options.0.explicit_buckets - description: | - Specifies an exponential sequence of buckets that have a width that is proportional to the value of - the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket. - properties: - - !ruby/object:Api::Type::Integer - name: numFiniteBuckets - at_least_one_of: - - bucket_options.0.exponential_buckets.0.num_finite_buckets - - bucket_options.0.exponential_buckets.0.growth_factor - - bucket_options.0.exponential_buckets.0.scale - description: | - Must be greater than 0. - - !ruby/object:Api::Type::Double - name: growthFactor - at_least_one_of: - - bucket_options.0.exponential_buckets.0.num_finite_buckets - - bucket_options.0.exponential_buckets.0.growth_factor - - bucket_options.0.exponential_buckets.0.scale - description: | - Must be greater than 1. - - !ruby/object:Api::Type::Double - name: scale - at_least_one_of: - - bucket_options.0.exponential_buckets.0.num_finite_buckets - - bucket_options.0.exponential_buckets.0.growth_factor - - bucket_options.0.exponential_buckets.0.scale - description: | - Must be greater than 0. - - !ruby/object:Api::Type::NestedObject - name: explicitBuckets - at_least_one_of: - - bucket_options.0.linear_buckets - - bucket_options.0.exponential_buckets - - bucket_options.0.explicit_buckets - description: | - Specifies a set of buckets with arbitrary widths. - properties: - - !ruby/object:Api::Type::Array - name: bounds - required: true - item_type: Api::Type::Double - description: | - The values must be monotonically increasing. - - !ruby/object:Api::Resource - name: "OrganizationLogSink" - base_url: organizations/{{organization}}/sinks - self_link: organizations/{{organization}}/sinks/{{name}} - collection_url_key: 'sinks' - description: | - Describes a sink used to export log entries - properties: - - !ruby/object:Api::Type::String - name: organization - description: | - Id of the organization that this sink belongs to. - required: true - - !ruby/object:Api::Type::String - name: name - description: | - Name of the log sink. - required: true - - !ruby/object:Api::Type::String - name: filter - description: | - An advanced logs filter. The only exported log entries are those that are in the - resource owning the sink and that match the filter. - - !ruby/object:Api::Type::String - name: destination - description: | - The export destination. - - !ruby/object:Api::Type::String - name: writerIdentity - description: | - An IAM identity—a service account or group—under which Logging writes the exported - log entries to the sink's destination. This field is set by sinks.create and sinks.update - based on the value of uniqueWriterIdentity in those methods. - - !ruby/object:Api::Type::Boolean - name: includeChildren - description: | - If the field is false, the default, only the logs owned by the sink's parent resource are - available for export. If the field is true, then logs from all the projects, folders, and - billing accounts contained in the sink's parent resource are also available for export. - Whether a particular log entry from the children is exported depends on the sink's filter expression. - - !ruby/object:Api::Resource - name: "ProjectLogSink" - base_url: projects/{{project}}/sinks - self_link: projects/{{project}}/sinks/{{name}} - collection_url_key: 'sinks' - description: | - Describes a sink used to export log entries - properties: - - !ruby/object:Api::Type::String - name: project - description: | - Id of the project that this sink belongs to. - required: true - - !ruby/object:Api::Type::String - name: name - description: | - Name of the log sink. - required: true - - !ruby/object:Api::Type::String - name: filter - description: | - An advanced logs filter. The only exported log entries are those that are in the - resource owning the sink and that match the filter. - - !ruby/object:Api::Type::String - name: destination - description: | - The export destination. - - !ruby/object:Api::Type::String - name: writerIdentity - description: | - An IAM identity—a service account or group—under which Logging writes the exported - log entries to the sink's destination. This field is set by sinks.create and sinks.update - based on the value of uniqueWriterIdentity in those methods. - - !ruby/object:Api::Type::Boolean - name: includeChildren - description: | - If the field is false, the default, only the logs owned by the sink's parent resource are - available for export. If the field is true, then logs from all the projects, folders, and - billing accounts contained in the sink's parent resource are also available for export. - Whether a particular log entry from the children is exported depends on the sink's filter expression. - - !ruby/object:Api::Resource - name: "FolderExclusion" - base_url: folders/{{folder}}/exclusions - self_link: folders/{{folder}}/exclusions/{{name}} - collection_url_key: 'exclusions' - description: | - Specifies a set of log entries that are not to be stored in Logging. - properties: - - !ruby/object:Api::Type::String - name: folder - description: | - Id of the folder that this exclusion applies to. - required: true - - !ruby/object:Api::Type::String - name: name - description: | - Name of the exclusion, specified by the server during create. - required: true - - !ruby/object:Api::Type::String - name: description - description: | - A user provided description of this exclusion. - - !ruby/object:Api::Type::String - name: filter - description: | - An advanced logs filter. The only exported log entries are those that are in the - resource owning the sink and that match the filter. - - !ruby/object:Api::Type::Boolean - name: disabled - description: | - If set to true then this exclusion is disabled and it does not exclude any log entries. - - !ruby/object:Api::Resource - name: "ProjectExclusion" - base_url: projects/{{project}}/exclusions - self_link: projects/{{project}}/exclusions/{{name}} - collection_url_key: 'exclusions' - description: | - Specifies a set of log entries that are not to be stored in Logging. - properties: - - !ruby/object:Api::Type::String - name: project - description: | - Id of the project that this exclusion applies to. - required: true - - !ruby/object:Api::Type::String - name: name - description: | - Name of the exclusion, specified by the server during create. - required: true - - !ruby/object:Api::Type::String - name: description - description: | - A user provided description of this exclusion. - - !ruby/object:Api::Type::String - name: filter - description: | - An advanced logs filter. The only exported log entries are those that are in the - resource owning the sink and that match the filter. - - !ruby/object:Api::Type::Boolean - name: disabled - description: | - If set to true then this exclusion is disabled and it does not exclude any log entries. - - !ruby/object:Api::Resource - name: "FolderLogSink" - base_url: folders/{{folder}}/sinks - self_link: folders/{{folder}}/sinks/{{name}} - collection_url_key: 'sinks' - description: | - Describes a sink used to export log entries - properties: - - !ruby/object:Api::Type::String - name: folder - description: | - Id of the folder that this sink belongs to. - required: true - - !ruby/object:Api::Type::String - name: name - description: | - Name of the log sink. - required: true - - !ruby/object:Api::Type::String - name: filter - description: | - An advanced logs filter. The only exported log entries are those that are in the - resource owning the sink and that match the filter. - - !ruby/object:Api::Type::String - name: destination - description: | - The export destination. - - !ruby/object:Api::Type::String - name: writerIdentity - description: | - An IAM identity—a service account or group—under which Logging writes the exported - log entries to the sink's destination. This field is set by sinks.create and sinks.update - based on the value of uniqueWriterIdentity in those methods. - - !ruby/object:Api::Type::Boolean - name: includeChildren - description: | - If the field is false, the default, only the logs owned by the sink's parent resource are - available for export. If the field is true, then logs from all the projects, folders, and - billing accounts contained in the sink's parent resource are also available for export. - Whether a particular log entry from the children is exported depends on the sink's filter expression. diff --git a/mmv1/products/logging/product.yaml b/mmv1/products/logging/product.yaml new file mode 100644 index 000000000000..e46e3b668164 --- /dev/null +++ b/mmv1/products/logging/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +!ruby/object:Api::Product +name: Logging +display_name: Cloud (Stackdriver) Logging +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://logging.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Stackdriver Logging API + url: https://console.cloud.google.com/apis/library/logging.googleapis.com/ diff --git a/mmv1/products/memcache/Instance.yaml b/mmv1/products/memcache/Instance.yaml new file mode 100644 index 000000000000..e907cac2b946 --- /dev/null +++ b/mmv1/products/memcache/Instance.yaml @@ -0,0 +1,288 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +create_url: projects/{{project}}/locations/{{region}}/instances?instanceId={{name}} +self_link: projects/{{project}}/locations/{{region}}/instances/{{name}} +base_url: projects/{{project}}/locations/{{region}}/instances +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud Memcache instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/memcache/docs/creating-instances' + api: 'https://cloud.google.com/memorystore/docs/memcached/reference/rest/v1/projects.locations.instances' +parameters: + - !ruby/object:Api::Type::String + name: 'region' + description: | + The region of the Memcache instance. If it is not provided, the provider region is used. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name of the instance. + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{region}}/instances/{{name}} + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + A user-visible name for the instance. + - !ruby/object:Api::Type::String + name: 'state' + description: | + The instance state - short description. + output: true + exclude: true + - !ruby/object:Api::Type::Array + name: 'instanceMessages' + description: | + Additional information about the instance state, if available. + output: true + exclude: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'code' + description: An error code. + - !ruby/object:Api::Type::String + name: 'message' + description: The message to be displayed to a user. + - !ruby/object:Api::Type::Array + name: 'memcacheNodes' + description: | + Additional information about the instance state, if available. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'nodeId' + description: Identifier of the Memcached node. + The node id does not include project or location like the Memcached instance name. + output: true + - !ruby/object:Api::Type::String + name: 'zone' + description: Location (GCP Zone) for the Memcached node. + output: true + - !ruby/object:Api::Type::Integer + name: 'port' + description: The port number of the Memcached server on this node. + output: true + - !ruby/object:Api::Type::String + name: 'host' + description: Hostname or IP address of the Memcached node used by the clients to connect to the Memcached server on this node. + output: true + - !ruby/object:Api::Type::String + name: state + description: Current state of the Memcached node. + output: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: Creation timestamp in RFC3339 text format. + output: true + - !ruby/object:Api::Type::String + name: 'discoveryEndpoint' + description: Endpoint for Discovery API + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user-provided metadata. + - !ruby/object:Api::Type::String + name: 'memcacheFullVersion' + output: true + description: | + The full version of memcached server running on this instance. + - !ruby/object:Api::Type::Array + name: 'zones' + immutable: true + description: | + Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'authorizedNetwork' + immutable: true + description: | + The full name of the GCE network to connect the instance to. If not provided, + 'default' will be used. + - !ruby/object:Api::Type::Integer + name: nodeCount + description: | + Number of nodes in the memcache instance. + required: true + - !ruby/object:Api::Type::Enum + name: memcacheVersion + description: | + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. + default_value: :MEMCACHE_1_5 + values: + - :MEMCACHE_1_5 + - !ruby/object:Api::Type::NestedObject + name: nodeConfig + description: | + Configuration for memcache nodes. + required: true + immutable: true + properties: + - !ruby/object:Api::Type::Integer + name: cpuCount + description: | + Number of CPUs per node. + required: true + - !ruby/object:Api::Type::Integer + name: memorySizeMb + description: | + Memory size in Mebibytes for each memcache node. + required: true + - !ruby/object:Api::Type::NestedObject + name: parameters + description: | + User-specified parameters for this memcache instance. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: id + output: true + description: | + This is a unique ID associated with this set of parameters. + - !ruby/object:Api::Type::KeyValuePairs + name: params + description: | + User-defined set of parameters to use in the memcache process. + - !ruby/object:Api::Type::NestedObject + name: maintenancePolicy + description: | + Maintenance policy for an instance. + properties: + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + - !ruby/object:Api::Type::Array + name: 'weeklyMaintenanceWindow' + description: | + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'day' + required: true + description: | + Required. The day of week that maintenance updates occur. + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday + values: + - :DAY_OF_WEEK_UNSPECIFIED + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::String + name: 'duration' + required: true + description: | + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::NestedObject + name: 'startTime' + required: true + allow_empty_object: true + send_empty_value: true + description: | + Required. Start time of the window in UTC time. + properties: + - !ruby/object:Api::Type::Integer + name: 'hours' + description: | + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: 'minutes' + description: | + Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: 'seconds' + description: | + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: maintenanceSchedule + description: Output only. Published maintenance schedule. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + output: true + description: | + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'endTime' + output: true + description: | + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'scheduleDeadlineTime' + output: true + description: | + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + diff --git a/mmv1/products/memcache/api.yaml b/mmv1/products/memcache/api.yaml deleted file mode 100644 index 727d1376ae90..000000000000 --- a/mmv1/products/memcache/api.yaml +++ /dev/null @@ -1,316 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Memcache -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://memcache.googleapis.com/v1beta2/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://memcache.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Instance' - create_url: projects/{{project}}/locations/{{region}}/instances?instanceId={{name}} - self_link: projects/{{project}}/locations/{{region}}/instances/{{name}} - base_url: projects/{{project}}/locations/{{region}}/instances - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud Memcache instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/memcache/docs/creating-instances' - api: 'https://cloud.google.com/memorystore/docs/memcached/reference/rest/v1/projects.locations.instances' - parameters: - - !ruby/object:Api::Type::String - name: 'region' - description: | - The region of the Memcache instance. If it is not provided, the provider region is used. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name of the instance. - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{region}}/instances/{{name}} - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - A user-visible name for the instance. - - !ruby/object:Api::Type::String - name: 'state' - description: | - The instance state - short description. - output: true - exclude: true - - !ruby/object:Api::Type::Array - name: 'instanceMessages' - description: | - Additional information about the instance state, if available. - output: true - exclude: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'code' - description: An error code. - - !ruby/object:Api::Type::String - name: 'message' - description: The message to be displayed to a user. - - !ruby/object:Api::Type::Array - name: 'memcacheNodes' - description: | - Additional information about the instance state, if available. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'nodeId' - description: Identifier of the Memcached node. - The node id does not include project or location like the Memcached instance name. - output: true - - !ruby/object:Api::Type::String - name: 'zone' - description: Location (GCP Zone) for the Memcached node. - output: true - - !ruby/object:Api::Type::Integer - name: 'port' - description: The port number of the Memcached server on this node. - output: true - - !ruby/object:Api::Type::String - name: 'host' - description: Hostname or IP address of the Memcached node used by the clients to connect to the Memcached server on this node. - output: true - - !ruby/object:Api::Type::String - name: state - description: Current state of the Memcached node. - output: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: Creation timestamp in RFC3339 text format. - output: true - - !ruby/object:Api::Type::String - name: 'discoveryEndpoint' - description: Endpoint for Discovery API - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Resource labels to represent user-provided metadata. - - !ruby/object:Api::Type::String - name: 'memcacheFullVersion' - output: true - description: | - The full version of memcached server running on this instance. - - !ruby/object:Api::Type::Array - name: 'zones' - input: true - description: | - Zones where memcache nodes should be provisioned. If not - provided, all zones will be used. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'authorizedNetwork' - input: true - description: | - The full name of the GCE network to connect the instance to. If not provided, - 'default' will be used. - - !ruby/object:Api::Type::Integer - name: nodeCount - description: | - Number of nodes in the memcache instance. - required: true - - !ruby/object:Api::Type::Enum - name: memcacheVersion - description: | - The major version of Memcached software. If not provided, latest supported version will be used. - Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically - determined by our system based on the latest supported minor version. - default_value: :MEMCACHE_1_5 - values: - - :MEMCACHE_1_5 - - !ruby/object:Api::Type::NestedObject - name: nodeConfig - description: | - Configuration for memcache nodes. - required: true - input: true - properties: - - !ruby/object:Api::Type::Integer - name: cpuCount - description: | - Number of CPUs per node. - required: true - - !ruby/object:Api::Type::Integer - name: memorySizeMb - description: | - Memory size in Mebibytes for each memcache node. - required: true - - !ruby/object:Api::Type::NestedObject - name: parameters - description: | - User-specified parameters for this memcache instance. - input: true - properties: - - !ruby/object:Api::Type::String - name: id - output: true - description: | - This is a unique ID associated with this set of parameters. - - !ruby/object:Api::Type::KeyValuePairs - name: params - description: | - User-defined set of parameters to use in the memcache process. - - !ruby/object:Api::Type::NestedObject - name: maintenancePolicy - description: | - Maintenance policy for an instance. - properties: - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - Output only. The time when the policy was updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - - !ruby/object:Api::Type::Array - name: 'weeklyMaintenanceWindow' - description: | - Required. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number of weekly_maintenance_windows - is expected to be one. - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'day' - required: true - description: | - Required. The day of week that maintenance updates occur. - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday - values: - - :DAY_OF_WEEK_UNSPECIFIED - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::String - name: 'duration' - required: true - description: | - Required. The length of the maintenance window, ranging from 3 hours to 8 hours. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::NestedObject - name: 'startTime' - required: true - allow_empty_object: true - send_empty_value: true - description: | - Required. Start time of the window in UTC time. - properties: - - !ruby/object:Api::Type::Integer - name: 'hours' - description: | - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: 'minutes' - description: | - Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: 'seconds' - description: | - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: maintenanceSchedule - description: Output only. Published maintenance schedule. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'startTime' - output: true - description: | - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'endTime' - output: true - description: | - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'scheduleDeadlineTime' - output: true - description: | - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. diff --git a/mmv1/products/memcache/product.yaml b/mmv1/products/memcache/product.yaml new file mode 100644 index 000000000000..269f3f4afcd5 --- /dev/null +++ b/mmv1/products/memcache/product.yaml @@ -0,0 +1,41 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Memcache +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://memcache.googleapis.com/v1beta2/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://memcache.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/metastore/Federation.yaml b/mmv1/products/metastore/Federation.yaml new file mode 100644 index 000000000000..cc4b3e1cb9d5 --- /dev/null +++ b/mmv1/products/metastore/Federation.yaml @@ -0,0 +1,121 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Federation' +min_version: beta +base_url: "projects/{{project}}/locations/{{location}}/federations" +create_url: 'projects/{{project}}/locations/{{location}}/federations?federationId={{federation_id}}' +self_link: "projects/{{project}}/locations/{{location}}/federations/{{federation_id}}" +update_verb: :PATCH +update_mask: true +description: | + A managed metastore federation. +iam_policy: !ruby/object:Api::Resource::IamPolicy + skip_import_test: true + parent_resource_attribute: federation_id + exclude: false + method_name_separator: ':' + import_format: ["projects/{{project}}/locations/{{location}}/federations/{{federation_id}}", "{{federation_id}}"] +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'federationId' + required: true + immutable: true + url_param_only: true + description: | + The ID of the metastore federation. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 63 characters. + - !ruby/object:Api::Type::String + name: 'location' + url_param_only: true + immutable: true + description: | + The location where the metastore federation should reside. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The relative resource name of the metastore federation. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'User-defined labels for the metastore federation.' + - !ruby/object:Api::Type::String + name: 'endpointUri' + output: true + description: | + The URI of the endpoint used to access the metastore federation. + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + The current state of the metastore federation. + - !ruby/object:Api::Type::String + name: 'stateMessage' + output: true + description: | + Additional information about the current state of the metastore federation, if available. + - !ruby/object:Api::Type::String + name: 'uid' + output: true + description: | + The globally unique resource identifier of the metastore federation. + - !ruby/object:Api::Type::String + name: 'version' + immutable: true + required: true + description: | + The Apache Hive metastore version of the federation. All backend metastore versions must be compatible with the federation version. + - !ruby/object:Api::Type::Map + name: 'backendMetastores' + description: | + A map from BackendMetastore rank to BackendMetastores from which the federation service serves metadata at query time. The map key represents the order in which BackendMetastores should be evaluated to resolve database names at query time and should be greater than or equal to zero. A BackendMetastore with a lower number will be evaluated before a BackendMetastore with a higher number. + required: true + key_name: 'rank' + key_description: | + represents the order in which BackendMetastores should be evaluated to resolve database names at query time and should be greater than or equal to zero. + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: | + The relative resource name of the metastore that is being federated. The formats of the relative resource names for the currently supported metastores are listed below: Dataplex: projects/{projectId}/locations/{location}/lakes/{lake_id} BigQuery: projects/{projectId} Dataproc Metastore: projects/{projectId}/locations/{location}/services/{serviceId} + - !ruby/object:Api::Type::Enum + name: 'metastoreType' + required: true + description: | + The type of the backend metastore. + values: + - :METASTORE_TYPE_UNSPECIFIED + - :DATAPROC_METASTORE + - :BIGQUERY + diff --git a/mmv1/products/metastore/Service.yaml b/mmv1/products/metastore/Service.yaml new file mode 100644 index 000000000000..9a03a846458c --- /dev/null +++ b/mmv1/products/metastore/Service.yaml @@ -0,0 +1,313 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Service' +base_url: "projects/{{project}}/locations/{{location}}/services" +create_url: 'projects/{{project}}/locations/{{location}}/services?serviceId={{service_id}}' +self_link: "projects/{{project}}/locations/{{location}}/services/{{service_id}}" +update_verb: :PATCH +update_mask: true +description: | + A managed metastore service that serves metadata queries. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/dataproc-metastore/docs/overview' + api: 'https://cloud.google.com/dataproc-metastore/docs/reference/rest/v1/projects.locations.services' +iam_policy: !ruby/object:Api::Resource::IamPolicy + parent_resource_attribute: service_id + exclude: false + method_name_separator: ':' + import_format: ["projects/{{project}}/locations/{{location}}/services/{{service_id}}", "{{service_id}}"] +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'serviceId' + required: true + immutable: true + url_param_only: true + description: | + The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 63 characters. + - !ruby/object:Api::Type::String + name: 'location' + url_param_only: true + immutable: true + default_value: global + description: | + The location where the metastore service should reside. + The default value is `global`. +properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The relative resource name of the metastore service. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'User-defined labels for the metastore service.' + # This is an x-product resource reference. + - !ruby/object:Api::Type::String + name: 'network' + immutable: true + description: | + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". + - !ruby/object:Api::Type::String + name: 'endpointUri' + output: true + description: | + The URI of the endpoint used to access the metastore service. + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + The TCP port at which the metastore service is reached. Default: 9083. + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: | + The current state of the metastore service. + - !ruby/object:Api::Type::String + name: 'stateMessage' + output: true + description: | + Additional information about the current state of the metastore service, if available. + - !ruby/object:Api::Type::String + name: 'artifactGcsUri' + output: true + description: | + A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored. + - !ruby/object:Api::Type::Enum + name: 'tier' + description: | + The tier of the service. + values: + - :DEVELOPER + - :ENTERPRISE + - !ruby/object:Api::Type::NestedObject + name: 'maintenanceWindow' + description: | + The one hour maintenance window of the metastore service. + This specifies when the service can be restarted for maintenance purposes in UTC time. + Maintenance window is not needed for services with the `SPANNER` database type. + properties: + - !ruby/object:Api::Type::Integer + name: 'hourOfDay' + description: | + The hour of day (0-23) when the window starts. + required: true + - !ruby/object:Api::Type::Enum + name: 'dayOfWeek' + description: | + The day of week, when the window starts. + required: true + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: 'encryptionConfig' + description: | + Information used to configure the Dataproc Metastore service to encrypt + customer data at rest. + properties: + - !ruby/object:Api::Type::String + name: 'kmsKey' + description: | + The fully qualified customer provided Cloud KMS key name to use for customer data encryption. + Use the following format: `projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)` + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'hiveMetastoreConfig' + description: | + Configuration information specific to running Hive metastore software as the metastore service. + properties: + - !ruby/object:Api::Type::Enum + name: 'endpointProtocol' + min_version: beta + immutable: true + default_value: :THRIFT + description: | + The protocol to use for the metastore service endpoint. If unspecified, defaults to `THRIFT`. + values: + - :THRIFT + - :GRPC + - !ruby/object:Api::Type::String + name: 'version' + immutable: true + required: true + description: | + The Hive metastore schema version. + - !ruby/object:Api::Type::KeyValuePairs + name: 'configOverrides' + description: | + A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). + The mappings override system defaults (some keys cannot be overridden) + - !ruby/object:Api::Type::NestedObject + name: 'kerberosConfig' + description: | + Information used to configure the Hive metastore service as a service principal in a Kerberos realm. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'keytab' + required: true + description: | + A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC). + properties: + - !ruby/object:Api::Type::String + required: true + name: 'cloudSecret' + description: | + The relative resource name of a Secret Manager secret version, in the following form: + + "projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}". + - !ruby/object:Api::Type::String + name: 'principal' + required: true + description: | + A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form "primary/instance@REALM", but there is no exact format. + - !ruby/object:Api::Type::String + name: 'krb5ConfigGcsUri' + required: true + description: | + A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly. + - !ruby/object:Api::Type::Map + name: 'auxiliaryVersions' + min_version: beta + description: | + A mapping of Hive metastore version to the auxiliary version configuration. + When specified, a secondary Hive metastore service is created along with the primary service. + All auxiliary versions must be less than the service's primary version. + The key is the auxiliary service name and it must match the regular expression a-z?. + This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. + key_name: 'key' + key_description: | + The auxiliary service name + value_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'version' + required: true + description: | + The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version. + - !ruby/object:Api::Type::KeyValuePairs + name: 'configOverrides' + description: | + A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides. + If keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence. + - !ruby/object:Api::Type::NestedObject + name: 'networkConfig' + immutable: true + description: | + The configuration specifying the network settings for the Dataproc Metastore service. + properties: + - !ruby/object:Api::Type::Array + name: 'consumers' + description: | + The consumer-side network configuration for the Dataproc Metastore instance. + required: true + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'endpointUri' + description: | + The URI of the endpoint used to access the metastore service. + output: true + - !ruby/object:Api::Type::String + name: 'subnetwork' + required: true + description: | + The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. + It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. + There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form: + `projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id} + - !ruby/object:Api::Type::Enum + name: 'databaseType' + immutable: true + default_value: :MYSQL + description: | + The database type that the Metastore service stores its data. + values: + - :MYSQL + - :SPANNER + - !ruby/object:Api::Type::Enum + name: 'releaseChannel' + immutable: true + default_value: :STABLE + description: | + The release channel of the service. If unspecified, defaults to `STABLE`. + values: + - :CANARY + - :STABLE + - !ruby/object:Api::Type::String + name: 'uid' + output: true + description: | + The globally unique resource identifier of the metastore service. + - !ruby/object:Api::Type::NestedObject + name: 'metadataIntegration' + min_version: beta + description: | + The setting that defines how metastore metadata should be integrated with external services and systems. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'dataCatalogConfig' + required: true + description: | + The integration config for the Data Catalog service. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enabled' + required: true + description: | + Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog. + - !ruby/object:Api::Type::NestedObject + name: "telemetryConfig" + description: | + The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. + properties: + - !ruby/object:Api::Type::Enum + name: "logFormat" + default_value: :JSON + description: | + The output format of the Dataproc Metastore service's logs. + values: + - :LEGACY + - :JSON diff --git a/mmv1/products/metastore/api.yaml b/mmv1/products/metastore/api.yaml deleted file mode 100644 index 10055a065b06..000000000000 --- a/mmv1/products/metastore/api.yaml +++ /dev/null @@ -1,436 +0,0 @@ -# Copyright 2021 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: DataprocMetastore -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://metastore.googleapis.com/v1beta/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://metastore.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-identity -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Dataproc Metastore API - url: https://console.cloud.google.com/apis/library/metastore.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Service' - base_url: "projects/{{project}}/locations/{{location}}/services" - create_url: 'projects/{{project}}/locations/{{location}}/services?serviceId={{service_id}}' - self_link: "projects/{{project}}/locations/{{location}}/services/{{service_id}}" - update_verb: :PATCH - update_mask: true - description: | - A managed metastore service that serves metadata queries. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/dataproc-metastore/docs/overview' - api: 'https://cloud.google.com/dataproc-metastore/docs/reference/rest/v1/projects.locations.services' - iam_policy: !ruby/object:Api::Resource::IamPolicy - parent_resource_attribute: service_id - exclude: false - method_name_separator: ':' - import_format: ["projects/{{project}}/locations/{{location}}/services/{{service_id}}", "{{service_id}}"] - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 60 - update_minutes: 60 - delete_minutes: 60 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'serviceId' - required: true - input: true - url_param_only: true - description: | - The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 63 characters. - - !ruby/object:Api::Type::String - name: 'location' - url_param_only: true - input: true - default_value: global - description: | - The location where the metastore service should reside. - The default value is `global`. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The relative resource name of the metastore service. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'User-defined labels for the metastore service.' - # This is an x-product resource reference. - - !ruby/object:Api::Type::String - name: 'network' - input: true - description: | - The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: - - "projects/{projectNumber}/global/networks/{network_id}". - - !ruby/object:Api::Type::String - name: 'endpointUri' - output: true - description: | - The URI of the endpoint used to access the metastore service. - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - The TCP port at which the metastore service is reached. Default: 9083. - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - The current state of the metastore service. - - !ruby/object:Api::Type::String - name: 'stateMessage' - output: true - description: | - Additional information about the current state of the metastore service, if available. - - !ruby/object:Api::Type::String - name: 'artifactGcsUri' - output: true - description: | - A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored. - - !ruby/object:Api::Type::Enum - name: 'tier' - description: | - The tier of the service. - values: - - :DEVELOPER - - :ENTERPRISE - - !ruby/object:Api::Type::NestedObject - name: 'maintenanceWindow' - description: | - The one hour maintenance window of the metastore service. - This specifies when the service can be restarted for maintenance purposes in UTC time. - Maintenance window is not needed for services with the `SPANNER` database type. - properties: - - !ruby/object:Api::Type::Integer - name: 'hourOfDay' - description: | - The hour of day (0-23) when the window starts. - required: true - - !ruby/object:Api::Type::Enum - name: 'dayOfWeek' - description: | - The day of week, when the window starts. - required: true - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: 'encryptionConfig' - description: | - Information used to configure the Dataproc Metastore service to encrypt - customer data at rest. - properties: - - !ruby/object:Api::Type::String - name: 'kmsKey' - description: | - The fully qualified customer provided Cloud KMS key name to use for customer data encryption. - Use the following format: `projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)` - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'hiveMetastoreConfig' - description: | - Configuration information specific to running Hive metastore software as the metastore service. - properties: - - !ruby/object:Api::Type::Enum - name: 'endpointProtocol' - min_version: beta - input: true - default_value: :THRIFT - description: | - The protocol to use for the metastore service endpoint. If unspecified, defaults to `THRIFT`. - values: - - :THRIFT - - :GRPC - - !ruby/object:Api::Type::String - name: 'version' - input: true - required: true - description: | - The Hive metastore schema version. - - !ruby/object:Api::Type::KeyValuePairs - name: 'configOverrides' - description: | - A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml). - The mappings override system defaults (some keys cannot be overridden) - - !ruby/object:Api::Type::NestedObject - name: 'kerberosConfig' - description: | - Information used to configure the Hive metastore service as a service principal in a Kerberos realm. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'keytab' - required: true - description: | - A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC). - properties: - - !ruby/object:Api::Type::String - required: true - name: 'cloudSecret' - description: | - The relative resource name of a Secret Manager secret version, in the following form: - - "projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}". - - !ruby/object:Api::Type::String - name: 'principal' - required: true - description: | - A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form "primary/instance@REALM", but there is no exact format. - - !ruby/object:Api::Type::String - name: 'krb5ConfigGcsUri' - required: true - description: | - A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly. - - !ruby/object:Api::Type::Map - name: 'auxiliaryVersions' - min_version: beta - description: | - A mapping of Hive metastore version to the auxiliary version configuration. - When specified, a secondary Hive metastore service is created along with the primary service. - All auxiliary versions must be less than the service's primary version. - The key is the auxiliary service name and it must match the regular expression a-z?. - This means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen. - key_name: 'key' - key_description: | - The auxiliary service name - value_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'version' - required: true - description: | - The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version. - - !ruby/object:Api::Type::KeyValuePairs - name: 'configOverrides' - description: | - A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides. - If keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence. - - !ruby/object:Api::Type::NestedObject - name: 'networkConfig' - input: true - description: | - The configuration specifying the network settings for the Dataproc Metastore service. - properties: - - !ruby/object:Api::Type::Array - name: 'consumers' - description: | - The consumer-side network configuration for the Dataproc Metastore instance. - required: true - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'endpointUri' - description: | - The URI of the endpoint used to access the metastore service. - output: true - - !ruby/object:Api::Type::String - name: 'subnetwork' - required: true - description: | - The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint. - It is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network. - There must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form: - `projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id} - - !ruby/object:Api::Type::Enum - name: 'databaseType' - input: true - default_value: :MYSQL - description: | - The database type that the Metastore service stores its data. - values: - - :MYSQL - - :SPANNER - - !ruby/object:Api::Type::Enum - name: 'releaseChannel' - input: true - default_value: :STABLE - description: | - The release channel of the service. If unspecified, defaults to `STABLE`. - values: - - :CANARY - - :STABLE - - !ruby/object:Api::Type::String - name: 'uid' - output: true - description: | - The globally unique resource identifier of the metastore service. - - !ruby/object:Api::Type::NestedObject - name: 'metadataIntegration' - min_version: beta - description: | - The setting that defines how metastore metadata should be integrated with external services and systems. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'dataCatalogConfig' - required: true - description: | - The integration config for the Data Catalog service. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enabled' - required: true - description: | - Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog. - - !ruby/object:Api::Type::NestedObject - name: "telemetryConfig" - description: | - The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. - properties: - - !ruby/object:Api::Type::Enum - name: "logFormat" - default_value: :JSON - description: | - The output format of the Dataproc Metastore service's logs. - values: - - :LEGACY - - :JSON - - !ruby/object:Api::Resource - name: 'Federation' - min_version: beta - base_url: "projects/{{project}}/locations/{{location}}/federations" - create_url: 'projects/{{project}}/locations/{{location}}/federations?federationId={{federation_id}}' - self_link: "projects/{{project}}/locations/{{location}}/federations/{{federation_id}}" - update_verb: :PATCH - update_mask: true - description: | - A managed metastore federation. - iam_policy: !ruby/object:Api::Resource::IamPolicy - skip_import_test: true - parent_resource_attribute: federation_id - exclude: false - method_name_separator: ':' - import_format: ["projects/{{project}}/locations/{{location}}/federations/{{federation_id}}", "{{federation_id}}"] - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'federationId' - required: true - input: true - url_param_only: true - description: | - The ID of the metastore federation. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 63 characters. - - !ruby/object:Api::Type::String - name: 'location' - url_param_only: true - input: true - description: | - The location where the metastore federation should reside. - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The relative resource name of the metastore federation. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'User-defined labels for the metastore federation.' - - !ruby/object:Api::Type::String - name: 'endpointUri' - output: true - description: | - The URI of the endpoint used to access the metastore federation. - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: | - The current state of the metastore federation. - - !ruby/object:Api::Type::String - name: 'stateMessage' - output: true - description: | - Additional information about the current state of the metastore federation, if available. - - !ruby/object:Api::Type::String - name: 'uid' - output: true - description: | - The globally unique resource identifier of the metastore federation. - - !ruby/object:Api::Type::String - name: 'version' - input: true - required: true - description: | - The Apache Hive metastore version of the federation. All backend metastore versions must be compatible with the federation version. - - !ruby/object:Api::Type::Map - name: 'backendMetastores' - description: | - A map from BackendMetastore rank to BackendMetastores from which the federation service serves metadata at query time. The map key represents the order in which BackendMetastores should be evaluated to resolve database names at query time and should be greater than or equal to zero. A BackendMetastore with a lower number will be evaluated before a BackendMetastore with a higher number. - required: true - key_name: 'rank' - key_description: | - represents the order in which BackendMetastores should be evaluated to resolve database names at query time and should be greater than or equal to zero. - value_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The relative resource name of the metastore that is being federated. The formats of the relative resource names for the currently supported metastores are listed below: Dataplex: projects/{projectId}/locations/{location}/lakes/{lake_id} BigQuery: projects/{projectId} Dataproc Metastore: projects/{projectId}/locations/{location}/services/{serviceId} - - !ruby/object:Api::Type::Enum - name: 'metastoreType' - required: true - description: | - The type of the backend metastore. - values: - - :METASTORE_TYPE_UNSPECIFIED - - :DATAPROC_METASTORE - - :BIGQUERY diff --git a/mmv1/products/metastore/product.yaml b/mmv1/products/metastore/product.yaml new file mode 100644 index 000000000000..ee43aae5920e --- /dev/null +++ b/mmv1/products/metastore/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2021 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: DataprocMetastore +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://metastore.googleapis.com/v1beta/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://metastore.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-identity +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Dataproc Metastore API + url: https://console.cloud.google.com/apis/library/metastore.googleapis.com diff --git a/mmv1/products/mlengine/Model.yaml b/mmv1/products/mlengine/Model.yaml new file mode 100644 index 000000000000..636b88a84c49 --- /dev/null +++ b/mmv1/products/mlengine/Model.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Model' +base_url: projects/{{project}}/models +self_link: projects/{{project}}/models/{{name}} +# This resources is not updatable (outside of versions, which is a version-level method) +immutable: true +async: !ruby/object:Api::OpAsync + actions: ['delete'] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: | + Represents a machine learning solution. + + A model can have multiple versions, each of which is a deployed, trained model + ready to receive prediction requests. The model itself is just a container. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/ai-platform/prediction/docs/deploying-models' + api: 'https://cloud.google.com/ai-platform/prediction/docs/reference/rest/v1/projects.models' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The name specified for the model. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: The description specified for the model when it was created. + # Ignoring most of defaultVersion. + # Only name should be exposed. Use the Version resource to learn more + # about versions. + - !ruby/object:Api::Type::NestedObject + name: 'defaultVersion' + description: | + The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: The name specified for the version when it was created. + # Even though only one region is supported, keeping this as an array + # to future-proof it. + - !ruby/object:Api::Type::Array + name: 'regions' + description: | + The list of regions where the model is going to be deployed. + Currently only one region per model is supported + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'onlinePredictionLogging' + description: If true, online prediction access logs are sent to StackDriver Logging. + - !ruby/object:Api::Type::Boolean + name: 'onlinePredictionConsoleLogging' + description: If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: One or more labels that you can add, to organize your models. diff --git a/mmv1/products/mlengine/Version.yaml b/mmv1/products/mlengine/Version.yaml new file mode 100644 index 000000000000..3fbcb863aa44 --- /dev/null +++ b/mmv1/products/mlengine/Version.yaml @@ -0,0 +1,159 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Version' +base_url: projects/{{project}}/models/{{model}}/versions +self_link: projects/{{project}}/models/{{model}}/versions/{{name}} +immutable: true +description: | + Each version is a trained model deployed in the cloud, ready to handle + prediction requests. A model can have multiple versions +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'model' + description: The model that this version belongs to + resource: Model + imports: name + required: true + - !ruby/object:Api::Type::Boolean + name: 'isDefault' + description: If true, this version will be used to handle prediction requests that do not specify a version +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name specified for the version when it was created. + + The version name must be unique within the model it is created in. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: The description specified for the version when it was created. + - !ruby/object:Api::Type::String + name: 'deploymentUri' + description: The Cloud Storage location of the trained model used to create the version + required: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: The time the version was created. + output: true + - !ruby/object:Api::Type::Time + name: 'lastUseTime' + description: The time the version was last used for prediction. + output: true + - !ruby/object:Api::Type::String + name: 'runtimeVersion' + description: The AI Platform runtime version to use for this deployment + - !ruby/object:Api::Type::Enum + name: 'machineType' + description: The type of machine on which to serve the model. Currently only applies to online prediction service. + values: + - mls1-c1-m2 + - mls1-c4-m2 + - !ruby/object:Api::Type::Enum + name: 'state' + description: The state of a version + values: + - UNKNOWN + - READY + - CREATING + - FAILED + - DELETING + - UPDATING + output: true + - !ruby/object:Api::Type::String + name: 'errorMessage' + description: The details of a failure or cancellation + output: true + - !ruby/object:Api::Type::Array + name: 'packageUris' + description: Cloud Storage paths (gs://…) of packages for custom prediction routines or scikit-learn pipelines with custom code. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: One or more labels that you can add, to organize your model versions + # no etag since it's immutable: true + - !ruby/object:Api::Type::Enum + name: 'framework' + description: The machine learning framework AI Platform uses to train this version of the model + values: + - FRAMEWORK_UNSPECIFIED + - TENSORFLOW + - SCIKIT_LEARN + - XGBOOST + - !ruby/object:Api::Type::Enum + name: 'pythonVersion' + description: | + The version of Python used in prediction. If not set, the default + version is '2.7'. Python '3.5' is available when runtimeVersion is + set to '1.4' and above. Python '2.7' works with all supported runtime + versions. + values: + - '2.7' + - '3.5' + - !ruby/object:Api::Type::String + name: 'serviceAccount' + description: Specifies the service account for resource access control. + - !ruby/object:Api::Type::NestedObject + name: 'autoScaling' + description: | + Automatically scale the number of nodes used to serve the model in + response to increases and decreases in traffic. Care should be taken + to ramp up traffic according to the model's ability to scale or you + will start seeing increases in latency and 429 response codes. + conflicts: ['manual_scaling'] + properties: + - !ruby/object:Api::Type::Integer + name: 'minNodes' + description: The minimum number of nodes to allocate for this mode + - !ruby/object:Api::Type::NestedObject + name: 'manualScaling' + description: | + Manually select the number of nodes to use for serving the model. You + should generally use autoScaling with an appropriate minNodes + instead, but this option is available if you want more predictable + billing. Beware that latency and error rates will increase if the + traffic exceeds that capability of the system to serve it based on + the selected number of nodes. + properties: + - !ruby/object:Api::Type::Integer + name: 'nodes' + description: The number of nodes to allocate for this model. These nodes are always up, starting from the time the model is deployed + - !ruby/object:Api::Type::String + name: 'predictionClass' + description: | + The fully qualified name (module_name.class_name) of a class that + implements the Predictor interface described in this reference + field. The module containing this class should be included in a + package provided to the packageUris field. + + diff --git a/mmv1/products/mlengine/api.yaml b/mmv1/products/mlengine/api.yaml deleted file mode 100644 index 535e4ddacedd..000000000000 --- a/mmv1/products/mlengine/api.yaml +++ /dev/null @@ -1,243 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: MLEngine -display_name: ML Engine -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://ml.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud ML - url: https://console.cloud.google.com/apis/library/ml.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'Model' - base_url: projects/{{project}}/models - self_link: projects/{{project}}/models/{{name}} - # This resources is not updatable (outside of versions, which is a version-level method) - input: true - async: !ruby/object:Api::OpAsync - actions: ['delete'] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: | - Represents a machine learning solution. - - A model can have multiple versions, each of which is a deployed, trained model - ready to receive prediction requests. The model itself is just a container. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/ai-platform/prediction/docs/deploying-models' - api: 'https://cloud.google.com/ai-platform/prediction/docs/reference/rest/v1/projects.models' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The name specified for the model. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: The description specified for the model when it was created. - # Ignoring most of defaultVersion. - # Only name should be exposed. Use the Version resource to learn more - # about versions. - - !ruby/object:Api::Type::NestedObject - name: 'defaultVersion' - description: | - The default version of the model. This version will be used to handle - prediction requests that do not specify a version. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: The name specified for the version when it was created. - # Even though only one region is supported, keeping this as an array - # to future-proof it. - - !ruby/object:Api::Type::Array - name: 'regions' - description: | - The list of regions where the model is going to be deployed. - Currently only one region per model is supported - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'onlinePredictionLogging' - description: If true, online prediction access logs are sent to StackDriver Logging. - - !ruby/object:Api::Type::Boolean - name: 'onlinePredictionConsoleLogging' - description: If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: One or more labels that you can add, to organize your models. - - !ruby/object:Api::Resource - name: 'Version' - base_url: projects/{{project}}/models/{{model}}/versions - self_link: projects/{{project}}/models/{{model}}/versions/{{name}} - input: true - description: | - Each version is a trained model deployed in the cloud, ready to handle - prediction requests. A model can have multiple versions - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'model' - description: The model that this version belongs to - resource: Model - imports: name - required: true - - !ruby/object:Api::Type::Boolean - name: 'isDefault' - description: If true, this version will be used to handle prediction requests that do not specify a version - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name specified for the version when it was created. - - The version name must be unique within the model it is created in. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: The description specified for the version when it was created. - - !ruby/object:Api::Type::String - name: 'deploymentUri' - description: The Cloud Storage location of the trained model used to create the version - required: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: The time the version was created. - output: true - - !ruby/object:Api::Type::Time - name: 'lastUseTime' - description: The time the version was last used for prediction. - output: true - - !ruby/object:Api::Type::String - name: 'runtimeVersion' - description: The AI Platform runtime version to use for this deployment - - !ruby/object:Api::Type::Enum - name: 'machineType' - description: The type of machine on which to serve the model. Currently only applies to online prediction service. - values: - - mls1-c1-m2 - - mls1-c4-m2 - - !ruby/object:Api::Type::Enum - name: 'state' - description: The state of a version - values: - - UNKNOWN - - READY - - CREATING - - FAILED - - DELETING - - UPDATING - output: true - - !ruby/object:Api::Type::String - name: 'errorMessage' - description: The details of a failure or cancellation - output: true - - !ruby/object:Api::Type::Array - name: 'packageUris' - description: Cloud Storage paths (gs://…) of packages for custom prediction routines or scikit-learn pipelines with custom code. - output: true - item_type: Api::Type::String - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: One or more labels that you can add, to organize your model versions - # no etag since it's input: true - - !ruby/object:Api::Type::Enum - name: 'framework' - description: The machine learning framework AI Platform uses to train this version of the model - values: - - FRAMEWORK_UNSPECIFIED - - TENSORFLOW - - SCIKIT_LEARN - - XGBOOST - - !ruby/object:Api::Type::Enum - name: 'pythonVersion' - description: | - The version of Python used in prediction. If not set, the default - version is '2.7'. Python '3.5' is available when runtimeVersion is - set to '1.4' and above. Python '2.7' works with all supported runtime - versions. - values: - - '2.7' - - '3.5' - - !ruby/object:Api::Type::String - name: 'serviceAccount' - description: Specifies the service account for resource access control. - - !ruby/object:Api::Type::NestedObject - name: 'autoScaling' - description: | - Automatically scale the number of nodes used to serve the model in - response to increases and decreases in traffic. Care should be taken - to ramp up traffic according to the model's ability to scale or you - will start seeing increases in latency and 429 response codes. - conflicts: ['manual_scaling'] - properties: - - !ruby/object:Api::Type::Integer - name: 'minNodes' - description: The minimum number of nodes to allocate for this mode - - !ruby/object:Api::Type::NestedObject - name: 'manualScaling' - description: | - Manually select the number of nodes to use for serving the model. You - should generally use autoScaling with an appropriate minNodes - instead, but this option is available if you want more predictable - billing. Beware that latency and error rates will increase if the - traffic exceeds that capability of the system to serve it based on - the selected number of nodes. - properties: - - !ruby/object:Api::Type::Integer - name: 'nodes' - description: The number of nodes to allocate for this model. These nodes are always up, starting from the time the model is deployed - - !ruby/object:Api::Type::String - name: 'predictionClass' - description: | - The fully qualified name (module_name.class_name) of a class that - implements the Predictor interface described in this reference - field. The module containing this class should be included in a - package provided to the packageUris field. - diff --git a/mmv1/products/mlengine/product.yaml b/mmv1/products/mlengine/product.yaml new file mode 100644 index 000000000000..a22ed3adcf55 --- /dev/null +++ b/mmv1/products/mlengine/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: MLEngine +display_name: ML Engine +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://ml.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud ML + url: https://console.cloud.google.com/apis/library/ml.googleapis.com diff --git a/mmv1/products/monitoring/AlertPolicy.yaml b/mmv1/products/monitoring/AlertPolicy.yaml new file mode 100644 index 000000000000..b6b162b09b26 --- /dev/null +++ b/mmv1/products/monitoring/AlertPolicy.yaml @@ -0,0 +1,842 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AlertPolicy' +base_url: v3/projects/{{project}}/alertPolicies +self_link: "v3/{{name}}" +update_verb: :PATCH +update_mask: true +description: | + A description of the conditions under which some aspect of your system is + considered to be "unhealthy" and the ways to notify people or services + about this state. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/monitoring/alerts/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.alertPolicies' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID] + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + required: true + - !ruby/object:Api::Type::Enum + name: combiner + description: | + How to combine the results of multiple conditions to + determine if an incident should be opened. + values: + - :AND + - :OR + - :AND_WITH_MATCHING_RESOURCE + required: true + - !ruby/object:Api::Type::NestedObject + name: creationRecord + description: | + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + output: true + properties: + - !ruby/object:Api::Type::String + name: mutateTime + output: true + description: | + When the change occurred. + - !ruby/object:Api::Type::String + output: true + name: mutatedBy + description: | + The email address of the user making the change. + - !ruby/object:Api::Type::Boolean + name: enabled + default_value: true + send_empty_value: true + description: | + Whether or not the policy is enabled. The default is true. + - !ruby/object:Api::Type::Array + name: 'conditions' + description: | + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: conditionAbsent + description: | + A condition that checks that a time series + continues to receive new data points. + properties: + - !ruby/object:Api::Type::Array + name: aggregations + description: | + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: perSeriesAligner + description: | + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + values: + - :ALIGN_NONE + - :ALIGN_DELTA + - :ALIGN_RATE + - :ALIGN_INTERPOLATE + - :ALIGN_NEXT_OLDER + - :ALIGN_MIN + - :ALIGN_MAX + - :ALIGN_MEAN + - :ALIGN_COUNT + - :ALIGN_SUM + - :ALIGN_STDDEV + - :ALIGN_COUNT_TRUE + - :ALIGN_COUNT_FALSE + - :ALIGN_FRACTION_TRUE + - :ALIGN_PERCENTILE_99 + - :ALIGN_PERCENTILE_95 + - :ALIGN_PERCENTILE_50 + - :ALIGN_PERCENTILE_05 + - :ALIGN_PERCENT_CHANGE + - !ruby/object:Api::Type::Array + name: groupByFields + description: | + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: alignmentPeriod + description: | + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + - !ruby/object:Api::Type::Enum + name: crossSeriesReducer + description: | + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + values: + - :REDUCE_NONE + - :REDUCE_MEAN + - :REDUCE_MIN + - :REDUCE_MAX + - :REDUCE_SUM + - :REDUCE_STDDEV + - :REDUCE_COUNT + - :REDUCE_COUNT_TRUE + - :REDUCE_COUNT_FALSE + - :REDUCE_FRACTION_TRUE + - :REDUCE_PERCENTILE_99 + - :REDUCE_PERCENTILE_95 + - :REDUCE_PERCENTILE_50 + - :REDUCE_PERCENTILE_05 + - !ruby/object:Api::Type::NestedObject + name: trigger + description: | + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. + properties: + - !ruby/object:Api::Type::Double + name: percent + description: | + The percentage of time series that + must fail the predicate for the + condition to be triggered. + - !ruby/object:Api::Type::Integer + name: count + description: | + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + - !ruby/object:Api::Type::String + name: duration + description: | + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + required: true + - !ruby/object:Api::Type::String + name: filter + description: | + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + - !ruby/object:Api::Type::String + name: name + description: | + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + output: true + - !ruby/object:Api::Type::NestedObject + name: conditionMonitoringQueryLanguage + description: | + A Monitoring Query Language query that outputs a boolean stream + properties: + - !ruby/object:Api::Type::String + name: query + description: | + Monitoring Query Language query that outputs a boolean stream. + required: true + - !ruby/object:Api::Type::String + name: duration + required: true + description: | + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + - !ruby/object:Api::Type::NestedObject + name: trigger + description: | + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + - !ruby/object:Api::Type::Double + name: percent + description: | + The percentage of time series that + must fail the predicate for the + condition to be triggered. + - !ruby/object:Api::Type::Integer + name: count + description: | + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + - !ruby/object:Api::Type::Enum + name: evaluationMissingData + description: | + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. + values: + - :EVALUATION_MISSING_DATA_INACTIVE + - :EVALUATION_MISSING_DATA_ACTIVE + - :EVALUATION_MISSING_DATA_NO_OP + - !ruby/object:Api::Type::NestedObject + name: conditionThreshold + description: | + A condition that compares a time series against a + threshold. + properties: + - !ruby/object:Api::Type::Double + name: thresholdValue + description: | + A value against which to compare the time + series. + - !ruby/object:Api::Type::String + name: denominatorFilter + description: | + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + - !ruby/object:Api::Type::Array + name: denominatorAggregations + description: | + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: perSeriesAligner + description: | + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + values: + - :ALIGN_NONE + - :ALIGN_DELTA + - :ALIGN_RATE + - :ALIGN_INTERPOLATE + - :ALIGN_NEXT_OLDER + - :ALIGN_MIN + - :ALIGN_MAX + - :ALIGN_MEAN + - :ALIGN_COUNT + - :ALIGN_SUM + - :ALIGN_STDDEV + - :ALIGN_COUNT_TRUE + - :ALIGN_COUNT_FALSE + - :ALIGN_FRACTION_TRUE + - :ALIGN_PERCENTILE_99 + - :ALIGN_PERCENTILE_95 + - :ALIGN_PERCENTILE_50 + - :ALIGN_PERCENTILE_05 + - :ALIGN_PERCENT_CHANGE + - !ruby/object:Api::Type::Array + name: groupByFields + description: | + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: alignmentPeriod + description: | + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + - !ruby/object:Api::Type::Enum + name: crossSeriesReducer + description: | + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + values: + - :REDUCE_NONE + - :REDUCE_MEAN + - :REDUCE_MIN + - :REDUCE_MAX + - :REDUCE_SUM + - :REDUCE_STDDEV + - :REDUCE_COUNT + - :REDUCE_COUNT_TRUE + - :REDUCE_COUNT_FALSE + - :REDUCE_FRACTION_TRUE + - :REDUCE_PERCENTILE_99 + - :REDUCE_PERCENTILE_95 + - :REDUCE_PERCENTILE_50 + - :REDUCE_PERCENTILE_05 + - !ruby/object:Api::Type::String + name: duration + required: true + description: | + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + - !ruby/object:Api::Type::Enum + name: comparison + description: | + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. + values: + - :COMPARISON_GT + - :COMPARISON_GE + - :COMPARISON_LT + - :COMPARISON_LE + - :COMPARISON_EQ + - :COMPARISON_NE + required: true + - !ruby/object:Api::Type::NestedObject + name: trigger + description: | + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + - !ruby/object:Api::Type::Double + name: percent + description: | + The percentage of time series that + must fail the predicate for the + condition to be triggered. + - !ruby/object:Api::Type::Integer + name: count + description: | + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + - !ruby/object:Api::Type::Array + name: aggregations + description: | + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: perSeriesAligner + description: | + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + values: + - :ALIGN_NONE + - :ALIGN_DELTA + - :ALIGN_RATE + - :ALIGN_INTERPOLATE + - :ALIGN_NEXT_OLDER + - :ALIGN_MIN + - :ALIGN_MAX + - :ALIGN_MEAN + - :ALIGN_COUNT + - :ALIGN_SUM + - :ALIGN_STDDEV + - :ALIGN_COUNT_TRUE + - :ALIGN_COUNT_FALSE + - :ALIGN_FRACTION_TRUE + - :ALIGN_PERCENTILE_99 + - :ALIGN_PERCENTILE_95 + - :ALIGN_PERCENTILE_50 + - :ALIGN_PERCENTILE_05 + - :ALIGN_PERCENT_CHANGE + - !ruby/object:Api::Type::Array + name: groupByFields + description: | + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: alignmentPeriod + description: | + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + - !ruby/object:Api::Type::Enum + name: crossSeriesReducer + description: | + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. + values: + - :REDUCE_NONE + - :REDUCE_MEAN + - :REDUCE_MIN + - :REDUCE_MAX + - :REDUCE_SUM + - :REDUCE_STDDEV + - :REDUCE_COUNT + - :REDUCE_COUNT_TRUE + - :REDUCE_COUNT_FALSE + - :REDUCE_FRACTION_TRUE + - :REDUCE_PERCENTILE_99 + - :REDUCE_PERCENTILE_95 + - :REDUCE_PERCENTILE_50 + - :REDUCE_PERCENTILE_05 + - !ruby/object:Api::Type::String + name: filter + description: | + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + - !ruby/object:Api::Type::Enum + name: evaluationMissingData + description: | + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. + values: + - :EVALUATION_MISSING_DATA_INACTIVE + - :EVALUATION_MISSING_DATA_ACTIVE + - :EVALUATION_MISSING_DATA_NO_OP + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + - !ruby/object:Api::Type::NestedObject + name: conditionMatchedLog + description: | + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + properties: + - !ruby/object:Api::Type::String + name: filter + description: | + A logs-based filter. + required: true + - !ruby/object:Api::Type::KeyValuePairs + name: labelExtractors + description: | + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + required: true + - !ruby/object:Api::Type::Array + name: 'notificationChannels' + # TODO chrisst - turn this into a resource ref + description: | + Identifies the notification channels to which notifications should be + sent when incidents are opened or closed or when new violations occur + on an already opened incident. Each element of this array corresponds + to the name field in each of the NotificationChannel objects that are + returned from the notificationChannels.list method. The syntax of the + entries in this field is + `projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]` + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: alertStrategy + description: | + Control over how this alert policy's notification channels are notified. + properties: + - !ruby/object:Api::Type::NestedObject + name: notificationRateLimit + description: | + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + properties: + - !ruby/object:Api::Type::String + name: period + description: | + Not more than one notification per period. + - !ruby/object:Api::Type::String + name: autoClose + description: | + If an alert policy that was active has no data for this long, any open incidents will close. + - !ruby/object:Api::Type::KeyValuePairs + name: userLabels + description: | + This field is intended to be used for organizing and identifying the AlertPolicy + objects.The field can contain up to 64 entries. Each key and value is limited + to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values + can contain only lowercase letters, numerals, underscores, and dashes. Keys + must begin with a letter. + - !ruby/object:Api::Type::NestedObject + name: documentation + description: | + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + properties: + - !ruby/object:Api::Type::String + name: content + at_least_one_of: + - documentation.0.content + - documentation.0.mime_type + description: | + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + - !ruby/object:Api::Type::String + name: mimeType + at_least_one_of: + - documentation.0.content + - documentation.0.mime_type + default_value: text/markdown + description: | + The format of the content field. Presently, only the value + "text/markdown" is supported. + diff --git a/mmv1/products/monitoring/GenericService.yaml b/mmv1/products/monitoring/GenericService.yaml new file mode 100644 index 000000000000..db97b5d4132e --- /dev/null +++ b/mmv1/products/monitoring/GenericService.yaml @@ -0,0 +1,95 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: GenericService +base_url: v3/projects/{{project}}/services +create_url: v3/projects/{{project}}/services?serviceId={{service_id}} +self_link: "v3/projects/{{project}}/services/{{service_id}}" +update_verb: :PATCH +update_mask: true +description: | + A Service is a discrete, autonomous, and network-accessible unit, + designed to solve an individual concern (Wikipedia). In Cloud Monitoring, + a Service acts as the root resource under which operational aspects of + the service are accessible +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Service Monitoring': 'https://cloud.google.com/monitoring/service-monitoring' + 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services' +parameters: +- !ruby/object:Api::Type::String + name: serviceId + description: | + An optional service ID to use. If not given, the server will generate a + service ID. + immutable: true + required: true + url_param_only: true +properties: +- !ruby/object:Api::Type::String + name: name + description: | + The full resource name for this service. The syntax is: + projects/[PROJECT_ID]/services/[SERVICE_ID]. + output: true +- !ruby/object:Api::Type::String + name: displayName + description: | + Name used for UI elements listing this Service. +- !ruby/object:Api::Type::KeyValuePairs + name: 'userLabels' + description: | + Labels which have been used to annotate the service. Label keys must start + with a letter. Label keys and values may contain lowercase letters, + numbers, underscores, and dashes. Label keys and values have a maximum + length of 63 characters, and must be less than 128 bytes in size. Up to 64 + label entries may be stored. For labels which do not have a semantic value, + the empty string may be supplied for the label value. + send_empty_value: true +- !ruby/object:Api::Type::NestedObject + name: telemetry + description: | + Configuration for how to query telemetry on a Service. + # Non custom service have non-editable telemetry + output: true + properties: + - !ruby/object:Api::Type::String + name: resourceName + description: | + The full name of the resource that defines this service. + Formatted as described in + https://cloud.google.com/apis/design/resource_names. +- !ruby/object:Api::Type::NestedObject + name: basicService + description: | + A well-known service type, defined by its service type and service labels. + Valid values are described at + https://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli + # BasicService info can be set on creation but is then immutable. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: serviceType + description: | + The type of service that this basic service defines, e.g. + APP_ENGINE service type + - !ruby/object:Api::Type::KeyValuePairs + name: serviceLabels + immutable: true + description: | + Labels that specify the resource that emits the monitoring data + which is used for SLO reporting of this `Service`. + + diff --git a/mmv1/products/monitoring/Group.yaml b/mmv1/products/monitoring/Group.yaml new file mode 100644 index 000000000000..90924575d378 --- /dev/null +++ b/mmv1/products/monitoring/Group.yaml @@ -0,0 +1,61 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Group' +base_url: v3/projects/{{project}}/groups +self_link: "v3/{{name}}" +update_verb: :PUT +description: | + The description of a dynamic collection of monitored resources. Each group + has a filter that is matched against monitored resources and their + associated metadata. If a group's filter matches an available monitored + resource, then that resource is a member of that group. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/monitoring/groups/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.groups' +properties: + - !ruby/object:Api::Type::String + name: parentName + # TODO chrisst - turn into self-reference if possible. + description: | + The name of the group's parent, if it has one. The format is + "projects/{project_id_or_number}/groups/{group_id}". For + groups with no parent, parentName is the empty string, "". + - !ruby/object:Api::Type::String + name: name + description: | + A unique identifier for this group. The format is + "projects/{project_id_or_number}/groups/{group_id}". + output: true + - !ruby/object:Api::Type::Boolean + name: isCluster + description: | + If true, the members of this group are considered to be a + cluster. The system can perform additional analysis on + groups that are clusters. + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + A user-assigned name for this group, used only for display + purposes. + - !ruby/object:Api::Type::String + name: filter + required: true + description: | + The filter used to determine which monitored resources + belong to this group. + diff --git a/mmv1/products/monitoring/MetricDescriptor.yaml b/mmv1/products/monitoring/MetricDescriptor.yaml new file mode 100644 index 000000000000..4ee15d17d056 --- /dev/null +++ b/mmv1/products/monitoring/MetricDescriptor.yaml @@ -0,0 +1,174 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: MetricDescriptor +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/monitoring/custom-metrics/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors' +base_url: v3/projects/{{project}}/metricDescriptors +self_link: "v3/{{name}}" +update_verb: :POST +update_url: v3/projects/{{project}}/metricDescriptors +description: Defines a metric type and its schema. Once a metric descriptor is created, + deleting or altering it stops data collection and makes the metric type's existing data + unusable. +properties: +- !ruby/object:Api::Type::String + name: name + output: true + description: The resource name of the metric descriptor. +- !ruby/object:Api::Type::String + name: type + immutable: true + required: true + description: The metric type, including its DNS name prefix. The type is not + URL-encoded. All service defined metrics must be prefixed with the service name, + in the format of {service name}/{relative metric name}, such as + cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must + have only upper and lower-case letters, digits, '/' and underscores '_' are + allowed. Additionally, the maximum number of characters allowed for the + relative_metric_name is 100. All user-defined metric types have the DNS name + custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/. +- !ruby/object:Api::Type::Array + name: labels + description: The set of labels that can be used to describe a specific instance of this + metric type. In order to delete a label, the entire resource must be deleted, + then created with the desired labels. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: key + required: true + description: The key for this label. The key must not exceed 100 characters. The + first character of the key must be an upper- or lower-case letter, the remaining + characters must be letters, digits or underscores, and the key must match the + regular expression [a-zA-Z][a-zA-Z0-9_]* + - !ruby/object:Api::Type::Enum + name: valueType + description: The type of data that can be assigned to the label. + default_value: :STRING + values: + - :STRING + - :BOOL + - :INT64 + - !ruby/object:Api::Type::String + name: description + description: A human-readable description for the label. +- !ruby/object:Api::Type::Enum + name: metricKind + immutable: true + required: true + description: Whether the metric records instantaneous values, changes to a value, etc. + Some combinations of metricKind and valueType might not be supported. + values: + - :METRIC_KIND_UNSPECIFIED + - :GAUGE + - :DELTA + - :CUMULATIVE +- !ruby/object:Api::Type::Enum + name: valueType + immutable: true + required: true + description: Whether the measurement is an integer, a floating-point number, etc. Some + combinations of metricKind and valueType might not be supported. + values: + - :BOOL + - :INT64 + - :DOUBLE + - :STRING + - :DISTRIBUTION +- !ruby/object:Api::Type::String + name: unit + immutable: true + description: | + The units in which the metric value is reported. It is only applicable if the + valueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of + the stored metric values. + + Different systems may scale the values to be more easily displayed (so a value of + 0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as + 3.5MBy). However, if the unit is KBy, then the value of the metric is always in + thousands of bytes, no matter how it may be displayed. + + If you want a custom metric to record the exact number of CPU-seconds used by a job, + you can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently + 1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as + 12005. + + Alternatively, if you want a custom metric to record data in a more granular way, you + can create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value + 12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024). + The supported units are a subset of The Unified Code for Units of Measure standard. + More info can be found in the API documentation + (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors). +- !ruby/object:Api::Type::String + name: description + immutable: true + required: true + description: A detailed description of the metric, which can be used in documentation. +- !ruby/object:Api::Type::String + name: displayName + immutable: true + required: true + description: A concise name for the metric, which can be displayed in user interfaces. + Use sentence case without an ending period, for example "Request count". +- !ruby/object:Api::Type::NestedObject + name: metadata + immutable: true + description: Metadata which can be used to guide usage of the metric. + properties: + - !ruby/object:Api::Type::String + name: samplePeriod + at_least_one_of: + - metadata.0.sample_period + - metadata.0.ingest_delay + description: The sampling period of metric data points. For metrics which are + written periodically, consecutive data points are stored at this time interval, + excluding data loss due to errors. Metrics with a higher granularity have a + smaller sampling period. In + `[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)`. + - !ruby/object:Api::Type::String + name: ingestDelay + at_least_one_of: + - metadata.0.sample_period + - metadata.0.ingest_delay + description: The delay of data points caused by ingestion. Data points older than + this age are guaranteed to be ingested and available to be read, excluding data + loss due to errors. In + `[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)`. +- !ruby/object:Api::Type::Enum + name: launchStage + immutable: true + description: The launch stage of the metric definition. + values: + - :LAUNCH_STAGE_UNSPECIFIED + - :UNIMPLEMENTED + - :PRELAUNCH + - :EARLY_ACCESS + - :ALPHA + - :BETA + - :GA + - :DEPRECATED +- !ruby/object:Api::Type::Array + name: monitoredResourceTypes + output: true + description: If present, then a time series, which is identified partially by + a metric type and a MonitoredResourceDescriptor, that is associated with this metric + type can only be associated with one of the monitored resource types listed here. + This field allows time series to be associated with the intersection of this metric + type and the monitored resource types in this list. + item_type: Api::Type::String + diff --git a/mmv1/products/monitoring/NotificationChannel.yaml b/mmv1/products/monitoring/NotificationChannel.yaml new file mode 100644 index 000000000000..bf6293b1ba96 --- /dev/null +++ b/mmv1/products/monitoring/NotificationChannel.yaml @@ -0,0 +1,140 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: NotificationChannel +base_url: v3/projects/{{project}}/notificationChannels +self_link: "v3/{{name}}" +update_verb: :PATCH +description: | + A NotificationChannel is a medium through which an alert is delivered + when a policy violation is detected. Examples of channels include email, SMS, + and third-party messaging applications. Fields containing sensitive information + like authentication tokens or contact info are only partially populated on retrieval. + + Notification Channels are designed to be flexible and are made up of a supported `type` + and labels to configure that channel. Each `type` has specific labels that need to be + present for that channel to be correctly configured. The labels that are required to be + present for one channel `type` are often different than those required for another. + Due to these loose constraints it's often best to set up a channel through the UI + and import to Terraform when setting up a brand new channel type to determine which + labels are required. + + A list of supported channels per project the `list` endpoint can be + accessed programmatically or through the api explorer at https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list . + This provides the channel type and all of the required labels that must be passed. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Notification Options': 'https://cloud.google.com/monitoring/support/notification-options' + 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannels' +properties: +- !ruby/object:Api::Type::KeyValuePairs + name: labels + description: Configuration fields that define the channel and its behavior. The + permissible and required labels are specified in the NotificationChannelDescriptor.labels + of the NotificationChannelDescriptor corresponding to the type field. +- !ruby/object:Api::Type::NestedObject + name: sensitiveLabels + # This is a helper object for Terraform only + exclude: true + url_param_only: true + description: | + Terraform only field + properties: + - !ruby/object:Api::Type::String + name: authToken + exactly_one_of: + - sensitive_labels.0.auth_token + - sensitive_labels.0.password + - sensitive_labels.0.service_key + description: | + An authorization token for a notification channel. Channel types that support this field include: slack + - !ruby/object:Api::Type::String + name: password + exactly_one_of: + - sensitive_labels.0.auth_token + - sensitive_labels.0.password + - sensitive_labels.0.service_key + description: | + An password for a notification channel. Channel types that support this field include: webhook_basicauth + - !ruby/object:Api::Type::String + name: serviceKey + exactly_one_of: + - sensitive_labels.0.auth_token + - sensitive_labels.0.password + - sensitive_labels.0.service_key + description: | + An servicekey token for a notification channel. Channel types that support this field include: pagerduty +- !ruby/object:Api::Type::String + name: name + description: | + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + output: true +- !ruby/object:Api::Type::Enum + name: verificationStatus + description: Indicates whether this channel has been verified or not. On a ListNotificationChannels + or GetNotificationChannel operation, this field is expected to be populated.If + the value is UNVERIFIED, then it indicates that the channel is non-functioning + (it both requires verification and lacks verification); otherwise, it is assumed + that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it + implies that the channel is of a type that does not require verification or + that this specific channel has been exempted from verification because it was + created prior to verification being required for channels of this type.This + field cannot be modified using a standard UpdateNotificationChannel operation. + To change the value of this field, you must call VerifyNotificationChannel. + output: true + values: + - :VERIFICATION_STATUS_UNSPECIFIED + - :UNVERIFIED + - :VERIFIED +- !ruby/object:Api::Type::String + name: type + required: true + description: The type of the notification channel. This field matches the value + of the NotificationChannelDescriptor.type field. See + https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... +- !ruby/object:Api::Type::KeyValuePairs + name: userLabels + description: User-supplied key/value data that does not need to conform to the + corresponding NotificationChannelDescriptor's schema, unlike the labels field. + This field is intended to be used for organizing and identifying the NotificationChannel + objects.The field can contain up to 64 entries. Each key and value is limited + to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values + can contain only lowercase letters, numerals, underscores, and dashes. Keys + must begin with a letter. +- !ruby/object:Api::Type::String + name: description + description: An optional human-readable description of this notification channel. + This description may provide additional details, beyond the display name, for + the channel. This may not exceed 1024 Unicode characters. +- !ruby/object:Api::Type::String + name: displayName + description: An optional human-readable name for this notification channel. It + is recommended that you specify a non-empty and unique name in order to make + it easier to identify the channels in your project, though this is not enforced. + The display name is limited to 512 Unicode characters. +- !ruby/object:Api::Type::Boolean + name: enabled + default_value: true + send_empty_value: true + description: Whether notifications are forwarded to the described channel. This + makes it possible to disable delivery of notifications to a particular channel + without removing the channel from all alerting policies that reference the channel. + This is a more convenient approach when the change is temporary and you want + to receive notifications from the same set of alerting policies on the channel + at some point in the future. + diff --git a/mmv1/products/monitoring/Service.yaml b/mmv1/products/monitoring/Service.yaml new file mode 100644 index 000000000000..ebce600e3e54 --- /dev/null +++ b/mmv1/products/monitoring/Service.yaml @@ -0,0 +1,70 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Service +base_url: v3/projects/{{project}}/services +create_url: v3/projects/{{project}}/services?serviceId={{service_id}} +self_link: "v3/{{name}}" +update_verb: :PATCH +update_mask: true +description: | + A Service is a discrete, autonomous, and network-accessible unit, + designed to solve an individual concern (Wikipedia). In Cloud Monitoring, + a Service acts as the root resource under which operational aspects of + the service are accessible +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Service Monitoring': 'https://cloud.google.com/monitoring/service-monitoring' + 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services' +parameters: +- !ruby/object:Api::Type::String + name: serviceId + description: | + An optional service ID to use. If not given, the server will generate a + service ID. + immutable: true +properties: +- !ruby/object:Api::Type::String + name: name + description: | + The full resource name for this service. The syntax is: + projects/[PROJECT_ID]/services/[SERVICE_ID]. + output: true +- !ruby/object:Api::Type::String + name: displayName + description: | + Name used for UI elements listing this Service. +- !ruby/object:Api::Type::KeyValuePairs + name: 'userLabels' + description: | + Labels which have been used to annotate the service. Label keys must start + with a letter. Label keys and values may contain lowercase letters, + numbers, underscores, and dashes. Label keys and values have a maximum + length of 63 characters, and must be less than 128 bytes in size. Up to 64 + label entries may be stored. For labels which do not have a semantic value, + the empty string may be supplied for the label value. + send_empty_value: true +- !ruby/object:Api::Type::NestedObject + name: telemetry + description: | + Configuration for how to query telemetry on a Service. + properties: + - !ruby/object:Api::Type::String + name: resourceName + description: | + The full name of the resource that defines this service. + Formatted as described in + https://cloud.google.com/apis/design/resource_names. + diff --git a/mmv1/products/monitoring/Slo.yaml b/mmv1/products/monitoring/Slo.yaml new file mode 100644 index 000000000000..fdb2b354c9fa --- /dev/null +++ b/mmv1/products/monitoring/Slo.yaml @@ -0,0 +1,660 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Slo +base_url: v3/projects/{{project}}/services/{{service}}/serviceLevelObjectives +# name = projects/{{project}}/services/{{service}}/serviceLevelObjectives/{{slo_id}} +self_link: "v3/{{name}}" +create_url: v3/projects/{{project}}/services/{{service}}/serviceLevelObjectives?serviceLevelObjectiveId={{slo_id}} +update_verb: :PATCH +update_mask: true +description: | + A Service-Level Objective (SLO) describes the level of desired good + service. It consists of a service-level indicator (SLI), a performance + goal, and a period over which the objective is to be evaluated against + that goal. The SLO can use SLIs defined in a number of different manners. + Typical SLOs might include "99% of requests in each rolling week have + latency below 200 milliseconds" or "99.5% of requests in each calendar + month return successfully." +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Service Monitoring': 'https://cloud.google.com/monitoring/service-monitoring' + 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services.serviceLevelObjectives' +parameters: +- !ruby/object:Api::Type::String + name: service + required: true + url_param_only: true + immutable: true + description: | + ID of the service to which this SLO belongs. +- !ruby/object:Api::Type::String + name: sloId + description: | + The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead. + immutable: true +properties: +- !ruby/object:Api::Type::String + name: name + description: | + The full resource name for this service. The syntax is: + projects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME] + output: true +- !ruby/object:Api::Type::String + name: displayName + description: | + Name used for UI elements listing this SLO. +- !ruby/object:Api::Type::Double + name: goal + required: true + description: | + The fraction of service that must be good in order for this objective + to be met. 0 < goal <= 0.999 +- !ruby/object:Api::Type::Integer + name: rollingPeriodDays + api_name: rollingPeriod + exactly_one_of: + - rolling_period_days + - calendar_period + description: | + A rolling time period, semantically "in the past X days". + Must be between 1 to 30 days, inclusive. +- !ruby/object:Api::Type::Enum + name: calendarPeriod + exactly_one_of: + - rolling_period_days + - calendar_period + description: | + A calendar period, semantically "since the start of the current + ". + values: + - DAY + - WEEK + - FORTNIGHT + - MONTH +- !ruby/object:Api::Type::KeyValuePairs + name: userLabels + description: | + This field is intended to be used for organizing and identifying the AlertPolicy + objects.The field can contain up to 64 entries. Each key and value is limited + to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values + can contain only lowercase letters, numerals, underscores, and dashes. Keys + must begin with a letter. + send_empty_value: true +- !ruby/object:Api::Type::NestedObject + name: serviceLevelIndicator + description: | + serviceLevelIndicator (SLI) describes a good service. + It is used to measure and calculate the quality of the Service's + performance with respect to a single aspect of service quality. + properties: + - !ruby/object:Api::Type::NestedObject + name: basicSli + exactly_one_of: + - service_level_indicator.0.basic_sli + - service_level_indicator.0.request_based_sli + - service_level_indicator.0.windows_based_sli + description: | + Basic Service-Level Indicator (SLI) on a well-known service type. + Performance will be computed on the basis of pre-defined metrics. + + SLIs are used to measure and calculate the quality of the Service's + performance with respect to a single aspect of service quality. + + Exactly one of the following must be set: + `basic_sli`, `request_based_sli`, `windows_based_sli` + properties: + - !ruby/object:Api::Type::Array + name: method + description: | + An optional set of RPCs to which this SLI is relevant. + Telemetry from other methods will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + the Service's methods. For service types that don't support + breaking down by method, setting this field will result in an + error. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: location + description: | + An optional set of locations to which this SLI is relevant. + Telemetry from other locations will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + locations in which the Service has activity. For service types + that don't support breaking down by location, setting this + field will result in an error. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: version + description: | + The set of API versions to which this SLI is relevant. + Telemetry from other API versions will not be used to + calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don't support breaking down by version, setting this + field will result in an error. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: latency + description: | + Parameters for a latency threshold SLI. + exactly_one_of: + - service_level_indicator.0.basic_sli.0.latency + - service_level_indicator.0.basic_sli.0.availability + properties: + - !ruby/object:Api::Type::String + required: true + name: threshold + description: | + A duration string, e.g. 10s. + Good service is defined to be the count of requests made to + this service that return in no more than threshold. + - !ruby/object:Api::Type::NestedObject + name: availability + description: | + Availability based SLI, dervied from count of requests made to this service that return successfully. + exactly_one_of: + - service_level_indicator.0.basic_sli.0.latency + - service_level_indicator.0.basic_sli.0.availability + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + default_value: true + description: | + Whether an availability SLI is enabled or not. Must be set to true. Defaults to `true`. + - !ruby/object:Api::Type::NestedObject + name: requestBasedSli + api_name: 'requestBased' + exactly_one_of: + - service_level_indicator.0.basic_sli + - service_level_indicator.0.request_based_sli + - service_level_indicator.0.windows_based_sli + description: | + A request-based SLI defines a SLI for which atomic units of + service are counted directly. + + A SLI describes a good service. + It is used to measure and calculate the quality of the Service's + performance with respect to a single aspect of service quality. + Exactly one of the following must be set: + `basic_sli`, `request_based_sli`, `windows_based_sli` + properties: + # NOTE: If adding properties to requestBasedSli, remember to add to the + # custom updateMask fields in property overrides. + - !ruby/object:Api::Type::NestedObject + name: goodTotalRatio + exactly_one_of: + - service_level_indicator.0.request_based_sli.0.good_total_ratio + - service_level_indicator.0.request_based_sli.0.distribution_cut + description: | + A means to compute a ratio of `good_service` to `total_service`. + Defines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters) + Must specify exactly two of good, bad, and total service filters. + The relationship good_service + bad_service = total_service + will be assumed. + + Exactly one of `distribution_cut` or `good_total_ratio` can be set. + properties: + - !ruby/object:Api::Type::String + name: goodServiceFilter + at_least_one_of: + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.good_service_filter + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.bad_service_filter + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.total_service_filter + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + quantifying good service provided. + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + + Exactly two of `good_service_filter`,`bad_service_filter`,`total_service_filter` + must be set (good + bad = total is assumed). + - !ruby/object:Api::Type::String + name: badServiceFilter + at_least_one_of: + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.good_service_filter + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.bad_service_filter + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.total_service_filter + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + quantifying bad service provided, either demanded service that + was not provided or demanded service that was of inadequate + quality. + + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + + Exactly two of `good_service_filter`,`bad_service_filter`,`total_service_filter` + must be set (good + bad = total is assumed). + - !ruby/object:Api::Type::String + name: totalServiceFilter + at_least_one_of: + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.good_service_filter + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.bad_service_filter + - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.total_service_filter + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + quantifying total demanded service. + + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + + Exactly two of `good_service_filter`,`bad_service_filter`,`total_service_filter` + must be set (good + bad = total is assumed). + - !ruby/object:Api::Type::NestedObject + name: distributionCut + exactly_one_of: + - service_level_indicator.0.request_based_sli.0.good_total_ratio + - service_level_indicator.0.request_based_sli.0.distribution_cut + description: | + Used when good_service is defined by a count of values aggregated in a + Distribution that fall into a good range. The total_service is the + total count of all values aggregated in the Distribution. + Defines a distribution TimeSeries filter and thresholds used for + measuring good service and total service. + + Exactly one of `distribution_cut` or `good_total_ratio` can be set. + properties: + - !ruby/object:Api::Type::String + name: distributionFilter + required: true + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + aggregating values to quantify the good service provided. + + Must have ValueType = DISTRIBUTION and + MetricKind = DELTA or MetricKind = CUMULATIVE. + - !ruby/object:Api::Type::NestedObject + name: range + required: true + description: | + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. + properties: + - !ruby/object:Api::Type::Double + name: min + at_least_one_of: + - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.min + - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.max + description: | + Min value for the range (inclusive). If not given, + will be set to "-infinity", defining an open range + "< range.max" + - !ruby/object:Api::Type::Double + name: max + at_least_one_of: + - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.min + - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.max + description: | + max value for the range (inclusive). If not given, + will be set to "infinity", defining an open range + ">= range.min" + - !ruby/object:Api::Type::NestedObject + name: windowsBasedSli + api_name: 'windowsBased' + exactly_one_of: + - service_level_indicator.0.basic_sli + - service_level_indicator.0.request_based_sli + - service_level_indicator.0.windows_based_sli + description: | + A windows-based SLI defines the criteria for time windows. + good_service is defined based off the count of these time windows + for which the provided service was of good quality. + + A SLI describes a good service. It is used to measure and calculate + the quality of the Service's performance with respect to a single + aspect of service quality. + + Exactly one of the following must be set: + `basic_sli`, `request_based_sli`, `windows_based_sli` + properties: + # NOTE: If adding properties to windowsBasedSli, remember to add to the + # custom updateMask fields in property overrides. + - !ruby/object:Api::Type::String + name: windowPeriod + description: | + Duration over which window quality is evaluated, given as a + duration string "{X}s" representing X seconds. Must be an + integer fraction of a day and at least 60s. + # START window_criterion FIELDS + - !ruby/object:Api::Type::String + name: goodBadMetricFilter + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + with ValueType = BOOL. The window is good if any true values + appear in the window. One of `good_bad_metric_filter`, + `good_total_ratio_threshold`, `metric_mean_in_range`, + `metric_sum_in_range` must be set for `windows_based_sli`. + - !ruby/object:Api::Type::NestedObject + name: goodTotalRatioThreshold + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range + description: | + Criterion that describes a window as good if its performance is + high enough. One of `good_bad_metric_filter`, + `good_total_ratio_threshold`, `metric_mean_in_range`, + `metric_sum_in_range` must be set for `windows_based_sli`. + properties: + - !ruby/object:Api::Type::Double + name: threshold + description: | + If window performance >= threshold, the window is counted + as good. + - !ruby/object:Api::Type::NestedObject + name: performance + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance + description: | + Request-based SLI to evaluate to judge window quality. + properties: + - !ruby/object:Api::Type::NestedObject + name: goodTotalRatio + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut + description: | + A means to compute a ratio of `good_service` to `total_service`. + Defines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters) + Must specify exactly two of good, bad, and total service filters. + The relationship good_service + bad_service = total_service + will be assumed. + properties: + - !ruby/object:Api::Type::String + name: goodServiceFilter + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.good_service_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.bad_service_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.total_service_filter + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + quantifying good service provided. Exactly two of + good, bad, or total service filter must be defined (where + good + bad = total is assumed) + + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + - !ruby/object:Api::Type::String + name: badServiceFilter + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.good_service_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.bad_service_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.total_service_filter + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + quantifying bad service provided, either demanded service that + was not provided or demanded service that was of inadequate + quality. Exactly two of + good, bad, or total service filter must be defined (where + good + bad = total is assumed) + + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + - !ruby/object:Api::Type::String + name: totalServiceFilter + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.good_service_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.bad_service_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.total_service_filter + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + quantifying total demanded service. Exactly two of + good, bad, or total service filter must be defined (where + good + bad = total is assumed) + + Must have ValueType = DOUBLE or ValueType = INT64 and + must have MetricKind = DELTA or MetricKind = CUMULATIVE. + - !ruby/object:Api::Type::NestedObject + name: distributionCut + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut + description: | + Used when good_service is defined by a count of values aggregated in a + Distribution that fall into a good range. The total_service is the + total count of all values aggregated in the Distribution. + Defines a distribution TimeSeries filter and thresholds used for + measuring good service and total service. + properties: + - !ruby/object:Api::Type::String + name: distributionFilter + required: true + description: | + A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + aggregating values to quantify the good service provided. + + Must have ValueType = DISTRIBUTION and + MetricKind = DELTA or MetricKind = CUMULATIVE. + - !ruby/object:Api::Type::NestedObject + name: range + required: true + description: | + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. + properties: + - !ruby/object:Api::Type::Double + name: min + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.min + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.max + description: | + Min value for the range (inclusive). If not given, + will be set to "-infinity", defining an open range + "< range.max" + - !ruby/object:Api::Type::Double + name: max + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.min + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.max + description: | + max value for the range (inclusive). If not given, + will be set to "infinity", defining an open range + ">= range.min" + - !ruby/object:Api::Type::NestedObject + name: basicSliPerformance + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance + description: | + Basic SLI to evaluate to judge window quality. + properties: + - !ruby/object:Api::Type::Array + name: method + description: | + An optional set of RPCs to which this SLI is relevant. + Telemetry from other methods will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + the Service's methods. For service types that don't support + breaking down by method, setting this field will result in an + error. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: location + description: | + An optional set of locations to which this SLI is relevant. + Telemetry from other locations will not be used to calculate + performance for this SLI. If omitted, this SLI applies to all + locations in which the Service has activity. For service types + that don't support breaking down by location, setting this + field will result in an error. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: version + description: | + The set of API versions to which this SLI is relevant. + Telemetry from other API versions will not be used to + calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don't support breaking down by version, setting this + field will result in an error. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: latency + description: | + Parameters for a latency threshold SLI. + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.latency + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.availability + properties: + - !ruby/object:Api::Type::String + required: true + name: threshold + description: | + A duration string, e.g. 10s. + Good service is defined to be the count of requests made to + this service that return in no more than threshold. + - !ruby/object:Api::Type::NestedObject + name: availability + description: | + Availability based SLI, dervied from count of requests made to this service that return successfully. + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.latency + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.availability + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + default_value: true + description: | + Whether an availability SLI is enabled or not. Must be set to `true. Defaults to `true`. + - !ruby/object:Api::Type::NestedObject + name: metricMeanInRange + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range + description: | + Criterion that describes a window as good if the metric's value + is in a good range, *averaged* across returned streams. + One of `good_bad_metric_filter`, + + `good_total_ratio_threshold`, `metric_mean_in_range`, + `metric_sum_in_range` must be set for `windows_based_sli`. + Average value X of `time_series` should satisfy + `range.min <= X <= range.max` for a good window. + properties: + - !ruby/object:Api::Type::String + name: timeSeries + required: true + description: | + A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the TimeSeries to use for evaluating window + The provided TimeSeries must have ValueType = INT64 or + ValueType = DOUBLE and MetricKind = GAUGE. Mean value `X` + should satisfy `range.min <= X <= range.max` + under good service. + - !ruby/object:Api::Type::NestedObject + name: range + required: true + description: | + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. Mean value `X` of `time_series` + values should satisfy `range.min <= X <= range.max` for a + good service. + properties: + - !ruby/object:Api::Type::Double + name: min + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.min + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.max + description: | + Min value for the range (inclusive). If not given, + will be set to "-infinity", defining an open range + "< range.max" + - !ruby/object:Api::Type::Double + name: max + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.min + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.max + description: | + max value for the range (inclusive). If not given, + will be set to "infinity", defining an open range + ">= range.min" + - !ruby/object:Api::Type::NestedObject + name: metricSumInRange + exactly_one_of: + - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter + - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold + - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range + description: | + Criterion that describes a window as good if the metric's value + is in a good range, *summed* across returned streams. + Summed value `X` of `time_series` should satisfy + `range.min <= X <= range.max` for a good window. + + One of `good_bad_metric_filter`, + `good_total_ratio_threshold`, `metric_mean_in_range`, + `metric_sum_in_range` must be set for `windows_based_sli`. + properties: + - !ruby/object:Api::Type::String + name: timeSeries + required: true + description: | + A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the TimeSeries to use for evaluating window + quality. The provided TimeSeries must have + ValueType = INT64 or ValueType = DOUBLE and + MetricKind = GAUGE. + + Summed value `X` should satisfy + `range.min <= X <= range.max` for a good window. + - !ruby/object:Api::Type::NestedObject + name: range + required: true + description: | + Range of numerical values. The computed good_service + will be the count of values x in the Distribution such + that range.min <= x <= range.max. inclusive of min and + max. Open ranges can be defined by setting + just one of min or max. Summed value `X` should satisfy + `range.min <= X <= range.max` for a good window. + properties: + - !ruby/object:Api::Type::Double + name: min + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.min + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.max + description: | + Min value for the range (inclusive). If not given, + will be set to "-infinity", defining an open range + "< range.max" + - !ruby/object:Api::Type::Double + name: max + at_least_one_of: + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.min + - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.max + description: | + max value for the range (inclusive). If not given, + will be set to "infinity", defining an open range + ">= range.min" + # END window_criterion FIELDS diff --git a/mmv1/products/monitoring/UptimeCheckConfig.yaml b/mmv1/products/monitoring/UptimeCheckConfig.yaml new file mode 100644 index 000000000000..5f3f864d56b8 --- /dev/null +++ b/mmv1/products/monitoring/UptimeCheckConfig.yaml @@ -0,0 +1,322 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: UptimeCheckConfig +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/monitoring/uptime-checks/' + api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.uptimeCheckConfigs' +base_url: v3/projects/{{project}}/uptimeCheckConfigs +self_link: "v3/{{name}}" +description: This message configures which resources and services to monitor for + availability. +properties: +- !ruby/object:Api::Type::String + name: name + output: true + description: A unique resource name for this UptimeCheckConfig. The format is projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]. +- !ruby/object:Api::Type::String + name: id + description: The id of the uptime check + output: true +- !ruby/object:Api::Type::String + name: displayName + required: true + description: A human-friendly name for the uptime check configuration. The display + name should be unique within a Stackdriver Workspace in order to make it easier + to identify; however, uniqueness is not enforced. +- !ruby/object:Api::Type::String + name: period + default_value: "300s" + immutable: true + description: How often, in seconds, the uptime check is performed. Currently, + the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), + and 900s (15 minutes). Optional, defaults to 300s. +- !ruby/object:Api::Type::String + name: timeout + required: true + description: The maximum amount of time to wait for the request to complete (must + be between 1 and 60 seconds). + Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration +- !ruby/object:Api::Type::Array + name: contentMatchers + description: The expected content on the page the check is run against. Currently, + only the first entry in the list is supported, and other entries will be ignored. + The server will look for an exact match of the string in the page response's + content. This field is optional and should only be specified if a content match + is required. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: content + description: String or regex content to match (max 1024 bytes) + required: true + - !ruby/object:Api::Type::Enum + name: matcher + description: The type of content matcher that will be applied to the server output, + compared to the content string when the check is run. + default_value: :CONTAINS_STRING + values: + - :CONTAINS_STRING + - :NOT_CONTAINS_STRING + - :MATCHES_REGEX + - :NOT_MATCHES_REGEX + - :MATCHES_JSON_PATH + - :NOT_MATCHES_JSON_PATH + - !ruby/object:Api::Type::NestedObject + name: jsonPathMatcher + description: Information needed to perform a JSONPath content match. + Used for `ContentMatcherOption::MATCHES_JSON_PATH` and + `ContentMatcherOption::NOT_MATCHES_JSON_PATH`. + properties: + - !ruby/object:Api::Type::String + name: jsonPath + description: JSONPath within the response output pointing to the expected + `ContentMatcher::content` to match against. + required: true + - !ruby/object:Api::Type::Enum + name: jsonMatcher + description: Options to perform JSONPath content matching. + default_value: :EXACT_MATCH + values: + - :EXACT_MATCH + - :REGEX_MATCH +- !ruby/object:Api::Type::Array + name: selectedRegions + description: The list of regions from which the check will be run. Some regions + contain one location, and others contain more than one. If this field is specified, + enough regions to include a minimum of 3 locations must be provided, or an error + message is returned. Not specifying this field will result in uptime checks + running from all regions. + item_type: Api::Type::String +- !ruby/object:Api::Type::Enum + name: checkerType + immutable: true + description: The checker type to use for the check. If the monitored resource type + is servicedirectory_service, checkerType must be set to VPC_CHECKERS. + values: + - :STATIC_IP_CHECKERS + - :VPC_CHECKERS +- !ruby/object:Api::Type::NestedObject + name: httpCheck + description: Contains information needed to make an HTTP or HTTPS check. + exactly_one_of: + - http_check + - tcp_check + properties: + - !ruby/object:Api::Type::Enum + name: requestMethod + immutable: true + description: The HTTP request method to use for the check. If set to + METHOD_UNSPECIFIED then requestMethod defaults to GET. + default_value: :GET + values: + - :METHOD_UNSPECIFIED + - :GET + - :POST + - !ruby/object:Api::Type::Enum + name: contentType + description: The content type to use for the check. + values: + - :TYPE_UNSPECIFIED + - :URL_ENCODED + - !ruby/object:Api::Type::NestedObject + name: authInfo + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers + description: The authentication information. Optional when creating an HTTP + check; defaults to empty. + properties: + - !ruby/object:Api::Type::String + name: password + required: true + description: The password to authenticate. + - !ruby/object:Api::Type::String + name: username + required: true + description: The username to authenticate. + - !ruby/object:Api::Type::Integer + name: port + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers + description: The port to the page to run the check against. Will be combined + with host (specified within the MonitoredResource) and path to construct the + full URL. Optional (defaults to 80 without SSL, or 443 with SSL). + - !ruby/object:Api::Type::KeyValuePairs + name: headers + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers + description: The list of headers to send as part of the uptime check request. + If two headers have the same key and different values, they should be entered + as a single header, with the value being a comma-separated list of all the + desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in a Create call + will cause the first to be overwritten by the second. The maximum number of + headers allowed is 100. + - !ruby/object:Api::Type::String + name: path + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers + default_value: "/" + description: The path to the page to run the check against. Will be combined + with the host (specified within the MonitoredResource) and port to construct + the full URL. If the provided path does not begin with "/", a "/" will be prepended + automatically. Optional (defaults to "/"). + - !ruby/object:Api::Type::Boolean + name: useSsl + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers + description: If true, use HTTPS instead of HTTP to run the check. + - !ruby/object:Api::Type::Boolean + name: validateSsl + description: Boolean specifying whether to include SSL certificate validation + as a part of the Uptime check. Only applies to checks where monitoredResource + is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. + - !ruby/object:Api::Type::Boolean + name: maskHeaders + at_least_one_of: + - http_check.0.auth_info + - http_check.0.port + - http_check.0.headers + - http_check.0.path + - http_check.0.use_ssl + - http_check.0.mask_headers + description: Boolean specifying whether to encrypt the header information. + Encryption should be specified for any headers related to authentication that + you do not wish to be seen when retrieving the configuration. The server will + be responsible for encrypting the headers. On Get/List calls, if mask_headers + is set to True then the headers will be obscured with ******. + - !ruby/object:Api::Type::String + name: body + description: The request body associated with the HTTP POST request. If contentType + is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a + Content-Length header via the headers field or the API will do so. If the + requestMethod is GET and body is not empty, the API will return an error. The + maximum byte size is 1 megabyte. Note - As with all bytes fields JSON + representations are base64 encoded. e.g. "foo=bar" in URL-encoded form is + "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". + - !ruby/object:Api::Type::Array + name: acceptedResponseStatusCodes + description: If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: statusValue + description: A status code to accept. + - !ruby/object:Api::Type::Enum + name: statusClass + description: A class of status codes to accept. + values: + - :STATUS_CLASS_1XX + - :STATUS_CLASS_2XX + - :STATUS_CLASS_3XX + - :STATUS_CLASS_4XX + - :STATUS_CLASS_5XX + - :STATUS_CLASS_ANY +- !ruby/object:Api::Type::NestedObject + name: tcpCheck + description: Contains information needed to make a TCP check. + exactly_one_of: + - http_check + - tcp_check + properties: + - !ruby/object:Api::Type::Integer + name: port + required: true + description: The port to the page to run the check against. Will be combined + with host (specified within the MonitoredResource) to construct the full URL. +- !ruby/object:Api::Type::NestedObject + name: resourceGroup + immutable: true + description: The group resource associated with the configuration. + exactly_one_of: + - monitored_resource + - resource_group + properties: + - !ruby/object:Api::Type::Enum + name: resourceType + immutable: true + at_least_one_of: + - resource_group.0.resource_type + - resource_group.0.group_id + description: The resource type of the group members. + values: + - :RESOURCE_TYPE_UNSPECIFIED + - :INSTANCE + - :AWS_ELB_LOAD_BALANCER + - !ruby/object:Api::Type::ResourceRef + name: groupId + immutable: true + at_least_one_of: + - resource_group.0.resource_type + - resource_group.0.group_id + resource: Group + imports: name + description: The group of resources being monitored. Should be the `name` of a group +- !ruby/object:Api::Type::NestedObject + name: monitoredResource + immutable: true + description: 'The monitored resource (https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource types are + supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance + aws_elb_load_balancer k8s_service servicedirectory_service' + exactly_one_of: + - monitored_resource + - resource_group + properties: + - !ruby/object:Api::Type::String + name: type + immutable: true + required: true + description: The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor + (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) + object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see + Monitoring resource types (https://cloud.google.com/monitoring/api/resources) + and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). + - !ruby/object:Api::Type::KeyValuePairs + name: labels + immutable: true + required: true + description: Values for all of the labels listed in the associated + monitored resource descriptor. For example, Compute Engine VM instances use + the labels "project_id", "instance_id", and "zone". + diff --git a/mmv1/products/monitoring/api.yaml b/mmv1/products/monitoring/api.yaml deleted file mode 100644 index a298da5bb4d4..000000000000 --- a/mmv1/products/monitoring/api.yaml +++ /dev/null @@ -1,2285 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- !ruby/object:Api::Product -name: Monitoring -display_name: Cloud (Stackdriver) Monitoring -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://monitoring.googleapis.com/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Stackdriver Monitoring API - url: https://console.cloud.google.com/apis/library/monitoring.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'AlertPolicy' - base_url: v3/projects/{{project}}/alertPolicies - self_link: "v3/{{name}}" - update_verb: :PATCH - update_mask: true - description: | - A description of the conditions under which some aspect of your system is - considered to be "unhealthy" and the ways to notify people or services - about this state. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/monitoring/alerts/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.alertPolicies' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The unique resource name for this policy. - Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID] - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - A short name or phrase used to identify the policy in - dashboards, notifications, and incidents. To avoid confusion, don't use - the same display name for multiple policies in the same project. The - name is limited to 512 Unicode characters. - required: true - - !ruby/object:Api::Type::Enum - name: combiner - description: | - How to combine the results of multiple conditions to - determine if an incident should be opened. - values: - - :AND - - :OR - - :AND_WITH_MATCHING_RESOURCE - required: true - - !ruby/object:Api::Type::NestedObject - name: creationRecord - description: | - A read-only record of the creation of the alerting policy. - If provided in a call to create or update, this field will - be ignored. - output: true - properties: - - !ruby/object:Api::Type::String - name: mutateTime - output: true - description: | - When the change occurred. - - !ruby/object:Api::Type::String - output: true - name: mutatedBy - description: | - The email address of the user making the change. - - !ruby/object:Api::Type::Boolean - name: enabled - default_value: true - send_empty_value: true - description: | - Whether or not the policy is enabled. The default is true. - - !ruby/object:Api::Type::Array - name: 'conditions' - description: | - A list of conditions for the policy. The conditions are combined by - AND or OR according to the combiner field. If the combined conditions - evaluate to true, then an incident is created. A policy can have from - one to six conditions. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: conditionAbsent - description: | - A condition that checks that a time series - continues to receive new data points. - properties: - - !ruby/object:Api::Type::Array - name: aggregations - description: | - Specifies the alignment of data points in - individual time series as well as how to - combine the retrieved time series together - (such as when aggregating multiple streams - on each resource to a single stream for each - resource or when aggregating streams across - all members of a group of resources). - Multiple aggregations are applied in the - order specified. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: perSeriesAligner - description: | - The approach to be used to align - individual time series. Not all - alignment functions may be applied - to all time series, depending on - the metric type and value type of - the original time series. - Alignment may change the metric - type or the value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - values: - - :ALIGN_NONE - - :ALIGN_DELTA - - :ALIGN_RATE - - :ALIGN_INTERPOLATE - - :ALIGN_NEXT_OLDER - - :ALIGN_MIN - - :ALIGN_MAX - - :ALIGN_MEAN - - :ALIGN_COUNT - - :ALIGN_SUM - - :ALIGN_STDDEV - - :ALIGN_COUNT_TRUE - - :ALIGN_COUNT_FALSE - - :ALIGN_FRACTION_TRUE - - :ALIGN_PERCENTILE_99 - - :ALIGN_PERCENTILE_95 - - :ALIGN_PERCENTILE_50 - - :ALIGN_PERCENTILE_05 - - :ALIGN_PERCENT_CHANGE - - !ruby/object:Api::Type::Array - name: groupByFields - description: | - The set of fields to preserve when - crossSeriesReducer is specified. - The groupByFields determine how - the time series are partitioned - into subsets prior to applying the - aggregation function. Each subset - contains time series that have the - same value for each of the - grouping fields. Each individual - time series is a member of exactly - one subset. The crossSeriesReducer - is applied to each subset of time - series. It is not possible to - reduce across different resource - types, so this field implicitly - contains resource.type. Fields not - specified in groupByFields are - aggregated away. If groupByFields - is not specified and all the time - series have the same resource - type, then the time series are - aggregated into a single output - time series. If crossSeriesReducer - is not defined, this field is - ignored. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: alignmentPeriod - description: | - The alignment period for per-time - series alignment. If present, - alignmentPeriod must be at least - 60 seconds. After per-time series - alignment, each time series will - contain data points only on the - period boundaries. If - perSeriesAligner is not specified - or equals ALIGN_NONE, then this - field is ignored. If - perSeriesAligner is specified and - does not equal ALIGN_NONE, then - this field must be defined; - otherwise an error is returned. - - !ruby/object:Api::Type::Enum - name: crossSeriesReducer - description: | - The approach to be used to combine - time series. Not all reducer - functions may be applied to all - time series, depending on the - metric type and the value type of - the original time series. - Reduction may change the metric - type of value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - values: - - :REDUCE_NONE - - :REDUCE_MEAN - - :REDUCE_MIN - - :REDUCE_MAX - - :REDUCE_SUM - - :REDUCE_STDDEV - - :REDUCE_COUNT - - :REDUCE_COUNT_TRUE - - :REDUCE_COUNT_FALSE - - :REDUCE_FRACTION_TRUE - - :REDUCE_PERCENTILE_99 - - :REDUCE_PERCENTILE_95 - - :REDUCE_PERCENTILE_50 - - :REDUCE_PERCENTILE_05 - - !ruby/object:Api::Type::NestedObject - name: trigger - description: | - The number/percent of time series for which - the comparison must hold in order for the - condition to trigger. If unspecified, then - the condition will trigger if the comparison - is true for any of the time series that have - been identified by filter and aggregations. - properties: - - !ruby/object:Api::Type::Double - name: percent - description: | - The percentage of time series that - must fail the predicate for the - condition to be triggered. - - !ruby/object:Api::Type::Integer - name: count - description: | - The absolute number of time series - that must fail the predicate for the - condition to be triggered. - - !ruby/object:Api::Type::String - name: duration - description: | - The amount of time that a time series must - fail to report new data to be considered - failing. Currently, only values that are a - multiple of a minute--e.g. 60s, 120s, or 300s - --are supported. - required: true - - !ruby/object:Api::Type::String - name: filter - description: | - A filter that identifies which time series - should be compared with the threshold.The - filter is similar to the one that is - specified in the - MetricService.ListTimeSeries request (that - call is useful to verify the time series - that will be retrieved / processed) and must - specify the metric type and optionally may - contain restrictions on resource type, - resource labels, and metric labels. This - field may not exceed 2048 Unicode characters - in length. - - !ruby/object:Api::Type::String - name: name - description: | - The unique resource name for this condition. - Its syntax is: - projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] - [CONDITION_ID] is assigned by Stackdriver Monitoring when - the condition is created as part of a new or updated alerting - policy. - output: true - - !ruby/object:Api::Type::NestedObject - name: conditionMonitoringQueryLanguage - description: | - A Monitoring Query Language query that outputs a boolean stream - properties: - - !ruby/object:Api::Type::String - name: query - description: | - Monitoring Query Language query that outputs a boolean stream. - required: true - - !ruby/object:Api::Type::String - name: duration - required: true - description: | - The amount of time that a time series must - violate the threshold to be considered - failing. Currently, only values that are a - multiple of a minute--e.g., 0, 60, 120, or - 300 seconds--are supported. If an invalid - value is given, an error will be returned. - When choosing a duration, it is useful to - keep in mind the frequency of the underlying - time series data (which may also be affected - by any alignments specified in the - aggregations field); a good duration is long - enough so that a single outlier does not - generate spurious alerts, but short enough - that unhealthy states are detected and - alerted on quickly. - - !ruby/object:Api::Type::NestedObject - name: trigger - description: | - The number/percent of time series for which - the comparison must hold in order for the - condition to trigger. If unspecified, then - the condition will trigger if the comparison - is true for any of the time series that have - been identified by filter and aggregations, - or by the ratio, if denominator_filter and - denominator_aggregations are specified. - properties: - - !ruby/object:Api::Type::Double - name: percent - description: | - The percentage of time series that - must fail the predicate for the - condition to be triggered. - - !ruby/object:Api::Type::Integer - name: count - description: | - The absolute number of time series - that must fail the predicate for the - condition to be triggered. - - !ruby/object:Api::Type::Enum - name: evaluationMissingData - description: | - A condition control that determines how - metric-threshold conditions are evaluated when - data stops arriving. - values: - - :EVALUATION_MISSING_DATA_INACTIVE - - :EVALUATION_MISSING_DATA_ACTIVE - - :EVALUATION_MISSING_DATA_NO_OP - - !ruby/object:Api::Type::NestedObject - name: conditionThreshold - description: | - A condition that compares a time series against a - threshold. - properties: - - !ruby/object:Api::Type::Double - name: thresholdValue - description: | - A value against which to compare the time - series. - - !ruby/object:Api::Type::String - name: denominatorFilter - description: | - A filter that identifies a time series that - should be used as the denominator of a ratio - that will be compared with the threshold. If - a denominator_filter is specified, the time - series specified by the filter field will be - used as the numerator.The filter is similar - to the one that is specified in the - MetricService.ListTimeSeries request (that - call is useful to verify the time series - that will be retrieved / processed) and must - specify the metric type and optionally may - contain restrictions on resource type, - resource labels, and metric labels. This - field may not exceed 2048 Unicode characters - in length. - - !ruby/object:Api::Type::Array - name: denominatorAggregations - description: | - Specifies the alignment of data points in - individual time series selected by - denominatorFilter as well as how to combine - the retrieved time series together (such as - when aggregating multiple streams on each - resource to a single stream for each - resource or when aggregating streams across - all members of a group of resources).When - computing ratios, the aggregations and - denominator_aggregations fields must use the - same alignment period and produce time - series that have the same periodicity and - labels.This field is similar to the one in - the MetricService.ListTimeSeries request. It - is advisable to use the ListTimeSeries - method when debugging this field. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: perSeriesAligner - description: | - The approach to be used to align - individual time series. Not all - alignment functions may be applied - to all time series, depending on - the metric type and value type of - the original time series. - Alignment may change the metric - type or the value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - values: - - :ALIGN_NONE - - :ALIGN_DELTA - - :ALIGN_RATE - - :ALIGN_INTERPOLATE - - :ALIGN_NEXT_OLDER - - :ALIGN_MIN - - :ALIGN_MAX - - :ALIGN_MEAN - - :ALIGN_COUNT - - :ALIGN_SUM - - :ALIGN_STDDEV - - :ALIGN_COUNT_TRUE - - :ALIGN_COUNT_FALSE - - :ALIGN_FRACTION_TRUE - - :ALIGN_PERCENTILE_99 - - :ALIGN_PERCENTILE_95 - - :ALIGN_PERCENTILE_50 - - :ALIGN_PERCENTILE_05 - - :ALIGN_PERCENT_CHANGE - - !ruby/object:Api::Type::Array - name: groupByFields - description: | - The set of fields to preserve when - crossSeriesReducer is specified. - The groupByFields determine how - the time series are partitioned - into subsets prior to applying the - aggregation function. Each subset - contains time series that have the - same value for each of the - grouping fields. Each individual - time series is a member of exactly - one subset. The crossSeriesReducer - is applied to each subset of time - series. It is not possible to - reduce across different resource - types, so this field implicitly - contains resource.type. Fields not - specified in groupByFields are - aggregated away. If groupByFields - is not specified and all the time - series have the same resource - type, then the time series are - aggregated into a single output - time series. If crossSeriesReducer - is not defined, this field is - ignored. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: alignmentPeriod - description: | - The alignment period for per-time - series alignment. If present, - alignmentPeriod must be at least - 60 seconds. After per-time series - alignment, each time series will - contain data points only on the - period boundaries. If - perSeriesAligner is not specified - or equals ALIGN_NONE, then this - field is ignored. If - perSeriesAligner is specified and - does not equal ALIGN_NONE, then - this field must be defined; - otherwise an error is returned. - - !ruby/object:Api::Type::Enum - name: crossSeriesReducer - description: | - The approach to be used to combine - time series. Not all reducer - functions may be applied to all - time series, depending on the - metric type and the value type of - the original time series. - Reduction may change the metric - type of value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - values: - - :REDUCE_NONE - - :REDUCE_MEAN - - :REDUCE_MIN - - :REDUCE_MAX - - :REDUCE_SUM - - :REDUCE_STDDEV - - :REDUCE_COUNT - - :REDUCE_COUNT_TRUE - - :REDUCE_COUNT_FALSE - - :REDUCE_FRACTION_TRUE - - :REDUCE_PERCENTILE_99 - - :REDUCE_PERCENTILE_95 - - :REDUCE_PERCENTILE_50 - - :REDUCE_PERCENTILE_05 - - !ruby/object:Api::Type::String - name: duration - required: true - description: | - The amount of time that a time series must - violate the threshold to be considered - failing. Currently, only values that are a - multiple of a minute--e.g., 0, 60, 120, or - 300 seconds--are supported. If an invalid - value is given, an error will be returned. - When choosing a duration, it is useful to - keep in mind the frequency of the underlying - time series data (which may also be affected - by any alignments specified in the - aggregations field); a good duration is long - enough so that a single outlier does not - generate spurious alerts, but short enough - that unhealthy states are detected and - alerted on quickly. - - !ruby/object:Api::Type::Enum - name: comparison - description: | - The comparison to apply between the time - series (indicated by filter and aggregation) - and the threshold (indicated by - threshold_value). The comparison is applied - on each time series, with the time series on - the left-hand side and the threshold on the - right-hand side. Only COMPARISON_LT and - COMPARISON_GT are supported currently. - values: - - :COMPARISON_GT - - :COMPARISON_GE - - :COMPARISON_LT - - :COMPARISON_LE - - :COMPARISON_EQ - - :COMPARISON_NE - required: true - - !ruby/object:Api::Type::NestedObject - name: trigger - description: | - The number/percent of time series for which - the comparison must hold in order for the - condition to trigger. If unspecified, then - the condition will trigger if the comparison - is true for any of the time series that have - been identified by filter and aggregations, - or by the ratio, if denominator_filter and - denominator_aggregations are specified. - properties: - - !ruby/object:Api::Type::Double - name: percent - description: | - The percentage of time series that - must fail the predicate for the - condition to be triggered. - - !ruby/object:Api::Type::Integer - name: count - description: | - The absolute number of time series - that must fail the predicate for the - condition to be triggered. - - !ruby/object:Api::Type::Array - name: aggregations - description: | - Specifies the alignment of data points in - individual time series as well as how to - combine the retrieved time series together - (such as when aggregating multiple streams - on each resource to a single stream for each - resource or when aggregating streams across - all members of a group of resources). - Multiple aggregations are applied in the - order specified.This field is similar to the - one in the MetricService.ListTimeSeries - request. It is advisable to use the - ListTimeSeries method when debugging this - field. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: perSeriesAligner - description: | - The approach to be used to align - individual time series. Not all - alignment functions may be applied - to all time series, depending on - the metric type and value type of - the original time series. - Alignment may change the metric - type or the value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - values: - - :ALIGN_NONE - - :ALIGN_DELTA - - :ALIGN_RATE - - :ALIGN_INTERPOLATE - - :ALIGN_NEXT_OLDER - - :ALIGN_MIN - - :ALIGN_MAX - - :ALIGN_MEAN - - :ALIGN_COUNT - - :ALIGN_SUM - - :ALIGN_STDDEV - - :ALIGN_COUNT_TRUE - - :ALIGN_COUNT_FALSE - - :ALIGN_FRACTION_TRUE - - :ALIGN_PERCENTILE_99 - - :ALIGN_PERCENTILE_95 - - :ALIGN_PERCENTILE_50 - - :ALIGN_PERCENTILE_05 - - :ALIGN_PERCENT_CHANGE - - !ruby/object:Api::Type::Array - name: groupByFields - description: | - The set of fields to preserve when - crossSeriesReducer is specified. - The groupByFields determine how - the time series are partitioned - into subsets prior to applying the - aggregation function. Each subset - contains time series that have the - same value for each of the - grouping fields. Each individual - time series is a member of exactly - one subset. The crossSeriesReducer - is applied to each subset of time - series. It is not possible to - reduce across different resource - types, so this field implicitly - contains resource.type. Fields not - specified in groupByFields are - aggregated away. If groupByFields - is not specified and all the time - series have the same resource - type, then the time series are - aggregated into a single output - time series. If crossSeriesReducer - is not defined, this field is - ignored. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: alignmentPeriod - description: | - The alignment period for per-time - series alignment. If present, - alignmentPeriod must be at least - 60 seconds. After per-time series - alignment, each time series will - contain data points only on the - period boundaries. If - perSeriesAligner is not specified - or equals ALIGN_NONE, then this - field is ignored. If - perSeriesAligner is specified and - does not equal ALIGN_NONE, then - this field must be defined; - otherwise an error is returned. - - !ruby/object:Api::Type::Enum - name: crossSeriesReducer - description: | - The approach to be used to combine - time series. Not all reducer - functions may be applied to all - time series, depending on the - metric type and the value type of - the original time series. - Reduction may change the metric - type of value type of the time - series.Time series data must be - aligned in order to perform cross- - time series reduction. If - crossSeriesReducer is specified, - then perSeriesAligner must be - specified and not equal ALIGN_NONE - and alignmentPeriod must be - specified; otherwise, an error is - returned. - values: - - :REDUCE_NONE - - :REDUCE_MEAN - - :REDUCE_MIN - - :REDUCE_MAX - - :REDUCE_SUM - - :REDUCE_STDDEV - - :REDUCE_COUNT - - :REDUCE_COUNT_TRUE - - :REDUCE_COUNT_FALSE - - :REDUCE_FRACTION_TRUE - - :REDUCE_PERCENTILE_99 - - :REDUCE_PERCENTILE_95 - - :REDUCE_PERCENTILE_50 - - :REDUCE_PERCENTILE_05 - - !ruby/object:Api::Type::String - name: filter - description: | - A filter that identifies which time series - should be compared with the threshold.The - filter is similar to the one that is - specified in the - MetricService.ListTimeSeries request (that - call is useful to verify the time series - that will be retrieved / processed) and must - specify the metric type and optionally may - contain restrictions on resource type, - resource labels, and metric labels. This - field may not exceed 2048 Unicode characters - in length. - - !ruby/object:Api::Type::Enum - name: evaluationMissingData - description: | - A condition control that determines how - metric-threshold conditions are evaluated when - data stops arriving. - values: - - :EVALUATION_MISSING_DATA_INACTIVE - - :EVALUATION_MISSING_DATA_ACTIVE - - :EVALUATION_MISSING_DATA_NO_OP - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - A short name or phrase used to identify the - condition in dashboards, notifications, and - incidents. To avoid confusion, don't use the same - display name for multiple conditions in the same - policy. - - !ruby/object:Api::Type::NestedObject - name: conditionMatchedLog - description: | - A condition that checks for log messages matching given constraints. - If set, no other conditions can be present. - properties: - - !ruby/object:Api::Type::String - name: filter - description: | - A logs-based filter. - required: true - - !ruby/object:Api::Type::KeyValuePairs - name: labelExtractors - description: | - A map from a label key to an extractor expression, which is used to - extract the value for this label key. Each entry in this map is - a specification for how data should be extracted from log entries that - match filter. Each combination of extracted values is treated as - a separate rule for the purposes of triggering notifications. - Label keys and corresponding values can be used in notifications - generated by this condition. - required: true - - !ruby/object:Api::Type::Array - name: 'notificationChannels' - # TODO chrisst - turn this into a resource ref - description: | - Identifies the notification channels to which notifications should be - sent when incidents are opened or closed or when new violations occur - on an already opened incident. Each element of this array corresponds - to the name field in each of the NotificationChannel objects that are - returned from the notificationChannels.list method. The syntax of the - entries in this field is - `projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]` - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: alertStrategy - description: | - Control over how this alert policy's notification channels are notified. - properties: - - !ruby/object:Api::Type::NestedObject - name: notificationRateLimit - description: | - Required for alert policies with a LogMatch condition. - This limit is not implemented for alert policies that are not log-based. - properties: - - !ruby/object:Api::Type::String - name: period - description: | - Not more than one notification per period. - - !ruby/object:Api::Type::String - name: autoClose - description: | - If an alert policy that was active has no data for this long, any open incidents will close. - - !ruby/object:Api::Type::KeyValuePairs - name: userLabels - description: | - This field is intended to be used for organizing and identifying the AlertPolicy - objects.The field can contain up to 64 entries. Each key and value is limited - to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values - can contain only lowercase letters, numerals, underscores, and dashes. Keys - must begin with a letter. - - !ruby/object:Api::Type::NestedObject - name: documentation - description: | - Documentation that is included with notifications and incidents related - to this policy. Best practice is for the documentation to include information - to help responders understand, mitigate, escalate, and correct the underlying - problems detected by the alerting policy. Notification channels that have - limited capacity might not show this documentation. - properties: - - !ruby/object:Api::Type::String - name: content - at_least_one_of: - - documentation.0.content - - documentation.0.mime_type - description: | - The text of the documentation, interpreted according to mimeType. - The content may not exceed 8,192 Unicode characters and may not - exceed more than 10,240 bytes when encoded in UTF-8 format, - whichever is smaller. - - !ruby/object:Api::Type::String - name: mimeType - at_least_one_of: - - documentation.0.content - - documentation.0.mime_type - default_value: text/markdown - description: | - The format of the content field. Presently, only the value - "text/markdown" is supported. - - - !ruby/object:Api::Resource - name: 'Group' - base_url: v3/projects/{{project}}/groups - self_link: "v3/{{name}}" - update_verb: :PUT - description: | - The description of a dynamic collection of monitored resources. Each group - has a filter that is matched against monitored resources and their - associated metadata. If a group's filter matches an available monitored - resource, then that resource is a member of that group. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/monitoring/groups/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.groups' - properties: - - !ruby/object:Api::Type::String - name: parentName - # TODO chrisst - turn into self-reference if possible. - description: | - The name of the group's parent, if it has one. The format is - "projects/{project_id_or_number}/groups/{group_id}". For - groups with no parent, parentName is the empty string, "". - - !ruby/object:Api::Type::String - name: name - description: | - A unique identifier for this group. The format is - "projects/{project_id_or_number}/groups/{group_id}". - output: true - - !ruby/object:Api::Type::Boolean - name: isCluster - description: | - If true, the members of this group are considered to be a - cluster. The system can perform additional analysis on - groups that are clusters. - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - A user-assigned name for this group, used only for display - purposes. - - !ruby/object:Api::Type::String - name: filter - required: true - description: | - The filter used to determine which monitored resources - belong to this group. - - - !ruby/object:Api::Resource - name: NotificationChannel - base_url: v3/projects/{{project}}/notificationChannels - self_link: "v3/{{name}}" - update_verb: :PATCH - description: | - A NotificationChannel is a medium through which an alert is delivered - when a policy violation is detected. Examples of channels include email, SMS, - and third-party messaging applications. Fields containing sensitive information - like authentication tokens or contact info are only partially populated on retrieval. - - Notification Channels are designed to be flexible and are made up of a supported `type` - and labels to configure that channel. Each `type` has specific labels that need to be - present for that channel to be correctly configured. The labels that are required to be - present for one channel `type` are often different than those required for another. - Due to these loose constraints it's often best to set up a channel through the UI - and import to Terraform when setting up a brand new channel type to determine which - labels are required. - - A list of supported channels per project the `list` endpoint can be - accessed programmatically or through the api explorer at https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list . - This provides the channel type and all of the required labels that must be passed. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Notification Options': 'https://cloud.google.com/monitoring/support/notification-options' - 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannels' - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: Configuration fields that define the channel and its behavior. The - permissible and required labels are specified in the NotificationChannelDescriptor.labels - of the NotificationChannelDescriptor corresponding to the type field. - - !ruby/object:Api::Type::NestedObject - name: sensitiveLabels - # This is a helper object for Terraform only - exclude: true - url_param_only: true - description: | - Terraform only field - properties: - - !ruby/object:Api::Type::String - name: authToken - exactly_one_of: - - sensitive_labels.0.auth_token - - sensitive_labels.0.password - - sensitive_labels.0.service_key - description: | - An authorization token for a notification channel. Channel types that support this field include: slack - - !ruby/object:Api::Type::String - name: password - exactly_one_of: - - sensitive_labels.0.auth_token - - sensitive_labels.0.password - - sensitive_labels.0.service_key - description: | - An password for a notification channel. Channel types that support this field include: webhook_basicauth - - !ruby/object:Api::Type::String - name: serviceKey - exactly_one_of: - - sensitive_labels.0.auth_token - - sensitive_labels.0.password - - sensitive_labels.0.service_key - description: | - An servicekey token for a notification channel. Channel types that support this field include: pagerduty - - !ruby/object:Api::Type::String - name: name - description: | - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. - output: true - - !ruby/object:Api::Type::Enum - name: verificationStatus - description: Indicates whether this channel has been verified or not. On a ListNotificationChannels - or GetNotificationChannel operation, this field is expected to be populated.If - the value is UNVERIFIED, then it indicates that the channel is non-functioning - (it both requires verification and lacks verification); otherwise, it is assumed - that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it - implies that the channel is of a type that does not require verification or - that this specific channel has been exempted from verification because it was - created prior to verification being required for channels of this type.This - field cannot be modified using a standard UpdateNotificationChannel operation. - To change the value of this field, you must call VerifyNotificationChannel. - output: true - values: - - :VERIFICATION_STATUS_UNSPECIFIED - - :UNVERIFIED - - :VERIFIED - - !ruby/object:Api::Type::String - name: type - required: true - description: The type of the notification channel. This field matches the value - of the NotificationChannelDescriptor.type field. See - https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... - - !ruby/object:Api::Type::KeyValuePairs - name: userLabels - description: User-supplied key/value data that does not need to conform to the - corresponding NotificationChannelDescriptor's schema, unlike the labels field. - This field is intended to be used for organizing and identifying the NotificationChannel - objects.The field can contain up to 64 entries. Each key and value is limited - to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values - can contain only lowercase letters, numerals, underscores, and dashes. Keys - must begin with a letter. - - !ruby/object:Api::Type::String - name: description - description: An optional human-readable description of this notification channel. - This description may provide additional details, beyond the display name, for - the channel. This may not exceed 1024 Unicode characters. - - !ruby/object:Api::Type::String - name: displayName - description: An optional human-readable name for this notification channel. It - is recommended that you specify a non-empty and unique name in order to make - it easier to identify the channels in your project, though this is not enforced. - The display name is limited to 512 Unicode characters. - - !ruby/object:Api::Type::Boolean - name: enabled - default_value: true - send_empty_value: true - description: Whether notifications are forwarded to the described channel. This - makes it possible to disable delivery of notifications to a particular channel - without removing the channel from all alerting policies that reference the channel. - This is a more convenient approach when the change is temporary and you want - to receive notifications from the same set of alerting policies on the channel - at some point in the future. - - - !ruby/object:Api::Resource - name: Service - base_url: v3/projects/{{project}}/services - create_url: v3/projects/{{project}}/services?serviceId={{service_id}} - self_link: "v3/{{name}}" - update_verb: :PATCH - update_mask: true - description: | - A Service is a discrete, autonomous, and network-accessible unit, - designed to solve an individual concern (Wikipedia). In Cloud Monitoring, - a Service acts as the root resource under which operational aspects of - the service are accessible - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Service Monitoring': 'https://cloud.google.com/monitoring/service-monitoring' - 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services' - parameters: - - !ruby/object:Api::Type::String - name: serviceId - description: | - An optional service ID to use. If not given, the server will generate a - service ID. - input: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The full resource name for this service. The syntax is: - projects/[PROJECT_ID]/services/[SERVICE_ID]. - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - Name used for UI elements listing this Service. - - !ruby/object:Api::Type::KeyValuePairs - name: 'userLabels' - description: | - Labels which have been used to annotate the service. Label keys must start - with a letter. Label keys and values may contain lowercase letters, - numbers, underscores, and dashes. Label keys and values have a maximum - length of 63 characters, and must be less than 128 bytes in size. Up to 64 - label entries may be stored. For labels which do not have a semantic value, - the empty string may be supplied for the label value. - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: telemetry - description: | - Configuration for how to query telemetry on a Service. - properties: - - !ruby/object:Api::Type::String - name: resourceName - description: | - The full name of the resource that defines this service. - Formatted as described in - https://cloud.google.com/apis/design/resource_names. - - - !ruby/object:Api::Resource - name: GenericService - base_url: v3/projects/{{project}}/services - create_url: v3/projects/{{project}}/services?serviceId={{service_id}} - self_link: "v3/projects/{{project}}/services/{{service_id}}" - update_verb: :PATCH - update_mask: true - description: | - A Service is a discrete, autonomous, and network-accessible unit, - designed to solve an individual concern (Wikipedia). In Cloud Monitoring, - a Service acts as the root resource under which operational aspects of - the service are accessible - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Service Monitoring': 'https://cloud.google.com/monitoring/service-monitoring' - 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services' - parameters: - - !ruby/object:Api::Type::String - name: serviceId - description: | - An optional service ID to use. If not given, the server will generate a - service ID. - input: true - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The full resource name for this service. The syntax is: - projects/[PROJECT_ID]/services/[SERVICE_ID]. - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - Name used for UI elements listing this Service. - - !ruby/object:Api::Type::KeyValuePairs - name: 'userLabels' - description: | - Labels which have been used to annotate the service. Label keys must start - with a letter. Label keys and values may contain lowercase letters, - numbers, underscores, and dashes. Label keys and values have a maximum - length of 63 characters, and must be less than 128 bytes in size. Up to 64 - label entries may be stored. For labels which do not have a semantic value, - the empty string may be supplied for the label value. - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: telemetry - description: | - Configuration for how to query telemetry on a Service. - # Non custom service have non-editable telemetry - output: true - properties: - - !ruby/object:Api::Type::String - name: resourceName - description: | - The full name of the resource that defines this service. - Formatted as described in - https://cloud.google.com/apis/design/resource_names. - - !ruby/object:Api::Type::NestedObject - name: basicService - description: | - A well-known service type, defined by its service type and service labels. - Valid values are described at - https://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli - # BasicService info can be set on creation but is then immutable. - input: true - properties: - - !ruby/object:Api::Type::String - name: serviceType - description: | - The type of service that this basic service defines, e.g. - APP_ENGINE service type - - !ruby/object:Api::Type::KeyValuePairs - name: serviceLabels - input: true - description: | - Labels that specify the resource that emits the monitoring data - which is used for SLO reporting of this `Service`. - - - - !ruby/object:Api::Resource - name: Slo - base_url: v3/projects/{{project}}/services/{{service}}/serviceLevelObjectives - # name = projects/{{project}}/services/{{service}}/serviceLevelObjectives/{{slo_id}} - self_link: "v3/{{name}}" - create_url: v3/projects/{{project}}/services/{{service}}/serviceLevelObjectives?serviceLevelObjectiveId={{slo_id}} - update_verb: :PATCH - update_mask: true - description: | - A Service-Level Objective (SLO) describes the level of desired good - service. It consists of a service-level indicator (SLI), a performance - goal, and a period over which the objective is to be evaluated against - that goal. The SLO can use SLIs defined in a number of different manners. - Typical SLOs might include "99% of requests in each rolling week have - latency below 200 milliseconds" or "99.5% of requests in each calendar - month return successfully." - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Service Monitoring': 'https://cloud.google.com/monitoring/service-monitoring' - 'Monitoring API Documentation': 'https://cloud.google.com/monitoring/api/v3/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/services.serviceLevelObjectives' - parameters: - - !ruby/object:Api::Type::String - name: service - required: true - url_param_only: true - input: true - description: | - ID of the service to which this SLO belongs. - - !ruby/object:Api::Type::String - name: sloId - description: | - The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead. - input: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The full resource name for this service. The syntax is: - projects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME] - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - Name used for UI elements listing this SLO. - - !ruby/object:Api::Type::Double - name: goal - required: true - description: | - The fraction of service that must be good in order for this objective - to be met. 0 < goal <= 0.999 - - !ruby/object:Api::Type::Integer - name: rollingPeriodDays - api_name: rollingPeriod - exactly_one_of: - - rolling_period_days - - calendar_period - description: | - A rolling time period, semantically "in the past X days". - Must be between 1 to 30 days, inclusive. - - !ruby/object:Api::Type::Enum - name: calendarPeriod - exactly_one_of: - - rolling_period_days - - calendar_period - description: | - A calendar period, semantically "since the start of the current - ". - values: - - DAY - - WEEK - - FORTNIGHT - - MONTH - - !ruby/object:Api::Type::KeyValuePairs - name: userLabels - description: | - This field is intended to be used for organizing and identifying the AlertPolicy - objects.The field can contain up to 64 entries. Each key and value is limited - to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values - can contain only lowercase letters, numerals, underscores, and dashes. Keys - must begin with a letter. - send_empty_value: true - - !ruby/object:Api::Type::NestedObject - name: serviceLevelIndicator - description: | - serviceLevelIndicator (SLI) describes a good service. - It is used to measure and calculate the quality of the Service's - performance with respect to a single aspect of service quality. - properties: - - !ruby/object:Api::Type::NestedObject - name: basicSli - exactly_one_of: - - service_level_indicator.0.basic_sli - - service_level_indicator.0.request_based_sli - - service_level_indicator.0.windows_based_sli - description: | - Basic Service-Level Indicator (SLI) on a well-known service type. - Performance will be computed on the basis of pre-defined metrics. - - SLIs are used to measure and calculate the quality of the Service's - performance with respect to a single aspect of service quality. - - Exactly one of the following must be set: - `basic_sli`, `request_based_sli`, `windows_based_sli` - properties: - - !ruby/object:Api::Type::Array - name: method - description: | - An optional set of RPCs to which this SLI is relevant. - Telemetry from other methods will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - the Service's methods. For service types that don't support - breaking down by method, setting this field will result in an - error. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: location - description: | - An optional set of locations to which this SLI is relevant. - Telemetry from other locations will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - locations in which the Service has activity. For service types - that don't support breaking down by location, setting this - field will result in an error. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: version - description: | - The set of API versions to which this SLI is relevant. - Telemetry from other API versions will not be used to - calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don't support breaking down by version, setting this - field will result in an error. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: latency - description: | - Parameters for a latency threshold SLI. - exactly_one_of: - - service_level_indicator.0.basic_sli.0.latency - - service_level_indicator.0.basic_sli.0.availability - properties: - - !ruby/object:Api::Type::String - required: true - name: threshold - description: | - A duration string, e.g. 10s. - Good service is defined to be the count of requests made to - this service that return in no more than threshold. - - !ruby/object:Api::Type::NestedObject - name: availability - description: | - Availability based SLI, dervied from count of requests made to this service that return successfully. - exactly_one_of: - - service_level_indicator.0.basic_sli.0.latency - - service_level_indicator.0.basic_sli.0.availability - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - default_value: true - description: | - Whether an availability SLI is enabled or not. Must be set to true. Defaults to `true`. - - !ruby/object:Api::Type::NestedObject - name: requestBasedSli - api_name: 'requestBased' - exactly_one_of: - - service_level_indicator.0.basic_sli - - service_level_indicator.0.request_based_sli - - service_level_indicator.0.windows_based_sli - description: | - A request-based SLI defines a SLI for which atomic units of - service are counted directly. - - A SLI describes a good service. - It is used to measure and calculate the quality of the Service's - performance with respect to a single aspect of service quality. - Exactly one of the following must be set: - `basic_sli`, `request_based_sli`, `windows_based_sli` - properties: - # NOTE: If adding properties to requestBasedSli, remember to add to the - # custom updateMask fields in property overrides. - - !ruby/object:Api::Type::NestedObject - name: goodTotalRatio - exactly_one_of: - - service_level_indicator.0.request_based_sli.0.good_total_ratio - - service_level_indicator.0.request_based_sli.0.distribution_cut - description: | - A means to compute a ratio of `good_service` to `total_service`. - Defines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters) - Must specify exactly two of good, bad, and total service filters. - The relationship good_service + bad_service = total_service - will be assumed. - - Exactly one of `distribution_cut` or `good_total_ratio` can be set. - properties: - - !ruby/object:Api::Type::String - name: goodServiceFilter - at_least_one_of: - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.good_service_filter - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.bad_service_filter - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.total_service_filter - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - quantifying good service provided. - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - - Exactly two of `good_service_filter`,`bad_service_filter`,`total_service_filter` - must be set (good + bad = total is assumed). - - !ruby/object:Api::Type::String - name: badServiceFilter - at_least_one_of: - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.good_service_filter - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.bad_service_filter - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.total_service_filter - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - quantifying bad service provided, either demanded service that - was not provided or demanded service that was of inadequate - quality. - - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - - Exactly two of `good_service_filter`,`bad_service_filter`,`total_service_filter` - must be set (good + bad = total is assumed). - - !ruby/object:Api::Type::String - name: totalServiceFilter - at_least_one_of: - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.good_service_filter - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.bad_service_filter - - service_level_indicator.0.request_based_sli.0.good_total_ratio.0.total_service_filter - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - quantifying total demanded service. - - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - - Exactly two of `good_service_filter`,`bad_service_filter`,`total_service_filter` - must be set (good + bad = total is assumed). - - !ruby/object:Api::Type::NestedObject - name: distributionCut - exactly_one_of: - - service_level_indicator.0.request_based_sli.0.good_total_ratio - - service_level_indicator.0.request_based_sli.0.distribution_cut - description: | - Used when good_service is defined by a count of values aggregated in a - Distribution that fall into a good range. The total_service is the - total count of all values aggregated in the Distribution. - Defines a distribution TimeSeries filter and thresholds used for - measuring good service and total service. - - Exactly one of `distribution_cut` or `good_total_ratio` can be set. - properties: - - !ruby/object:Api::Type::String - name: distributionFilter - required: true - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - aggregating values to quantify the good service provided. - - Must have ValueType = DISTRIBUTION and - MetricKind = DELTA or MetricKind = CUMULATIVE. - - !ruby/object:Api::Type::NestedObject - name: range - required: true - description: | - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. - properties: - - !ruby/object:Api::Type::Double - name: min - at_least_one_of: - - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.min - - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.max - description: | - Min value for the range (inclusive). If not given, - will be set to "-infinity", defining an open range - "< range.max" - - !ruby/object:Api::Type::Double - name: max - at_least_one_of: - - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.min - - service_level_indicator.0.request_based_sli.0.distribution_cut.0.range.0.max - description: | - max value for the range (inclusive). If not given, - will be set to "infinity", defining an open range - ">= range.min" - - !ruby/object:Api::Type::NestedObject - name: windowsBasedSli - api_name: 'windowsBased' - exactly_one_of: - - service_level_indicator.0.basic_sli - - service_level_indicator.0.request_based_sli - - service_level_indicator.0.windows_based_sli - description: | - A windows-based SLI defines the criteria for time windows. - good_service is defined based off the count of these time windows - for which the provided service was of good quality. - - A SLI describes a good service. It is used to measure and calculate - the quality of the Service's performance with respect to a single - aspect of service quality. - - Exactly one of the following must be set: - `basic_sli`, `request_based_sli`, `windows_based_sli` - properties: - # NOTE: If adding properties to windowsBasedSli, remember to add to the - # custom updateMask fields in property overrides. - - !ruby/object:Api::Type::String - name: windowPeriod - description: | - Duration over which window quality is evaluated, given as a - duration string "{X}s" representing X seconds. Must be an - integer fraction of a day and at least 60s. - # START window_criterion FIELDS - - !ruby/object:Api::Type::String - name: goodBadMetricFilter - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - with ValueType = BOOL. The window is good if any true values - appear in the window. One of `good_bad_metric_filter`, - `good_total_ratio_threshold`, `metric_mean_in_range`, - `metric_sum_in_range` must be set for `windows_based_sli`. - - !ruby/object:Api::Type::NestedObject - name: goodTotalRatioThreshold - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range - description: | - Criterion that describes a window as good if its performance is - high enough. One of `good_bad_metric_filter`, - `good_total_ratio_threshold`, `metric_mean_in_range`, - `metric_sum_in_range` must be set for `windows_based_sli`. - properties: - - !ruby/object:Api::Type::Double - name: threshold - description: | - If window performance >= threshold, the window is counted - as good. - - !ruby/object:Api::Type::NestedObject - name: performance - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance - description: | - Request-based SLI to evaluate to judge window quality. - properties: - - !ruby/object:Api::Type::NestedObject - name: goodTotalRatio - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut - description: | - A means to compute a ratio of `good_service` to `total_service`. - Defines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters) - Must specify exactly two of good, bad, and total service filters. - The relationship good_service + bad_service = total_service - will be assumed. - properties: - - !ruby/object:Api::Type::String - name: goodServiceFilter - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.good_service_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.bad_service_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.total_service_filter - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - quantifying good service provided. Exactly two of - good, bad, or total service filter must be defined (where - good + bad = total is assumed) - - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - - !ruby/object:Api::Type::String - name: badServiceFilter - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.good_service_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.bad_service_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.total_service_filter - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - quantifying bad service provided, either demanded service that - was not provided or demanded service that was of inadequate - quality. Exactly two of - good, bad, or total service filter must be defined (where - good + bad = total is assumed) - - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - - !ruby/object:Api::Type::String - name: totalServiceFilter - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.good_service_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.bad_service_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio.0.total_service_filter - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - quantifying total demanded service. Exactly two of - good, bad, or total service filter must be defined (where - good + bad = total is assumed) - - Must have ValueType = DOUBLE or ValueType = INT64 and - must have MetricKind = DELTA or MetricKind = CUMULATIVE. - - !ruby/object:Api::Type::NestedObject - name: distributionCut - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.good_total_ratio - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut - description: | - Used when good_service is defined by a count of values aggregated in a - Distribution that fall into a good range. The total_service is the - total count of all values aggregated in the Distribution. - Defines a distribution TimeSeries filter and thresholds used for - measuring good service and total service. - properties: - - !ruby/object:Api::Type::String - name: distributionFilter - required: true - description: | - A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - aggregating values to quantify the good service provided. - - Must have ValueType = DISTRIBUTION and - MetricKind = DELTA or MetricKind = CUMULATIVE. - - !ruby/object:Api::Type::NestedObject - name: range - required: true - description: | - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. - properties: - - !ruby/object:Api::Type::Double - name: min - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.min - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.max - description: | - Min value for the range (inclusive). If not given, - will be set to "-infinity", defining an open range - "< range.max" - - !ruby/object:Api::Type::Double - name: max - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.min - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance.0.distribution_cut.0.range.0.max - description: | - max value for the range (inclusive). If not given, - will be set to "infinity", defining an open range - ">= range.min" - - !ruby/object:Api::Type::NestedObject - name: basicSliPerformance - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.performance - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance - description: | - Basic SLI to evaluate to judge window quality. - properties: - - !ruby/object:Api::Type::Array - name: method - description: | - An optional set of RPCs to which this SLI is relevant. - Telemetry from other methods will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - the Service's methods. For service types that don't support - breaking down by method, setting this field will result in an - error. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: location - description: | - An optional set of locations to which this SLI is relevant. - Telemetry from other locations will not be used to calculate - performance for this SLI. If omitted, this SLI applies to all - locations in which the Service has activity. For service types - that don't support breaking down by location, setting this - field will result in an error. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: version - description: | - The set of API versions to which this SLI is relevant. - Telemetry from other API versions will not be used to - calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don't support breaking down by version, setting this - field will result in an error. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: latency - description: | - Parameters for a latency threshold SLI. - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.latency - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.availability - properties: - - !ruby/object:Api::Type::String - required: true - name: threshold - description: | - A duration string, e.g. 10s. - Good service is defined to be the count of requests made to - this service that return in no more than threshold. - - !ruby/object:Api::Type::NestedObject - name: availability - description: | - Availability based SLI, dervied from count of requests made to this service that return successfully. - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.latency - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold.0.basic_sli_performance.0.availability - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - default_value: true - description: | - Whether an availability SLI is enabled or not. Must be set to `true. Defaults to `true`. - - !ruby/object:Api::Type::NestedObject - name: metricMeanInRange - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range - description: | - Criterion that describes a window as good if the metric's value - is in a good range, *averaged* across returned streams. - One of `good_bad_metric_filter`, - - `good_total_ratio_threshold`, `metric_mean_in_range`, - `metric_sum_in_range` must be set for `windows_based_sli`. - Average value X of `time_series` should satisfy - `range.min <= X <= range.max` for a good window. - properties: - - !ruby/object:Api::Type::String - name: timeSeries - required: true - description: | - A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the TimeSeries to use for evaluating window - The provided TimeSeries must have ValueType = INT64 or - ValueType = DOUBLE and MetricKind = GAUGE. Mean value `X` - should satisfy `range.min <= X <= range.max` - under good service. - - !ruby/object:Api::Type::NestedObject - name: range - required: true - description: | - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. Mean value `X` of `time_series` - values should satisfy `range.min <= X <= range.max` for a - good service. - properties: - - !ruby/object:Api::Type::Double - name: min - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.min - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.max - description: | - Min value for the range (inclusive). If not given, - will be set to "-infinity", defining an open range - "< range.max" - - !ruby/object:Api::Type::Double - name: max - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.min - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range.0.range.0.max - description: | - max value for the range (inclusive). If not given, - will be set to "infinity", defining an open range - ">= range.min" - - !ruby/object:Api::Type::NestedObject - name: metricSumInRange - exactly_one_of: - - service_level_indicator.0.windows_based_sli.0.good_bad_metric_filter - - service_level_indicator.0.windows_based_sli.0.good_total_ratio_threshold - - service_level_indicator.0.windows_based_sli.0.metric_mean_in_range - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range - description: | - Criterion that describes a window as good if the metric's value - is in a good range, *summed* across returned streams. - Summed value `X` of `time_series` should satisfy - `range.min <= X <= range.max` for a good window. - - One of `good_bad_metric_filter`, - `good_total_ratio_threshold`, `metric_mean_in_range`, - `metric_sum_in_range` must be set for `windows_based_sli`. - properties: - - !ruby/object:Api::Type::String - name: timeSeries - required: true - description: | - A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the TimeSeries to use for evaluating window - quality. The provided TimeSeries must have - ValueType = INT64 or ValueType = DOUBLE and - MetricKind = GAUGE. - - Summed value `X` should satisfy - `range.min <= X <= range.max` for a good window. - - !ruby/object:Api::Type::NestedObject - name: range - required: true - description: | - Range of numerical values. The computed good_service - will be the count of values x in the Distribution such - that range.min <= x <= range.max. inclusive of min and - max. Open ranges can be defined by setting - just one of min or max. Summed value `X` should satisfy - `range.min <= X <= range.max` for a good window. - properties: - - !ruby/object:Api::Type::Double - name: min - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.min - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.max - description: | - Min value for the range (inclusive). If not given, - will be set to "-infinity", defining an open range - "< range.max" - - !ruby/object:Api::Type::Double - name: max - at_least_one_of: - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.min - - service_level_indicator.0.windows_based_sli.0.metric_sum_in_range.0.range.0.max - description: | - max value for the range (inclusive). If not given, - will be set to "infinity", defining an open range - ">= range.min" - # END window_criterion FIELDS - - !ruby/object:Api::Resource - name: UptimeCheckConfig - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/monitoring/uptime-checks/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.uptimeCheckConfigs' - base_url: v3/projects/{{project}}/uptimeCheckConfigs - self_link: "v3/{{name}}" - description: This message configures which resources and services to monitor for - availability. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: A unique resource name for this UptimeCheckConfig. The format is projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]. - - !ruby/object:Api::Type::String - name: id - description: The id of the uptime check - output: true - - !ruby/object:Api::Type::String - name: displayName - required: true - description: A human-friendly name for the uptime check configuration. The display - name should be unique within a Stackdriver Workspace in order to make it easier - to identify; however, uniqueness is not enforced. - - !ruby/object:Api::Type::String - name: period - default_value: "300s" - input: true - description: How often, in seconds, the uptime check is performed. Currently, - the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), - and 900s (15 minutes). Optional, defaults to 300s. - - !ruby/object:Api::Type::String - name: timeout - required: true - description: The maximum amount of time to wait for the request to complete (must - be between 1 and 60 seconds). - Accepted formats https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration - - !ruby/object:Api::Type::Array - name: contentMatchers - description: The expected content on the page the check is run against. Currently, - only the first entry in the list is supported, and other entries will be ignored. - The server will look for an exact match of the string in the page response's - content. This field is optional and should only be specified if a content match - is required. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: content - description: String or regex content to match (max 1024 bytes) - required: true - - !ruby/object:Api::Type::Enum - name: matcher - description: The type of content matcher that will be applied to the server output, - compared to the content string when the check is run. - default_value: :CONTAINS_STRING - values: - - :CONTAINS_STRING - - :NOT_CONTAINS_STRING - - :MATCHES_REGEX - - :NOT_MATCHES_REGEX - - :MATCHES_JSON_PATH - - :NOT_MATCHES_JSON_PATH - - !ruby/object:Api::Type::NestedObject - name: jsonPathMatcher - description: Information needed to perform a JSONPath content match. - Used for `ContentMatcherOption::MATCHES_JSON_PATH` and - `ContentMatcherOption::NOT_MATCHES_JSON_PATH`. - properties: - - !ruby/object:Api::Type::String - name: jsonPath - description: JSONPath within the response output pointing to the expected - `ContentMatcher::content` to match against. - required: true - - !ruby/object:Api::Type::Enum - name: jsonMatcher - description: Options to perform JSONPath content matching. - default_value: :EXACT_MATCH - values: - - :EXACT_MATCH - - :REGEX_MATCH - - !ruby/object:Api::Type::Array - name: selectedRegions - description: The list of regions from which the check will be run. Some regions - contain one location, and others contain more than one. If this field is specified, - enough regions to include a minimum of 3 locations must be provided, or an error - message is returned. Not specifying this field will result in uptime checks - running from all regions. - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: checkerType - input: true - description: The checker type to use for the check. If the monitored resource type - is servicedirectory_service, checkerType must be set to VPC_CHECKERS. - values: - - :STATIC_IP_CHECKERS - - :VPC_CHECKERS - - !ruby/object:Api::Type::NestedObject - name: httpCheck - description: Contains information needed to make an HTTP or HTTPS check. - exactly_one_of: - - http_check - - tcp_check - properties: - - !ruby/object:Api::Type::Enum - name: requestMethod - input: true - description: The HTTP request method to use for the check. If set to - METHOD_UNSPECIFIED then requestMethod defaults to GET. - default_value: :GET - values: - - :METHOD_UNSPECIFIED - - :GET - - :POST - - !ruby/object:Api::Type::Enum - name: contentType - description: The content type to use for the check. - values: - - :TYPE_UNSPECIFIED - - :URL_ENCODED - - !ruby/object:Api::Type::NestedObject - name: authInfo - at_least_one_of: - - http_check.0.auth_info - - http_check.0.port - - http_check.0.headers - - http_check.0.path - - http_check.0.use_ssl - - http_check.0.mask_headers - description: The authentication information. Optional when creating an HTTP - check; defaults to empty. - properties: - - !ruby/object:Api::Type::String - name: password - required: true - description: The password to authenticate. - - !ruby/object:Api::Type::String - name: username - required: true - description: The username to authenticate. - - !ruby/object:Api::Type::Integer - name: port - at_least_one_of: - - http_check.0.auth_info - - http_check.0.port - - http_check.0.headers - - http_check.0.path - - http_check.0.use_ssl - - http_check.0.mask_headers - description: The port to the page to run the check against. Will be combined - with host (specified within the MonitoredResource) and path to construct the - full URL. Optional (defaults to 80 without SSL, or 443 with SSL). - - !ruby/object:Api::Type::KeyValuePairs - name: headers - at_least_one_of: - - http_check.0.auth_info - - http_check.0.port - - http_check.0.headers - - http_check.0.path - - http_check.0.use_ssl - - http_check.0.mask_headers - description: The list of headers to send as part of the uptime check request. - If two headers have the same key and different values, they should be entered - as a single header, with the value being a comma-separated list of all the - desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in a Create call - will cause the first to be overwritten by the second. The maximum number of - headers allowed is 100. - - !ruby/object:Api::Type::String - name: path - at_least_one_of: - - http_check.0.auth_info - - http_check.0.port - - http_check.0.headers - - http_check.0.path - - http_check.0.use_ssl - - http_check.0.mask_headers - default_value: "/" - description: The path to the page to run the check against. Will be combined - with the host (specified within the MonitoredResource) and port to construct - the full URL. If the provided path does not begin with "/", a "/" will be prepended - automatically. Optional (defaults to "/"). - - !ruby/object:Api::Type::Boolean - name: useSsl - at_least_one_of: - - http_check.0.auth_info - - http_check.0.port - - http_check.0.headers - - http_check.0.path - - http_check.0.use_ssl - - http_check.0.mask_headers - description: If true, use HTTPS instead of HTTP to run the check. - - !ruby/object:Api::Type::Boolean - name: validateSsl - description: Boolean specifying whether to include SSL certificate validation - as a part of the Uptime check. Only applies to checks where monitoredResource - is set to uptime_url. If useSsl is false, setting validateSsl to true has no effect. - - !ruby/object:Api::Type::Boolean - name: maskHeaders - at_least_one_of: - - http_check.0.auth_info - - http_check.0.port - - http_check.0.headers - - http_check.0.path - - http_check.0.use_ssl - - http_check.0.mask_headers - description: Boolean specifying whether to encrypt the header information. - Encryption should be specified for any headers related to authentication that - you do not wish to be seen when retrieving the configuration. The server will - be responsible for encrypting the headers. On Get/List calls, if mask_headers - is set to True then the headers will be obscured with ******. - - !ruby/object:Api::Type::String - name: body - description: The request body associated with the HTTP POST request. If contentType - is URL_ENCODED, the body passed in must be URL-encoded. Users can provide a - Content-Length header via the headers field or the API will do so. If the - requestMethod is GET and body is not empty, the API will return an error. The - maximum byte size is 1 megabyte. Note - As with all bytes fields JSON - representations are base64 encoded. e.g. "foo=bar" in URL-encoded form is - "foo%3Dbar" and in base64 encoding is "Zm9vJTI1M0RiYXI=". - - !ruby/object:Api::Type::Array - name: acceptedResponseStatusCodes - description: If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: statusValue - description: A status code to accept. - - !ruby/object:Api::Type::Enum - name: statusClass - description: A class of status codes to accept. - values: - - :STATUS_CLASS_1XX - - :STATUS_CLASS_2XX - - :STATUS_CLASS_3XX - - :STATUS_CLASS_4XX - - :STATUS_CLASS_5XX - - :STATUS_CLASS_ANY - - !ruby/object:Api::Type::NestedObject - name: tcpCheck - description: Contains information needed to make a TCP check. - exactly_one_of: - - http_check - - tcp_check - properties: - - !ruby/object:Api::Type::Integer - name: port - required: true - description: The port to the page to run the check against. Will be combined - with host (specified within the MonitoredResource) to construct the full URL. - - !ruby/object:Api::Type::NestedObject - name: resourceGroup - input: true - description: The group resource associated with the configuration. - exactly_one_of: - - monitored_resource - - resource_group - properties: - - !ruby/object:Api::Type::Enum - name: resourceType - input: true - at_least_one_of: - - resource_group.0.resource_type - - resource_group.0.group_id - description: The resource type of the group members. - values: - - :RESOURCE_TYPE_UNSPECIFIED - - :INSTANCE - - :AWS_ELB_LOAD_BALANCER - - !ruby/object:Api::Type::ResourceRef - name: groupId - input: true - at_least_one_of: - - resource_group.0.resource_type - - resource_group.0.group_id - resource: Group - imports: name - description: The group of resources being monitored. Should be the `name` of a group - - !ruby/object:Api::Type::NestedObject - name: monitoredResource - input: true - description: 'The monitored resource (https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource types are - supported for uptime checks: uptime_url gce_instance gae_app aws_ec2_instance - aws_elb_load_balancer k8s_service servicedirectory_service' - exactly_one_of: - - monitored_resource - - resource_group - properties: - - !ruby/object:Api::Type::String - name: type - input: true - required: true - description: The monitored resource type. This field must match the type field of a MonitoredResourceDescriptor - (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) - object. For example, the type of a Compute Engine VM instance is gce_instance. For a list of types, see - Monitoring resource types (https://cloud.google.com/monitoring/api/resources) - and Logging resource types (https://cloud.google.com/logging/docs/api/v2/resource-list). - - !ruby/object:Api::Type::KeyValuePairs - name: labels - input: true - required: true - description: Values for all of the labels listed in the associated - monitored resource descriptor. For example, Compute Engine VM instances use - the labels "project_id", "instance_id", and "zone". - - - !ruby/object:Api::Resource - name: MetricDescriptor - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/monitoring/custom-metrics/' - api: 'https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors' - base_url: v3/projects/{{project}}/metricDescriptors - self_link: "v3/{{name}}" - update_verb: :POST - update_url: v3/projects/{{project}}/metricDescriptors - description: Defines a metric type and its schema. Once a metric descriptor is created, - deleting or altering it stops data collection and makes the metric type's existing data - unusable. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: The resource name of the metric descriptor. - - !ruby/object:Api::Type::String - name: type - input: true - required: true - description: The metric type, including its DNS name prefix. The type is not - URL-encoded. All service defined metrics must be prefixed with the service name, - in the format of {service name}/{relative metric name}, such as - cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must - have only upper and lower-case letters, digits, '/' and underscores '_' are - allowed. Additionally, the maximum number of characters allowed for the - relative_metric_name is 100. All user-defined metric types have the DNS name - custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/. - - !ruby/object:Api::Type::Array - name: labels - description: The set of labels that can be used to describe a specific instance of this - metric type. In order to delete a label, the entire resource must be deleted, - then created with the desired labels. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: key - required: true - description: The key for this label. The key must not exceed 100 characters. The - first character of the key must be an upper- or lower-case letter, the remaining - characters must be letters, digits or underscores, and the key must match the - regular expression [a-zA-Z][a-zA-Z0-9_]* - - !ruby/object:Api::Type::Enum - name: valueType - description: The type of data that can be assigned to the label. - default_value: :STRING - values: - - :STRING - - :BOOL - - :INT64 - - !ruby/object:Api::Type::String - name: description - description: A human-readable description for the label. - - !ruby/object:Api::Type::Enum - name: metricKind - input: true - required: true - description: Whether the metric records instantaneous values, changes to a value, etc. - Some combinations of metricKind and valueType might not be supported. - values: - - :METRIC_KIND_UNSPECIFIED - - :GAUGE - - :DELTA - - :CUMULATIVE - - !ruby/object:Api::Type::Enum - name: valueType - input: true - required: true - description: Whether the measurement is an integer, a floating-point number, etc. Some - combinations of metricKind and valueType might not be supported. - values: - - :BOOL - - :INT64 - - :DOUBLE - - :STRING - - :DISTRIBUTION - - !ruby/object:Api::Type::String - name: unit - input: true - description: | - The units in which the metric value is reported. It is only applicable if the - valueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of - the stored metric values. - - Different systems may scale the values to be more easily displayed (so a value of - 0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as - 3.5MBy). However, if the unit is KBy, then the value of the metric is always in - thousands of bytes, no matter how it may be displayed. - - If you want a custom metric to record the exact number of CPU-seconds used by a job, - you can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently - 1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as - 12005. - - Alternatively, if you want a custom metric to record data in a more granular way, you - can create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value - 12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024). - The supported units are a subset of The Unified Code for Units of Measure standard. - More info can be found in the API documentation - (https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors). - - !ruby/object:Api::Type::String - name: description - input: true - required: true - description: A detailed description of the metric, which can be used in documentation. - - !ruby/object:Api::Type::String - name: displayName - input: true - required: true - description: A concise name for the metric, which can be displayed in user interfaces. - Use sentence case without an ending period, for example "Request count". - - !ruby/object:Api::Type::NestedObject - name: metadata - input: true - description: Metadata which can be used to guide usage of the metric. - properties: - - !ruby/object:Api::Type::String - name: samplePeriod - at_least_one_of: - - metadata.0.sample_period - - metadata.0.ingest_delay - description: The sampling period of metric data points. For metrics which are - written periodically, consecutive data points are stored at this time interval, - excluding data loss due to errors. Metrics with a higher granularity have a - smaller sampling period. In - `[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)`. - - !ruby/object:Api::Type::String - name: ingestDelay - at_least_one_of: - - metadata.0.sample_period - - metadata.0.ingest_delay - description: The delay of data points caused by ingestion. Data points older than - this age are guaranteed to be ingested and available to be read, excluding data - loss due to errors. In - `[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?&_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)`. - - !ruby/object:Api::Type::Enum - name: launchStage - input: true - description: The launch stage of the metric definition. - values: - - :LAUNCH_STAGE_UNSPECIFIED - - :UNIMPLEMENTED - - :PRELAUNCH - - :EARLY_ACCESS - - :ALPHA - - :BETA - - :GA - - :DEPRECATED - - !ruby/object:Api::Type::Array - name: monitoredResourceTypes - output: true - description: If present, then a time series, which is identified partially by - a metric type and a MonitoredResourceDescriptor, that is associated with this metric - type can only be associated with one of the monitored resource types listed here. - This field allows time series to be associated with the intersection of this metric - type and the monitored resource types in this list. - item_type: Api::Type::String diff --git a/mmv1/products/monitoring/product.yaml b/mmv1/products/monitoring/product.yaml new file mode 100644 index 000000000000..deb7651d44fa --- /dev/null +++ b/mmv1/products/monitoring/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- !ruby/object:Api::Product +name: Monitoring +display_name: Cloud (Stackdriver) Monitoring +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://monitoring.googleapis.com/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Stackdriver Monitoring API + url: https://console.cloud.google.com/apis/library/monitoring.googleapis.com/ diff --git a/mmv1/products/networkmanagement/ConnectivityTest.yaml b/mmv1/products/networkmanagement/ConnectivityTest.yaml new file mode 100644 index 000000000000..253dd282b3de --- /dev/null +++ b/mmv1/products/networkmanagement/ConnectivityTest.yaml @@ -0,0 +1,182 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ConnectivityTest' +base_url: projects/{{project}}/locations/global/connectivityTests +create_url: projects/{{project}}/locations/global/connectivityTests?testId={{name}} +update_verb: :PATCH +update_mask: true +description: | + A connectivity test are a static analysis of your resource configurations + that enables you to evaluate connectivity to and from Google Cloud + resources in your Virtual Private Cloud (VPC) network. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/network-intelligence-center/docs' + api: 'https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests' +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: true + method_name_separator: ':' + parent_resource_attribute: 'connectivityTest' + import_format: ["projects/{{project}}/locations/global/connectivityTests/{{connectivityTest}}", "{{connectivityTest}}"] +properties: + - !ruby/object:Api::Type::String + name: name + description: |- + Unique name for the connectivity test. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: description + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. + - !ruby/object:Api::Type::NestedObject + name: 'source' + required: true + description: | + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + - !ruby/object:Api::Type::String + name: ipAddress + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + - !ruby/object:Api::Type::Integer + name: port + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + - !ruby/object:Api::Type::String + name: instance + description: |- + A Compute Engine instance URI. + - !ruby/object:Api::Type::String + name: network + description: |- + A Compute Engine network URI. + - !ruby/object:Api::Type::Enum + name: networkType + description: |- + Type of the network where the endpoint is located. + values: + - :GCP_NETWORK + - :NON_GCP_NETWORK + - !ruby/object:Api::Type::String + name: projectId + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + - !ruby/object:Api::Type::NestedObject + name: 'destination' + required: true + description: | + Required. Destination specification of the Connectivity Test. + + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. + properties: + - !ruby/object:Api::Type::String + name: ipAddress + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + - !ruby/object:Api::Type::Integer + name: port + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + - !ruby/object:Api::Type::String + name: instance + description: |- + A Compute Engine instance URI. + - !ruby/object:Api::Type::String + name: network + description: |- + A Compute Engine network URI. + - !ruby/object:Api::Type::String + name: projectId + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + - !ruby/object:Api::Type::String + name: protocol + description: |- + IP Protocol of the test. When not provided, "TCP" is assumed. + default_value: "TCP" + - !ruby/object:Api::Type::Array + name: relatedProjects + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + item_type: Api::Type::String + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user-provided metadata. + diff --git a/mmv1/products/networkmanagement/api.yaml b/mmv1/products/networkmanagement/api.yaml deleted file mode 100644 index 7c1781b9b9d8..000000000000 --- a/mmv1/products/networkmanagement/api.yaml +++ /dev/null @@ -1,212 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: NetworkManagement -display_name: NetworkManagement -scopes: - - https://www.googleapis.com/auth/cloud-platform -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://networkmanagement.googleapis.com/v1/ -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Network Management API - url: https://console.cloud.google.com/apis/library/networkmanagement.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'ConnectivityTest' - base_url: projects/{{project}}/locations/global/connectivityTests - create_url: projects/{{project}}/locations/global/connectivityTests?testId={{name}} - update_verb: :PATCH - update_mask: true - description: | - A connectivity test are a static analysis of your resource configurations - that enables you to evaluate connectivity to and from Google Cloud - resources in your Virtual Private Cloud (VPC) network. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/network-intelligence-center/docs' - api: 'https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/reference/networkmanagement/rest/v1/projects.locations.global.connectivityTests' - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: true - method_name_separator: ':' - parent_resource_attribute: 'connectivityTest' - import_format: ["projects/{{project}}/locations/global/connectivityTests/{{connectivityTest}}", "{{connectivityTest}}"] - properties: - - !ruby/object:Api::Type::String - name: name - description: |- - Unique name for the connectivity test. - required: true - input: true - - !ruby/object:Api::Type::String - name: description - description: |- - The user-supplied description of the Connectivity Test. - Maximum of 512 characters. - - !ruby/object:Api::Type::NestedObject - name: 'source' - required: true - description: | - Required. Source specification of the Connectivity Test. - - You can use a combination of source IP address, virtual machine - (VM) instance, or Compute Engine network to uniquely identify the - source location. - - Examples: If the source IP address is an internal IP address within - a Google Cloud Virtual Private Cloud (VPC) network, then you must - also specify the VPC network. Otherwise, specify the VM instance, - which already contains its internal IP address and VPC network - information. - - If the source of the test is within an on-premises network, then - you must provide the destination VPC network. - - If the source endpoint is a Compute Engine VM instance with multiple - network interfaces, the instance itself is not sufficient to - identify the endpoint. So, you must also specify the source IP - address or VPC network. - - A reachability analysis proceeds even if the source location is - ambiguous. However, the test result may include endpoints that - you don't intend to test. - properties: - - !ruby/object:Api::Type::String - name: ipAddress - description: |- - The IP address of the endpoint, which can be an external or - internal IP. An IPv6 address is only allowed when the test's - destination is a global load balancer VIP. - - !ruby/object:Api::Type::Integer - name: port - description: |- - The IP protocol port of the endpoint. Only applicable when - protocol is TCP or UDP. - - !ruby/object:Api::Type::String - name: instance - description: |- - A Compute Engine instance URI. - - !ruby/object:Api::Type::String - name: network - description: |- - A Compute Engine network URI. - - !ruby/object:Api::Type::Enum - name: networkType - description: |- - Type of the network where the endpoint is located. - values: - - :GCP_NETWORK - - :NON_GCP_NETWORK - - !ruby/object:Api::Type::String - name: projectId - description: |- - Project ID where the endpoint is located. The Project ID can be - derived from the URI if you provide a VM instance or network URI. - The following are two cases where you must provide the project ID: - - 1. Only the IP address is specified, and the IP address is - within a GCP project. - 2. When you are using Shared VPC and the IP address - that you provide is from the service project. In this case, - the network that the IP address resides in is defined in the - host project. - - !ruby/object:Api::Type::NestedObject - name: 'destination' - required: true - description: | - Required. Destination specification of the Connectivity Test. - - You can use a combination of destination IP address, Compute - Engine VM instance, or VPC network to uniquely identify the - destination location. - - Even if the destination IP address is not unique, the source IP - location is unique. Usually, the analysis can infer the destination - endpoint from route information. - - If the destination you specify is a VM instance and the instance has - multiple network interfaces, then you must also specify either a - destination IP address or VPC network to identify the destination - interface. - - A reachability analysis proceeds even if the destination location - is ambiguous. However, the result can include endpoints that you - don't intend to test. - properties: - - !ruby/object:Api::Type::String - name: ipAddress - description: |- - The IP address of the endpoint, which can be an external or - internal IP. An IPv6 address is only allowed when the test's - destination is a global load balancer VIP. - - !ruby/object:Api::Type::Integer - name: port - description: |- - The IP protocol port of the endpoint. Only applicable when - protocol is TCP or UDP. - - !ruby/object:Api::Type::String - name: instance - description: |- - A Compute Engine instance URI. - - !ruby/object:Api::Type::String - name: network - description: |- - A Compute Engine network URI. - - !ruby/object:Api::Type::String - name: projectId - description: |- - Project ID where the endpoint is located. The Project ID can be - derived from the URI if you provide a VM instance or network URI. - The following are two cases where you must provide the project ID: - 1. Only the IP address is specified, and the IP address is within - a GCP project. 2. When you are using Shared VPC and the IP address - that you provide is from the service project. In this case, the - network that the IP address resides in is defined in the host - project. - - !ruby/object:Api::Type::String - name: protocol - description: |- - IP Protocol of the test. When not provided, "TCP" is assumed. - default_value: "TCP" - - !ruby/object:Api::Type::Array - name: relatedProjects - description: |- - Other projects that may be relevant for reachability analysis. - This is applicable to scenarios where a test can cross project - boundaries. - item_type: Api::Type::String - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Resource labels to represent user-provided metadata. diff --git a/mmv1/products/networkmanagement/product.yaml b/mmv1/products/networkmanagement/product.yaml new file mode 100644 index 000000000000..90d8be0e69ba --- /dev/null +++ b/mmv1/products/networkmanagement/product.yaml @@ -0,0 +1,43 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: NetworkManagement +display_name: NetworkManagement +scopes: + - https://www.googleapis.com/auth/cloud-platform +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://networkmanagement.googleapis.com/v1/ +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Network Management API + url: https://console.cloud.google.com/apis/library/networkmanagement.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/networkservices/EdgeCacheKeyset.yaml b/mmv1/products/networkservices/EdgeCacheKeyset.yaml new file mode 100644 index 000000000000..64526a4320f9 --- /dev/null +++ b/mmv1/products/networkservices/EdgeCacheKeyset.yaml @@ -0,0 +1,118 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EdgeCacheKeyset' +base_url: 'projects/{{project}}/locations/global/edgeCacheKeysets' +create_url: 'projects/{{project}}/locations/global/edgeCacheKeysets?edgeCacheKeysetId={{name}}' +self_link: 'projects/{{project}}/locations/global/edgeCacheKeysets/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + EdgeCacheKeyset represents a collection of public keys used for validating signed requests. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'Set of label tags associated with the EdgeCache resource.' + - !ruby/object:Api::Type::Array + name: publicKeys + description: | + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify `public_keys` or `validation_shared_keys` (or both). The keys in `public_keys` are checked first. + You may specify no more than one Google-managed public key. + If you specify `public_keys`, you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + min_size: 1 + max_size: 3 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + description: | + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + - !ruby/object:Api::Type::String + name: 'value' + description: | + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. + - !ruby/object:Api::Type::Boolean + name: 'managed' + description: | + Set to true to have the CDN automatically manage this public key value. + at_least_one_of: + - public_key + - validation_shared_keys + - !ruby/object:Api::Type::Array + name: 'validationSharedKeys' + description: | + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add `validation_shared_keys` to a keyset. + You can rotate keys by appending (pushing) a new key to the list of `validation_shared_keys` and removing any superseded keys. + You must specify `public_keys` or `validation_shared_keys` (or both). The keys in `public_keys` are checked first. + min_size: 1 + max_size: 3 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'secretVersion' + required: true + description: | + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format `projects/*/secrets/*/versions/*` where the `*` values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + at_least_one_of: + - public_key + - validation_shared_keys diff --git a/mmv1/products/networkservices/EdgeCacheOrigin.yaml b/mmv1/products/networkservices/EdgeCacheOrigin.yaml new file mode 100644 index 000000000000..cb0cf2e7d530 --- /dev/null +++ b/mmv1/products/networkservices/EdgeCacheOrigin.yaml @@ -0,0 +1,298 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EdgeCacheOrigin' +base_url: 'projects/{{project}}/locations/global/edgeCacheOrigins' +create_url: 'projects/{{project}}/locations/global/edgeCacheOrigins?edgeCacheOriginId={{name}}' +self_link: 'projects/{{project}}/locations/global/edgeCacheOrigins/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + EdgeCacheOrigin represents a HTTP-reachable backend for an EdgeCacheService. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'Set of label tags associated with the EdgeCache resource.' + - !ruby/object:Api::Type::String + name: 'originAddress' + required: true + description: | + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. + - !ruby/object:Api::Type::Enum + name: 'protocol' # default http2 from api + description: | + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. + values: + - :HTTP2 + - :HTTPS + - :HTTP + - !ruby/object:Api::Type::Integer + name: 'port' # default from api + description: | + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + - !ruby/object:Api::Type::Integer + name: 'maxAttempts' + description: | + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + - !ruby/object:Api::Type::String + name: 'failoverOrigin' + description: | + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + - !ruby/object:Api::Type::Array + name: 'retryConditions' # default CONNECT_FAILURE from api + description: | + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). + item_type: !ruby/object:Api::Type::Enum + name: 'undefined' + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + values: + - :CONNECT_FAILURE + - :HTTP_5XX + - :GATEWAY_ERROR + - :RETRIABLE_4XX + - :NOT_FOUND + - :FORBIDDEN + - !ruby/object:Api::Type::NestedObject + name: 'timeout' + description: | + The connection and HTTP timeout configuration for this origin. + properties: + - !ruby/object:Api::Type::String + name: 'connectTimeout' + description: | + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + + at_least_one_of: + - timeout.0.connect_timeout + - timeout.0.max_attempts_timeout + - timeout.0.response_timeout + - timeout.0.read_timeout + - !ruby/object:Api::Type::String + name: 'maxAttemptsTimeout' + description: | + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + at_least_one_of: + - timeout.0.connect_timeout + - timeout.0.max_attempts_timeout + - timeout.0.response_timeout + - timeout.0.read_timeout + - !ruby/object:Api::Type::String + name: 'responseTimeout' + description: | + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. + at_least_one_of: + - timeout.0.connect_timeout + - timeout.0.max_attempts_timeout + - timeout.0.response_timeout + - timeout.0.read_timeout + - !ruby/object:Api::Type::String + name: 'readTimeout' + description: | + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. + + If the response headers have already been written to the connection, the response will be truncated and logged. + at_least_one_of: + - timeout.0.connect_timeout + - timeout.0.max_attempts_timeout + - timeout.0.response_timeout + - timeout.0.read_timeout + - !ruby/object:Api::Type::NestedObject + name: 'awsV4Authentication' + description: | + Enable AWS Signature Version 4 origin authentication. + properties: + - !ruby/object:Api::Type::String + name: 'accessKeyId' + required: true + description: | + The access key ID your origin uses to identify the key. + - !ruby/object:Api::Type::String + name: 'secretAccessKeyVersion' + required: true + description: | + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format `projects/*/secrets/*/versions/*` where the `*` values are replaced by the project, secret, and version you require. + - !ruby/object:Api::Type::String + name: 'originRegion' + required: true + description: | + The name of the AWS region that your origin is in. + - !ruby/object:Api::Type::NestedObject + name: 'originOverrideAction' + description: | + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'urlRewrite' + description: | + The URL rewrite configuration for request that are + handled by this origin. + properties: + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + - !ruby/object:Api::Type::NestedObject + name: 'headerAction' + description: | + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + - !ruby/object:Api::Type::Array + name: requestHeadersToAdd + description: | + Describes a header to add. + + You may add a maximum of 5 request headers. + min_size: 1 + max_size: 5 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'headerName' + required: true + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: 'headerValue' + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: 'replace' + description: | + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set `replace` to `true`. + - !ruby/object:Api::Type::NestedObject + name: 'originRedirect' + description: | + Follow redirects from this origin. + properties: + - !ruby/object:Api::Type::Array + name: 'redirectConditions' + description: | + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + max_size: 5 + item_type: Api::Type::String diff --git a/mmv1/products/networkservices/EdgeCacheService.yaml b/mmv1/products/networkservices/EdgeCacheService.yaml new file mode 100644 index 000000000000..a192a8e43ade --- /dev/null +++ b/mmv1/products/networkservices/EdgeCacheService.yaml @@ -0,0 +1,820 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'EdgeCacheService' +base_url: 'projects/{{project}}/locations/global/edgeCacheServices' +create_url: 'projects/{{project}}/locations/global/edgeCacheServices?edgeCacheServiceId={{name}}' +self_link: 'projects/{{project}}/locations/global/edgeCacheServices/{{name}}' +update_verb: :PATCH +update_mask: true +description: | + EdgeCacheService defines the IP addresses, protocols, security policies, cache policies and routing configuration. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + Name of the resource; provided by the client when the resource is created. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, + and all following characters must be a dash, underscore, letter or digit. +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: 'Set of label tags associated with the EdgeCache resource.' + - !ruby/object:Api::Type::Boolean + name: disableQuic # default from api + description: | + HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + - !ruby/object:Api::Type::Boolean + name: disableHttp2 # default from api + description: | + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + - !ruby/object:Api::Type::Boolean + name: requireTls # default from api + description: | + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + - !ruby/object:Api::Type::Array + name: edgeSslCertificates + description: | + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + max_size: 5 + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'sslPolicy' + description: | + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. + - !ruby/object:Api::Type::Array + name: ipv4Addresses + output: true + description: | + The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: ipv6Addresses + output: true + description: | + The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'routing' + required: true + description: | + Defines how requests are routed, modified, cached and/or which origin content is filled from. + properties: + - !ruby/object:Api::Type::Array + name: hostRules + description: | + The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply. + min_size: 1 + max_size: 5 + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: description + description: | + A human-readable description of the hostRule. + - !ruby/object:Api::Type::Array + name: hosts + required: true + min_size: 1 + max_size: 10 + description: | + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ``www.foo.com``. + 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. + 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. + 4. Special wildcard ``*`` matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. The longest wildcards match first. Only a single host in the entire service can match on ``*``. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: pathMatcher + required: true + description: | + The name of the pathMatcher associated with this hostRule. + - !ruby/object:Api::Type::Array + name: pathMatchers + description: | + The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion. + min_size: 1 + max_size: 10 + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: | + The name to which this PathMatcher is referred by the HostRule. + - !ruby/object:Api::Type::String + name: description + description: | + A human-readable description of the resource. + - !ruby/object:Api::Type::Array + name: routeRules + description: | + The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods. + min_size: 1 + max_size: 64 + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: priority + required: true + description: | + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + - !ruby/object:Api::Type::String + name: description + description: | + A human-readable description of the routeRule. + - !ruby/object:Api::Type::Array + name: matchRules + description: | + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + min_size: 1 + max_size: 5 + required: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Boolean + name: ignoreCase # default from api + description: | + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + - !ruby/object:Api::Type::Array + name: headerMatches + min_size: 1 + max_size: 3 + description: | + Specifies a list of header match criteria, all of which must match corresponding headers in the request. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: headerName + required: true + description: | + The header name to match on. + - !ruby/object:Api::Type::Boolean + name: presentMatch + description: | + A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value. + - !ruby/object:Api::Type::String + name: exactMatch + description: | + The value of the header should exactly match contents of exactMatch. + - !ruby/object:Api::Type::String + name: prefixMatch + description: | + The value of the header must start with the contents of prefixMatch. + - !ruby/object:Api::Type::String + name: suffixMatch + description: | + The value of the header must end with the contents of suffixMatch. + - !ruby/object:Api::Type::Boolean + name: invertMatch # default from api + description: | + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + - !ruby/object:Api::Type::Array + name: queryParameterMatches + min_size: 1 + max_size: 5 + description: | + Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: | + The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails. + - !ruby/object:Api::Type::Boolean + name: presentMatch + description: | + Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. + - !ruby/object:Api::Type::String + name: exactMatch + description: | + The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. + - !ruby/object:Api::Type::String + name: prefixMatch + description: | + For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. + - !ruby/object:Api::Type::String + name: pathTemplateMatch + description: | + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + - !ruby/object:Api::Type::String + name: fullPathMatch + description: | + For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. + # TODO: (scottsuarez) conflicts also won't work for array path matchers yet, uncomment here once supported. + # conflicts: + # - Routing.PathMatcher.RouteRule.prefixMatch + - !ruby/object:Api::Type::NestedObject + name: headerAction + description: | + The header actions, including adding & removing headers, for requests that match this route. + properties: + - !ruby/object:Api::Type::Array + name: requestHeadersToAdd + description: | + Describes a header to add. + min_size: 1 + max_size: 5 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: headerName + required: true + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: headerValue + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: replace # default from api + description: | + Whether to replace all existing headers with the same name. + - !ruby/object:Api::Type::Array + name: responseHeadersToAdd + description: | + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + min_size: 1 + max_size: 5 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: headerName + required: true + description: | + The name of the header to add. + - !ruby/object:Api::Type::String + name: headerValue + required: true + description: | + The value of the header to add. + - !ruby/object:Api::Type::Boolean + name: replace # default from api + description: | + Whether to replace all existing headers with the same name. + - !ruby/object:Api::Type::Array + name: requestHeadersToRemove + description: | + A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin. + min_size: 1 + max_size: 10 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: headerName + required: true + description: | + The name of the header to remove. + - !ruby/object:Api::Type::Array + name: responseHeadersToRemove + description: | + A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin. + min_size: 1 + max_size: 10 + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: headerName + required: true + description: | + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + - !ruby/object:Api::Type::NestedObject + name: routeAction + description: | + In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin. + properties: + - !ruby/object:Api::Type::NestedObject + name: cdnPolicy + description: | + The policy to use for defining caching and signed request behaviour for requests that match this route. + properties: + - !ruby/object:Api::Type::Enum + name: 'cacheMode' # default from api + description: | + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. + values: + - :CACHE_ALL_STATIC + - :USE_ORIGIN_HEADERS + - :FORCE_CACHE_ALL + - :BYPASS_CACHE + - !ruby/object:Api::Type::String + name: 'clientTtl' + description: | + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + - !ruby/object:Api::Type::String + name: 'defaultTtl' # defalt from api + description: | + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + - !ruby/object:Api::Type::String + name: 'maxTtl' # defalt from api + description: | + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + - !ruby/object:Api::Type::NestedObject + name: 'cacheKeyPolicy' + description: | + Defines the request parameters that contribute to the cache key. + properties: + - !ruby/object:Api::Type::Boolean + name: includeProtocol # default from api + description: | + If true, http and https requests will be cached separately. + - !ruby/object:Api::Type::Boolean + name: excludeQueryString + description: | + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + - !ruby/object:Api::Type::Boolean + name: excludeHost # default from api + description: | + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + - !ruby/object:Api::Type::Array + name: includedQueryParameters + description: | + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + max_size: 10 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: excludedQueryParameters + description: | + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + max_size: 10 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: includedHeaderNames + description: | + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + max_size: 5 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: includedCookieNames + description: | + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + max_size: 3 + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'negativeCaching' + description: | + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy + - !ruby/object:Api::Type::KeyValuePairs + name: 'negativeCachingPolicy' + description: | + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + - !ruby/object:Api::Type::Enum + name: 'signedRequestMode' # default from api + description: | + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. + values: + - :DISABLED + - :REQUIRE_SIGNATURES + - :REQUIRE_TOKENS + - !ruby/object:Api::Type::String + name: 'signedRequestKeyset' # resource ref, EdgeCacheKeyset? + description: | + The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge. + - !ruby/object:Api::Type::NestedObject + name: 'signedTokenOptions' + description: | + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + - !ruby/object:Api::Type::String + name: 'tokenQueryParameter' + description: | + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression `[a-zA-Z]([a-zA-Z0-9_-])*` which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to `edge-cache-token`. + - !ruby/object:Api::Type::Array + name: 'allowedSignatureAlgorithms' + description: | + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. + max_size: 3 + item_type: !ruby/object:Api::Type::Enum + name: 'allowedSignatureAlgorithm' + description: | + The signed request signature algorithm to use. + values: + - :ED25519 + - :HMAC_SHA_256 + - :HMAC_SHA1 + - !ruby/object:Api::Type::NestedObject + name: 'addSignatures' + description: | + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + - !ruby/object:Api::Type::Array + name: actions + description: | + The actions to take to add signatures to responses. + required: true + max_size: 1 + item_type: !ruby/object:Api::Type::Enum + name: action + description: | + The ways a signature can be manipulated in a response. + values: + - :GENERATE_COOKIE + - :GENERATE_TOKEN_HLS_COOKIELESS + - :PROPAGATE_TOKEN_HLS_COOKIELESS + - !ruby/object:Api::Type::String + name: 'keyset' + description: | + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * `projects/project/locations/global/edgeCacheKeysets/yourKeyset` + * `yourKeyset` + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + - !ruby/object:Api::Type::String + name: tokenTtl + description: | + The duration the token is valid starting from the moment the token is first generated. + + Defaults to `86400s` (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: 'tokenQueryParameter' + description: | + The query parameter in which to put the generated token. + + If not specified, defaults to `edge-cache-token`. + + If specified, the name must be 1-64 characters long and match the regular expression `[a-zA-Z]([a-zA-Z0-9_-])*` which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + - !ruby/object:Api::Type::Array + name: 'copiedParameters' + description: | + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * `PathGlobs` + * `paths` + * `acl` + * `URLPrefix` + * `IPRanges` + * `SessionID` + * `id` + * `Data` + * `data` + * `payload` + * `Headers` + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'signedRequestMaximumExpirationTtl' + description: | + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + - !ruby/object:Api::Type::NestedObject + name: urlRewrite + description: | + The URL rewrite configuration for requests that match this route. + properties: + - !ruby/object:Api::Type::String + name: 'pathPrefixRewrite' + description: | + Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite. + - !ruby/object:Api::Type::String + name: 'hostRewrite' + description: | + Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite. + - !ruby/object:Api::Type::String + name: 'pathTemplateRewrite' + description: | + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + - !ruby/object:Api::Type::NestedObject + name: corsPolicy + description: | + CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set. + properties: + - !ruby/object:Api::Type::String + name: 'maxAge' + required: true + description: | + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::Boolean + name: 'allowCredentials' + description: | + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + - !ruby/object:Api::Type::Array + name: allowOrigins + description: | + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + max_size: 25 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: allowMethods + description: | + Specifies the content for the Access-Control-Allow-Methods response header. + max_size: 5 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: allowHeaders + description: | + Specifies the content for the Access-Control-Allow-Headers response header. + max_size: 5 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: exposeHeaders + description: | + Specifies the content for the Access-Control-Allow-Headers response header. + max_size: 5 + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'disabled' + description: | + If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. + - !ruby/object:Api::Type::String + name: origin + description: | + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + - !ruby/object:Api::Type::NestedObject + name: urlRedirect + description: | + The URL redirect configuration for requests that match this route. + properties: + - !ruby/object:Api::Type::String + name: hostRedirect + description: | + The host that will be used in the redirect response instead of the one that was supplied in the request. + - !ruby/object:Api::Type::String + name: pathRedirect + description: | + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + - !ruby/object:Api::Type::String + name: prefixRedirect + description: | + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + - !ruby/object:Api::Type::Enum + name: 'redirectResponseCode' # default from api + description: | + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - `MOVED_PERMANENTLY_DEFAULT`, which is the default value and corresponds to 301. + - `FOUND`, which corresponds to 302. + - `SEE_OTHER` which corresponds to 303. + - `TEMPORARY_REDIRECT`, which corresponds to 307. in this case, the request method will be retained. + - `PERMANENT_REDIRECT`, which corresponds to 308. in this case, the request method will be retained. + values: + - :MOVED_PERMANENTLY_DEFAULT + - :FOUND + - :SEE_OTHER + - :TEMPORARY_REDIRECT + - :PERMANENT_REDIRECT + - !ruby/object:Api::Type::Boolean + name: 'httpsRedirect' # default from api + description: | + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + - !ruby/object:Api::Type::Boolean + name: 'stripQuery' # default from api + description: | + If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. + - !ruby/object:Api::Type::NestedObject + name: 'logConfig' + description: | + Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging. + properties: + - !ruby/object:Api::Type::Boolean + name: 'enable' #default from api + required: true + description: | + Specifies whether to enable logging for traffic served by this service. + - !ruby/object:Api::Type::Double + name: 'sampleRate' + description: | + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + - !ruby/object:Api::Type::String + name: 'edgeSecurityPolicy' + description: | + Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService. + diff --git a/mmv1/products/networkservices/api.yaml b/mmv1/products/networkservices/api.yaml deleted file mode 100644 index 016694e3a219..000000000000 --- a/mmv1/products/networkservices/api.yaml +++ /dev/null @@ -1,1225 +0,0 @@ -# Copyright 2021 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: NetworkServices -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://networkservices.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://networkservices.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-identity -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Network Services API - url: https://console.cloud.google.com/apis/library/networkservices.googleapis.com -objects: - - !ruby/object:Api::Resource - name: 'EdgeCacheKeyset' - base_url: 'projects/{{project}}/locations/global/edgeCacheKeysets' - create_url: 'projects/{{project}}/locations/global/edgeCacheKeysets?edgeCacheKeysetId={{name}}' - self_link: 'projects/{{project}}/locations/global/edgeCacheKeysets/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - EdgeCacheKeyset represents a collection of public keys used for validating signed requests. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 30 - update_minutes: 30 - delete_minutes: 30 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - url_param_only: true - description: | - Name of the resource; provided by the client when the resource is created. - The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, - and all following characters must be a dash, underscore, letter or digit. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'Set of label tags associated with the EdgeCache resource.' - - !ruby/object:Api::Type::Array - name: publicKeys - description: | - An ordered list of Ed25519 public keys to use for validating signed requests. - You must specify `public_keys` or `validation_shared_keys` (or both). The keys in `public_keys` are checked first. - You may specify no more than one Google-managed public key. - If you specify `public_keys`, you must specify at least one (1) key and may specify up to three (3) keys. - - Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. - Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. - min_size: 1 - max_size: 3 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - description: | - The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. - The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* - which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. - - !ruby/object:Api::Type::String - name: 'value' - description: | - The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). - Representations or encodings of the public key other than this will be rejected with an error. - - !ruby/object:Api::Type::Boolean - name: 'managed' - description: | - Set to true to have the CDN automatically manage this public key value. - at_least_one_of: - - public_key - - validation_shared_keys - - !ruby/object:Api::Type::Array - name: 'validationSharedKeys' - description: | - An ordered list of shared keys to use for validating signed requests. - Shared keys are secret. Ensure that only authorized users can add `validation_shared_keys` to a keyset. - You can rotate keys by appending (pushing) a new key to the list of `validation_shared_keys` and removing any superseded keys. - You must specify `public_keys` or `validation_shared_keys` (or both). The keys in `public_keys` are checked first. - min_size: 1 - max_size: 3 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'secretVersion' - required: true - description: | - The name of the secret version in Secret Manager. - - The resource name of the secret version must be in the format `projects/*/secrets/*/versions/*` where the `*` values are replaced by the secrets themselves. - The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. - * If you are using HMAC-SHA1, we suggest 20-byte secrets. - * If you are using HMAC-SHA256, we suggest 32-byte secrets. - See RFC 2104, Section 3 for more details on these recommendations. - at_least_one_of: - - public_key - - validation_shared_keys - - !ruby/object:Api::Resource - name: 'EdgeCacheOrigin' - base_url: 'projects/{{project}}/locations/global/edgeCacheOrigins' - create_url: 'projects/{{project}}/locations/global/edgeCacheOrigins?edgeCacheOriginId={{name}}' - self_link: 'projects/{{project}}/locations/global/edgeCacheOrigins/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - EdgeCacheOrigin represents a HTTP-reachable backend for an EdgeCacheService. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 60 - update_minutes: 60 - delete_minutes: 60 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - url_param_only: true - description: | - Name of the resource; provided by the client when the resource is created. - The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, - and all following characters must be a dash, underscore, letter or digit. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'Set of label tags associated with the EdgeCache resource.' - - !ruby/object:Api::Type::String - name: 'originAddress' - required: true - description: | - A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. - - This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname - - When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. - If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. - - !ruby/object:Api::Type::Enum - name: 'protocol' # default http2 from api - description: | - The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. - - When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. - values: - - :HTTP2 - - :HTTPS - - :HTTP - - !ruby/object:Api::Type::Integer - name: 'port' # default from api - description: | - The port to connect to the origin on. - Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. - - !ruby/object:Api::Type::Integer - name: 'maxAttempts' - description: | - The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. - - Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, - retryConditions and failoverOrigin to control its own cache fill failures. - - The total number of allowed attempts to cache fill across this and failover origins is limited to four. - The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. - - The last valid, non-retried response from all origins will be returned to the client. - If no origin returns a valid response, an HTTP 502 will be returned to the client. - - Defaults to 1. Must be a value greater than 0 and less than 4. - - !ruby/object:Api::Type::String - name: 'failoverOrigin' - description: | - The Origin resource to try when the current origin cannot be reached. - After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. - - The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. - A reference to a Topic resource. - - !ruby/object:Api::Type::Array - name: 'retryConditions' # default CONNECT_FAILURE from api - description: | - Specifies one or more retry conditions for the configured origin. - - If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), - the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. - - The default retryCondition is "CONNECT_FAILURE". - - retryConditions apply to this origin, and not subsequent failoverOrigin(s), - which may specify their own retryConditions and maxAttempts. - - Valid values are: - - - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. - - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. - - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. - - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) - - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. - - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). - item_type: !ruby/object:Api::Type::Enum - name: 'undefined' - description: | - This field only has a name and description because of MM - limitations. It should not appear in downstreams. - values: - - :CONNECT_FAILURE - - :HTTP_5XX - - :GATEWAY_ERROR - - :RETRIABLE_4XX - - :NOT_FOUND - - :FORBIDDEN - - !ruby/object:Api::Type::NestedObject - name: 'timeout' - description: | - The connection and HTTP timeout configuration for this origin. - properties: - - !ruby/object:Api::Type::String - name: 'connectTimeout' - description: | - The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. - - Defaults to 5 seconds. The timeout must be a value between 1s and 15s. - - The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. - - at_least_one_of: - - timeout.0.connect_timeout - - timeout.0.max_attempts_timeout - - timeout.0.response_timeout - - timeout.0.read_timeout - - !ruby/object:Api::Type::String - name: 'maxAttemptsTimeout' - description: | - The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. - - Defaults to 15 seconds. The timeout must be a value between 1s and 30s. - - If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. - at_least_one_of: - - timeout.0.connect_timeout - - timeout.0.max_attempts_timeout - - timeout.0.response_timeout - - timeout.0.read_timeout - - !ruby/object:Api::Type::String - name: 'responseTimeout' - description: | - The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. - - Defaults to 30 seconds. The timeout must be a value between 1s and 120s. - - The responseTimeout starts after the connection has been established. - - This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. - - If the response headers have already been written to the connection, the response will be truncated and logged. - at_least_one_of: - - timeout.0.connect_timeout - - timeout.0.max_attempts_timeout - - timeout.0.response_timeout - - timeout.0.read_timeout - - !ruby/object:Api::Type::String - name: 'readTimeout' - description: | - The maximum duration to wait between reads of a single HTTP connection/stream. - - Defaults to 15 seconds. The timeout must be a value between 1s and 30s. - - The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - - If the response headers have already been written to the connection, the response will be truncated and logged. - at_least_one_of: - - timeout.0.connect_timeout - - timeout.0.max_attempts_timeout - - timeout.0.response_timeout - - timeout.0.read_timeout - - !ruby/object:Api::Type::NestedObject - name: 'awsV4Authentication' - description: | - Enable AWS Signature Version 4 origin authentication. - properties: - - !ruby/object:Api::Type::String - name: 'accessKeyId' - required: true - description: | - The access key ID your origin uses to identify the key. - - !ruby/object:Api::Type::String - name: 'secretAccessKeyVersion' - required: true - description: | - The Secret Manager secret version of the secret access key used by your origin. - - This is the resource name of the secret version in the format `projects/*/secrets/*/versions/*` where the `*` values are replaced by the project, secret, and version you require. - - !ruby/object:Api::Type::String - name: 'originRegion' - required: true - description: | - The name of the AWS region that your origin is in. - - !ruby/object:Api::Type::NestedObject - name: 'originOverrideAction' - description: | - The override actions, including url rewrites and header - additions, for requests that use this origin. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'urlRewrite' - description: | - The URL rewrite configuration for request that are - handled by this origin. - properties: - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected - origin, the request's host header is replaced with - contents of the hostRewrite. - - This value must be between 1 and 255 characters. - - !ruby/object:Api::Type::NestedObject - name: 'headerAction' - description: | - The header actions, including adding and removing - headers, for request handled by this origin. - properties: - - !ruby/object:Api::Type::Array - name: requestHeadersToAdd - description: | - Describes a header to add. - - You may add a maximum of 5 request headers. - min_size: 1 - max_size: 5 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'headerName' - required: true - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: 'headerValue' - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: 'replace' - description: | - Whether to replace all existing headers with the same name. - - By default, added header values are appended - to the response or request headers with the - same field names. The added values are - separated by commas. - - To overwrite existing values, set `replace` to `true`. - - !ruby/object:Api::Type::NestedObject - name: 'originRedirect' - description: | - Follow redirects from this origin. - properties: - - !ruby/object:Api::Type::Array - name: 'redirectConditions' - description: | - The set of redirect response codes that the CDN - follows. Values of - [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) - are accepted. - max_size: 5 - item_type: Api::Type::String - - !ruby/object:Api::Resource - name: 'EdgeCacheService' - base_url: 'projects/{{project}}/locations/global/edgeCacheServices' - create_url: 'projects/{{project}}/locations/global/edgeCacheServices?edgeCacheServiceId={{name}}' - self_link: 'projects/{{project}}/locations/global/edgeCacheServices/{{name}}' - update_verb: :PATCH - update_mask: true - description: | - EdgeCacheService defines the IP addresses, protocols, security policies, cache policies and routing configuration. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 30 - update_minutes: 30 - delete_minutes: 30 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - url_param_only: true - description: | - Name of the resource; provided by the client when the resource is created. - The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter, - and all following characters must be a dash, underscore, letter or digit. - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: 'Set of label tags associated with the EdgeCache resource.' - - !ruby/object:Api::Type::Boolean - name: disableQuic # default from api - description: | - HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. - - !ruby/object:Api::Type::Boolean - name: disableHttp2 # default from api - description: | - Disables HTTP/2. - - HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. - - Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. - - !ruby/object:Api::Type::Boolean - name: requireTls # default from api - description: | - Require TLS (HTTPS) for all clients connecting to this service. - - Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). - You must have at least one (1) edgeSslCertificate specified to enable this. - - !ruby/object:Api::Type::Array - name: edgeSslCertificates - description: | - URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. - - Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. - max_size: 5 - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'sslPolicy' - description: | - URL of the SslPolicy resource that will be associated with the EdgeCacheService. - - If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. - - !ruby/object:Api::Type::Array - name: ipv4Addresses - output: true - description: | - The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: ipv6Addresses - output: true - description: | - The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'routing' - required: true - description: | - Defines how requests are routed, modified, cached and/or which origin content is filled from. - properties: - - !ruby/object:Api::Type::Array - name: hostRules - description: | - The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply. - min_size: 1 - max_size: 5 - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: description - description: | - A human-readable description of the hostRule. - - !ruby/object:Api::Type::Array - name: hosts - required: true - min_size: 1 - max_size: 10 - description: | - The list of host patterns to match. - - Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. - - When multiple hosts are specified, hosts are matched in the following priority: - - 1. Exact domain names: ``www.foo.com``. - 2. Suffix domain wildcards: ``*.foo.com`` or ``*-bar.foo.com``. - 3. Prefix domain wildcards: ``foo.*`` or ``foo-*``. - 4. Special wildcard ``*`` matching any domain. - - Notes: - - The wildcard will not match the empty string. e.g. ``*-bar.foo.com`` will match ``baz-bar.foo.com`` but not ``-bar.foo.com``. The longest wildcards match first. Only a single host in the entire service can match on ``*``. A domain must be unique across all configured hosts within a service. - - Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. - - You may specify up to 10 hosts. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: pathMatcher - required: true - description: | - The name of the pathMatcher associated with this hostRule. - - !ruby/object:Api::Type::Array - name: pathMatchers - description: | - The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion. - min_size: 1 - max_size: 10 - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: | - The name to which this PathMatcher is referred by the HostRule. - - !ruby/object:Api::Type::String - name: description - description: | - A human-readable description of the resource. - - !ruby/object:Api::Type::Array - name: routeRules - description: | - The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods. - min_size: 1 - max_size: 64 - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: priority - required: true - description: | - The priority of this route rule, where 1 is the highest priority. - - You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. - - Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers - to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. - - !ruby/object:Api::Type::String - name: description - description: | - A human-readable description of the routeRule. - - !ruby/object:Api::Type::Array - name: matchRules - description: | - The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates - within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. - min_size: 1 - max_size: 5 - required: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Boolean - name: ignoreCase # default from api - description: | - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - - !ruby/object:Api::Type::Array - name: headerMatches - min_size: 1 - max_size: 3 - description: | - Specifies a list of header match criteria, all of which must match corresponding headers in the request. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: headerName - required: true - description: | - The header name to match on. - - !ruby/object:Api::Type::Boolean - name: presentMatch - description: | - A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value. - - !ruby/object:Api::Type::String - name: exactMatch - description: | - The value of the header should exactly match contents of exactMatch. - - !ruby/object:Api::Type::String - name: prefixMatch - description: | - The value of the header must start with the contents of prefixMatch. - - !ruby/object:Api::Type::String - name: suffixMatch - description: | - The value of the header must end with the contents of suffixMatch. - - !ruby/object:Api::Type::Boolean - name: invertMatch # default from api - description: | - If set to false (default), the headerMatch is considered a match if the match criteria above are met. - If set to true, the headerMatch is considered a match if the match criteria above are NOT met. - - !ruby/object:Api::Type::Array - name: queryParameterMatches - min_size: 1 - max_size: 5 - description: | - Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: | - The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails. - - !ruby/object:Api::Type::Boolean - name: presentMatch - description: | - Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. - - !ruby/object:Api::Type::String - name: exactMatch - description: | - The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. - - !ruby/object:Api::Type::String - name: prefixMatch - description: | - For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. - - !ruby/object:Api::Type::String - name: pathTemplateMatch - description: | - For satisfying the matchRule condition, the path of the request - must match the wildcard pattern specified in pathTemplateMatch - after removing any query parameters and anchor that may be part - of the original URL. - - pathTemplateMatch must be between 1 and 255 characters - (inclusive). The pattern specified by pathTemplateMatch may - have at most 5 wildcard operators and at most 5 variable - captures in total. - - !ruby/object:Api::Type::String - name: fullPathMatch - description: | - For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. - # TODO: (scottsuarez) conflicts also won't work for array path matchers yet, uncomment here once supported. - # conflicts: - # - Routing.PathMatcher.RouteRule.prefixMatch - - !ruby/object:Api::Type::NestedObject - name: headerAction - description: | - The header actions, including adding & removing headers, for requests that match this route. - properties: - - !ruby/object:Api::Type::Array - name: requestHeadersToAdd - description: | - Describes a header to add. - min_size: 1 - max_size: 5 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: headerName - required: true - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: headerValue - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: replace # default from api - description: | - Whether to replace all existing headers with the same name. - - !ruby/object:Api::Type::Array - name: responseHeadersToAdd - description: | - Headers to add to the response prior to sending it back to the client. - - Response headers are only sent to the client, and do not have an effect on the cache serving the response. - min_size: 1 - max_size: 5 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: headerName - required: true - description: | - The name of the header to add. - - !ruby/object:Api::Type::String - name: headerValue - required: true - description: | - The value of the header to add. - - !ruby/object:Api::Type::Boolean - name: replace # default from api - description: | - Whether to replace all existing headers with the same name. - - !ruby/object:Api::Type::Array - name: requestHeadersToRemove - description: | - A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin. - min_size: 1 - max_size: 10 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: headerName - required: true - description: | - The name of the header to remove. - - !ruby/object:Api::Type::Array - name: responseHeadersToRemove - description: | - A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin. - min_size: 1 - max_size: 10 - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: headerName - required: true - description: | - Headers to remove from the response prior to sending it back to the client. - - Response headers are only sent to the client, and do not have an effect on the cache serving the response. - - !ruby/object:Api::Type::NestedObject - name: routeAction - description: | - In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin. - properties: - - !ruby/object:Api::Type::NestedObject - name: cdnPolicy - description: | - The policy to use for defining caching and signed request behaviour for requests that match this route. - properties: - - !ruby/object:Api::Type::Enum - name: 'cacheMode' # default from api - description: | - Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. - - For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. - values: - - :CACHE_ALL_STATIC - - :USE_ORIGIN_HEADERS - - :FORCE_CACHE_ALL - - :BYPASS_CACHE - - !ruby/object:Api::Type::String - name: 'clientTtl' - description: | - Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. - - - The TTL must be > 0 and <= 86400s (1 day) - - The clientTtl cannot be larger than the defaultTtl (if set) - - Fractions of a second are not allowed. - - Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. - - When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. - A duration in seconds terminated by 's'. Example: "3s". - - !ruby/object:Api::Type::String - name: 'defaultTtl' # defalt from api - description: | - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). - - Defaults to 3600s (1 hour). - - - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) - - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) - - The value of defaultTTL cannot be set to a value greater than that of maxTTL. - - Fractions of a second are not allowed. - - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. - - Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. - - When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. - - A duration in seconds terminated by 's'. Example: "3s". - - !ruby/object:Api::Type::String - name: 'maxTtl' # defalt from api - description: | - Specifies the maximum allowed TTL for cached content served by this origin. - - Defaults to 86400s (1 day). - - Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. - - - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) - - Setting a TTL of "0" means "always revalidate" - - The value of maxTtl must be equal to or greater than defaultTtl. - - Fractions of a second are not allowed. - - When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. - - A duration in seconds terminated by 's'. Example: "3s". - - !ruby/object:Api::Type::NestedObject - name: 'cacheKeyPolicy' - description: | - Defines the request parameters that contribute to the cache key. - properties: - - !ruby/object:Api::Type::Boolean - name: includeProtocol # default from api - description: | - If true, http and https requests will be cached separately. - - !ruby/object:Api::Type::Boolean - name: excludeQueryString - description: | - If true, exclude query string parameters from the cache key - - If false (the default), include the query string parameters in - the cache key according to includeQueryParameters and - excludeQueryParameters. If neither includeQueryParameters nor - excludeQueryParameters is set, the entire query string will be - included. - - !ruby/object:Api::Type::Boolean - name: excludeHost # default from api - description: | - If true, requests to different hosts will be cached separately. - - Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. - - !ruby/object:Api::Type::Array - name: includedQueryParameters - description: | - Names of query string parameters to include in cache keys. All other parameters will be excluded. - - Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. - max_size: 10 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: excludedQueryParameters - description: | - Names of query string parameters to exclude from cache keys. All other parameters will be included. - - Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. - max_size: 10 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: includedHeaderNames - description: | - Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. - - - Header names must be valid HTTP RFC 7230 header field values. - - Header field names are case insensitive - - To include the HTTP method, use ":method" - - Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. - max_size: 5 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: includedCookieNames - description: | - Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. - - Cookie names: - - must be valid RFC 6265 "cookie-name" tokens - - are case sensitive - - cannot start with "Edge-Cache-" (case insensitive) - - Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. - - You may specify up to three cookie names. - max_size: 3 - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'negativeCaching' - description: | - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. - - By default, the CDNPolicy will apply the following default TTLs to these status codes: - - - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m - - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s - - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s - - These defaults can be overridden in negativeCachingPolicy - - !ruby/object:Api::Type::KeyValuePairs - name: 'negativeCachingPolicy' - description: | - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - - - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. - - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) - - Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. - - !ruby/object:Api::Type::Enum - name: 'signedRequestMode' # default from api - description: | - Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. - - You must also set a signedRequestKeyset to enable signed requests. - - When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. - values: - - :DISABLED - - :REQUIRE_SIGNATURES - - :REQUIRE_TOKENS - - !ruby/object:Api::Type::String - name: 'signedRequestKeyset' # resource ref, EdgeCacheKeyset? - description: | - The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge. - - !ruby/object:Api::Type::NestedObject - name: 'signedTokenOptions' - description: | - Additional options for signed tokens. - - signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. - properties: - - !ruby/object:Api::Type::String - name: 'tokenQueryParameter' - description: | - The query parameter in which to find the token. - - The name must be 1-64 characters long and match the regular expression `[a-zA-Z]([a-zA-Z0-9_-])*` which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. - - Defaults to `edge-cache-token`. - - !ruby/object:Api::Type::Array - name: 'allowedSignatureAlgorithms' - description: | - The allowed signature algorithms to use. - - Defaults to using only ED25519. - - You may specify up to 3 signature algorithms to use. - max_size: 3 - item_type: !ruby/object:Api::Type::Enum - name: 'allowedSignatureAlgorithm' - description: | - The signed request signature algorithm to use. - values: - - :ED25519 - - :HMAC_SHA_256 - - :HMAC_SHA1 - - !ruby/object:Api::Type::NestedObject - name: 'addSignatures' - description: | - Enable signature generation or propagation on this route. - - This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. - properties: - - !ruby/object:Api::Type::Array - name: actions - description: | - The actions to take to add signatures to responses. - required: true - max_size: 1 - item_type: !ruby/object:Api::Type::Enum - name: action - description: | - The ways a signature can be manipulated in a response. - values: - - :GENERATE_COOKIE - - :GENERATE_TOKEN_HLS_COOKIELESS - - :PROPAGATE_TOKEN_HLS_COOKIELESS - - !ruby/object:Api::Type::String - name: 'keyset' - description: | - The keyset to use for signature generation. - - The following are both valid paths to an EdgeCacheKeyset resource: - - * `projects/project/locations/global/edgeCacheKeysets/yourKeyset` - * `yourKeyset` - - This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. - - !ruby/object:Api::Type::String - name: tokenTtl - description: | - The duration the token is valid starting from the moment the token is first generated. - - Defaults to `86400s` (1 day). - - The TTL must be >= 0 and <= 604,800 seconds (1 week). - - This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. - - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::String - name: 'tokenQueryParameter' - description: | - The query parameter in which to put the generated token. - - If not specified, defaults to `edge-cache-token`. - - If specified, the name must be 1-64 characters long and match the regular expression `[a-zA-Z]([a-zA-Z0-9_-])*` which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. - - This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. - - !ruby/object:Api::Type::Array - name: 'copiedParameters' - description: | - The parameters to copy from the verified token to the generated token. - - Only the following parameters may be copied: - - * `PathGlobs` - * `paths` - * `acl` - * `URLPrefix` - * `IPRanges` - * `SessionID` - * `id` - * `Data` - * `data` - * `payload` - * `Headers` - - You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. - - This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'signedRequestMaximumExpirationTtl' - description: | - Limit how far into the future the expiration time of a signed request may be. - - When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. - - - The TTL must be > 0. - - Fractions of a second are not allowed. - - By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. - - !ruby/object:Api::Type::NestedObject - name: urlRewrite - description: | - The URL rewrite configuration for requests that match this route. - properties: - - !ruby/object:Api::Type::String - name: 'pathPrefixRewrite' - description: | - Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite. - - !ruby/object:Api::Type::String - name: 'hostRewrite' - description: | - Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite. - - !ruby/object:Api::Type::String - name: 'pathTemplateRewrite' - description: | - Prior to forwarding the request to the selected origin, if the - request matched a pathTemplateMatch, the matching portion of the - request's path is replaced re-written using the pattern specified - by pathTemplateRewrite. - - pathTemplateRewrite must be between 1 and 255 characters - (inclusive), must start with a '/', and must only use variables - captured by the route's pathTemplate matchers. - - pathTemplateRewrite may only be used when all of a route's - MatchRules specify pathTemplate. - - Only one of pathPrefixRewrite and pathTemplateRewrite may be - specified. - - !ruby/object:Api::Type::NestedObject - name: corsPolicy - description: | - CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set. - properties: - - !ruby/object:Api::Type::String - name: 'maxAge' - required: true - description: | - Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). - - - Setting the value to -1 forces a pre-flight check for all requests (not recommended) - - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. - - This translates to the Access-Control-Max-Age header. - - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::Boolean - name: 'allowCredentials' - description: | - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - - This translates to the Access-Control-Allow-Credentials response header. - - !ruby/object:Api::Type::Array - name: allowOrigins - description: | - Specifies the list of origins that will be allowed to do CORS requests. - - This translates to the Access-Control-Allow-Origin response header. - max_size: 25 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: allowMethods - description: | - Specifies the content for the Access-Control-Allow-Methods response header. - max_size: 5 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: allowHeaders - description: | - Specifies the content for the Access-Control-Allow-Headers response header. - max_size: 5 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: exposeHeaders - description: | - Specifies the content for the Access-Control-Allow-Headers response header. - max_size: 5 - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'disabled' - description: | - If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect. - - !ruby/object:Api::Type::String - name: origin - description: | - The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" - - Only one of origin or urlRedirect can be set. - - !ruby/object:Api::Type::NestedObject - name: urlRedirect - description: | - The URL redirect configuration for requests that match this route. - properties: - - !ruby/object:Api::Type::String - name: hostRedirect - description: | - The host that will be used in the redirect response instead of the one that was supplied in the request. - - !ruby/object:Api::Type::String - name: pathRedirect - description: | - The path that will be used in the redirect response instead of the one that was supplied in the request. - - pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. - - The path value must be between 1 and 1024 characters. - - !ruby/object:Api::Type::String - name: prefixRedirect - description: | - The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. - - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. - - !ruby/object:Api::Type::Enum - name: 'redirectResponseCode' # default from api - description: | - The HTTP Status code to use for this RedirectAction. - - The supported values are: - - - `MOVED_PERMANENTLY_DEFAULT`, which is the default value and corresponds to 301. - - `FOUND`, which corresponds to 302. - - `SEE_OTHER` which corresponds to 303. - - `TEMPORARY_REDIRECT`, which corresponds to 307. in this case, the request method will be retained. - - `PERMANENT_REDIRECT`, which corresponds to 308. in this case, the request method will be retained. - values: - - :MOVED_PERMANENTLY_DEFAULT - - :FOUND - - :SEE_OTHER - - :TEMPORARY_REDIRECT - - :PERMANENT_REDIRECT - - !ruby/object:Api::Type::Boolean - name: 'httpsRedirect' # default from api - description: | - If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. - - This can only be set if there is at least one (1) edgeSslCertificate set on the service. - - !ruby/object:Api::Type::Boolean - name: 'stripQuery' # default from api - description: | - If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. - - !ruby/object:Api::Type::NestedObject - name: 'logConfig' - description: | - Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging. - properties: - - !ruby/object:Api::Type::Boolean - name: 'enable' #default from api - required: true - description: | - Specifies whether to enable logging for traffic served by this service. - - !ruby/object:Api::Type::Double - name: 'sampleRate' - description: | - Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. - - This field can only be specified if logging is enabled for this service. - - !ruby/object:Api::Type::String - name: 'edgeSecurityPolicy' - description: | - Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService. diff --git a/mmv1/products/networkservices/product.yaml b/mmv1/products/networkservices/product.yaml new file mode 100644 index 000000000000..38556fd15847 --- /dev/null +++ b/mmv1/products/networkservices/product.yaml @@ -0,0 +1,28 @@ +# Copyright 2021 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: NetworkServices +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://networkservices.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://networkservices.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-identity +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Network Services API + url: https://console.cloud.google.com/apis/library/networkservices.googleapis.com diff --git a/mmv1/products/notebooks/Environment.yaml b/mmv1/products/notebooks/Environment.yaml new file mode 100644 index 000000000000..4eaedc8758c1 --- /dev/null +++ b/mmv1/products/notebooks/Environment.yaml @@ -0,0 +1,100 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Environment' +description: | + A Cloud AI Platform Notebook environment. +base_url: projects/{{project}}/locations/{{location}}/environments +create_url: projects/{{project}}/locations/{{location}}/environments?environmentId={{name}} +self_link: projects/{{project}}/locations/{{location}}/environments/{{name}} +create_verb: :POST +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/ai-platform-notebooks' + api: 'https://cloud.google.com/ai-platform/notebooks/docs/reference/rest' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name specified for the Environment instance. + Format: projects/{project_id}/locations/{location}/environments/{environmentId} + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{location}}/environments/{{name}} + - !ruby/object:Api::Type::ResourceRef + name: 'location' + description: 'A reference to the zone where the machine resides.' + resource: 'Location' + imports: 'name' + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + Display name of this environment for the UI. + - !ruby/object:Api::Type::String + name: 'description' + description: | + A brief description of this environment. + - !ruby/object:Api::Type::String + name: 'postStartupScript' + description: | + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name" + - !ruby/object:Api::Type::Time + name: 'createTime' + description: 'Instance creation time' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'vmImage' + exactly_one_of: + - vm_image + - container_image + description: | + Use a Compute Engine VM image to start the notebook instance. + properties: + - !ruby/object:Api::Type::String + name: 'project' + description: | + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id} + required: true + - !ruby/object:Api::Type::String + name: 'imageName' + description: | + Use VM image name to find the image. + - !ruby/object:Api::Type::String + name: 'imageFamily' + description: | + Use this VM image family to find the image; the newest image in this family will be used. + - !ruby/object:Api::Type::NestedObject + name: 'containerImage' + exactly_one_of: + - vm_image + - container_image + description: | + Use a container image to start the notebook instance. + properties: + - !ruby/object:Api::Type::String + name: 'repository' + description: | + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName} + required: true + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag of the container image. If not specified, this defaults to the latest tag. diff --git a/mmv1/products/notebooks/Instance.yaml b/mmv1/products/notebooks/Instance.yaml new file mode 100644 index 000000000000..f2ae79dab09f --- /dev/null +++ b/mmv1/products/notebooks/Instance.yaml @@ -0,0 +1,341 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +description: | + A Cloud AI Platform Notebook instance. +base_url: projects/{{project}}/locations/{{location}}/instances +create_url: projects/{{project}}/locations/{{location}}/instances?instanceId={{name}} +self_link: projects/{{project}}/locations/{{location}}/instances/{{name}} +create_verb: :POST +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/ai-platform-notebooks' + api: 'https://cloud.google.com/ai-platform/notebooks/docs/reference/rest' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :GET + parent_resource_attribute: 'instance_name' + import_format: ["projects/{{project}}/locations/{{location}}/instances/{{instance_name}}", "{{instance_name}}"] + base_url: projects/{{project}}/locations/{{location}}/instances/{{instance_name}} +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'location' + description: 'A reference to the zone where the machine resides.' + resource: 'Location' + imports: 'selfLink' + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name specified for the Notebook instance. + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{location}}/instances/{{name}} + - !ruby/object:Api::Type::String + name: 'machineType' + description: | + A reference to a machine type which defines VM kind. + required: true + # Machine Type is updatable, but requires the instance to be stopped, just like + # for compute instances. + # TODO: Implement allow_stopping_for_update here and for acceleratorConfig + # update_verb: :PATCH + # update_url: 'projects/{{project}}/locations/{{location}}/instances/{{name}}:setMachineType' + pattern: projects/{{project}}/zones/{{location}}/machineTypes/{{name}} + - !ruby/object:Api::Type::String + name: 'postStartupScript' + description: | + Path to a Bash script that automatically runs after a + notebook instance fully boots up. The path must be a URL + or Cloud Storage path (gs://path-to-file/file-name). + - !ruby/object:Api::Type::String + name: 'proxyUri' + description: | + The proxy endpoint that is used to access the Jupyter notebook. + output: true + - !ruby/object:Api::Type::Array + name: 'instanceOwners' + description: | + The list of owners of this instance after creation. + Format: alias@example.com. + Currently supports one owner only. + If not specified, all of the service account users of + your VM instance's service account can use the instance. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'serviceAccount' + description: | + The service account on this instance, giving access to other + Google Cloud services. You can use any service account within + the same project, but you must have the service account user + permission to use the instance. If not specified, + the Compute Engine default service account is used. + - !ruby/object:Api::Type::Array + name: 'serviceAccountScopes' + description: | + Optional. The URIs of service account scopes to be included in Compute Engine instances. + If not specified, the following scopes are defined: + - https://www.googleapis.com/auth/cloud-platform + - https://www.googleapis.com/auth/userinfo.email + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'acceleratorConfig' + description: | + The hardware accelerator used on this instance. If you use accelerators, + make sure that your configuration has enough vCPUs and memory to support the + machineType you have selected. + # AcceleratorConfig is updatable, but requires the instance to be stopped, just like + # for compute instances. + # TODO: Implement allow_stopping_for_update here and for machineType. + # update_verb: :PATCH + # update_url: 'projects/{{project}}/locations/{{location}}/instances/{{name}}:setAccelerator' + properties: + - !ruby/object:Api::Type::Enum + name: 'type' + values: + - ACCELERATOR_TYPE_UNSPECIFIED + - NVIDIA_TESLA_K80 + - NVIDIA_TESLA_P100 + - NVIDIA_TESLA_V100 + - NVIDIA_TESLA_P4 + - NVIDIA_TESLA_T4 + - NVIDIA_TESLA_T4_VWS + - NVIDIA_TESLA_P100_VWS + - NVIDIA_TESLA_P4_VWS + - NVIDIA_TESLA_A100 + - TPU_V2 + - TPU_V3 + required: true + description: | + Type of this accelerator. + - !ruby/object:Api::Type::Integer + name: 'coreCount' + required: true + description: | + Count of cores of this accelerator. + - !ruby/object:Api::Type::NestedObject + name: 'shieldedInstanceConfig' + description: | + A set of Shielded Instance options. Check [Images using supported Shielded VM features] + Not all combinations are valid + properties: + - !ruby/object:Api::Type::Boolean + name: 'enableIntegrityMonitoring' + description: | + Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the + boot integrity of the instance. The attestation is performed against the integrity policy baseline. + This baseline is initially derived from the implicitly trusted boot image when the instance is created. + Enabled by default. + default_value: true + - !ruby/object:Api::Type::Boolean + name: 'enableSecureBoot' + description: | + Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs + authentic software by verifying the digital signature of all boot components, and halting the boot process + if signature verification fails. + Disabled by default. + - !ruby/object:Api::Type::Boolean + name: 'enableVtpm' + description: | + Defines whether the instance has the vTPM enabled. + Enabled by default. + default_value: true + - !ruby/object:Api::Type::Enum + name: 'nicType' + description: | + The type of vNIC driver. + values: + - UNSPECIFIED_NIC_TYPE + - VIRTIO_NET + - GVNIC + - !ruby/object:Api::Type::NestedObject + name: 'reservationAffinity' + description: | + Reservation Affinity for consuming Zonal reservation. + properties: + - !ruby/object:Api::Type::Enum + name: 'consumeReservationType' + required: true + description: | + The type of Compute Reservation. + values: + - NO_RESERVATION + - ANY_RESERVATION + - SPECIFIC_RESERVATION + - !ruby/object:Api::Type::String + name: 'key' + description: | + Corresponds to the label key of reservation resource. + - !ruby/object:Api::Type::Array + name: 'values' + description: | + Corresponds to the label values of reservation resource. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'state' + description: | + The state of this instance. + output: true + - !ruby/object:Api::Type::Boolean + name: 'installGpuDriver' + description: | + Whether the end user authorizes Google Cloud to install GPU driver + on this instance. If this field is empty or set to false, the GPU driver + won't be installed. Only applicable to instances with GPUs. + immutable: true + - !ruby/object:Api::Type::String + name: 'customGpuDriverPath' + description: | + Specify a custom Cloud Storage path where the GPU driver is stored. + If not specified, we'll automatically choose from official GPU drivers. + - !ruby/object:Api::Type::Enum + name: 'bootDiskType' + values: + - DISK_TYPE_UNSPECIFIED + - PD_STANDARD + - PD_SSD + - PD_BALANCED + - PD_EXTREME + description: | + Possible disk types for notebook instances. + - !ruby/object:Api::Type::Integer + name: 'bootDiskSizeGb' + description: | + The size of the boot disk in GB attached to this instance, + up to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB. + If not specified, this defaults to 100. + - !ruby/object:Api::Type::Enum + name: 'dataDiskType' + values: + - DISK_TYPE_UNSPECIFIED + - PD_STANDARD + - PD_SSD + - PD_BALANCED + - PD_EXTREME + description: | + Possible disk types for notebook instances. + - !ruby/object:Api::Type::Integer + name: 'dataDiskSizeGb' + description: | + The size of the data disk in GB attached to this instance, + up to a maximum of 64000 GB (64 TB). + You can choose the size of the data disk based on how big your notebooks and data are. + If not specified, this defaults to 100. + - !ruby/object:Api::Type::Boolean + name: 'noRemoveDataDisk' + description: | + If true, the data disk will not be auto deleted when deleting the instance. + - !ruby/object:Api::Type::Enum + name: 'diskEncryption' + values: + - DISK_ENCRYPTION_UNSPECIFIED + - GMEK + - CMEK + description: | + Disk encryption method used on the boot and data disks, defaults to GMEK. + - !ruby/object:Api::Type::String + name: 'kmsKey' + description: | + The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK. + Format: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id} + - !ruby/object:Api::Type::Boolean + name: 'noPublicIp' + description: | + No public IP will be assigned to this instance. + - !ruby/object:Api::Type::Boolean + name: 'noProxyAccess' + description: | + The notebook instance will not register with the proxy.. + - !ruby/object:Api::Type::String + name: 'network' + description: | + The name of the VPC that this instance is in. + Format: projects/{project_id}/global/networks/{network_id} + - !ruby/object:Api::Type::String + name: 'subnet' + description: | + The name of the subnet that this instance is in. + Format: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id} + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this instance. These can be later modified by the setLabels method. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + update_verb: :PATCH + update_url: 'projects/{{project}}/locations/{{location}}/instances/{{name}}:setLabels' + - !ruby/object:Api::Type::Array + name: 'tags' + description: | + The Compute Engine tags to add to instance. + item_type: Api::Type::String + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + Custom metadata to apply to this instance. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::Time + name: 'createTime' + description: 'Instance creation time' + output: true + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: 'Instance update time.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'vmImage' + exactly_one_of: + - vm_image + - container_image + description: | + Use a Compute Engine VM image to start the notebook instance. + properties: + - !ruby/object:Api::Type::String + name: 'project' + description: | + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id} + required: true + - !ruby/object:Api::Type::String + name: 'imageFamily' + description: | + Use this VM image family to find the image; the newest image in this family will be used. + - !ruby/object:Api::Type::String + name: 'imageName' + description: | + Use VM image name to find the image. + - !ruby/object:Api::Type::NestedObject + name: 'containerImage' + exactly_one_of: + - vm_image + - container_image + description: | + Use a container image to start the notebook instance. + properties: + - !ruby/object:Api::Type::String + name: 'repository' + description: | + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName} + required: true + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag of the container image. If not specified, this defaults to the latest tag. diff --git a/mmv1/products/notebooks/Location.yaml b/mmv1/products/notebooks/Location.yaml new file mode 100644 index 000000000000..4755474aeb8d --- /dev/null +++ b/mmv1/products/notebooks/Location.yaml @@ -0,0 +1,26 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Location' +kind: 'compute#zone' +base_url: projects/{{project}}/locations +collection_url_key: 'items' +has_self_link: true +readonly: true +description: 'Represents a Location resource.' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the Location resource.' + diff --git a/mmv1/products/notebooks/Runtime.yaml b/mmv1/products/notebooks/Runtime.yaml new file mode 100644 index 000000000000..9e68b6bb5b53 --- /dev/null +++ b/mmv1/products/notebooks/Runtime.yaml @@ -0,0 +1,501 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Runtime' +description: | + A Cloud AI Platform Notebook runtime. +base_url: projects/{{project}}/locations/{{location}}/runtimes +create_url: projects/{{project}}/locations/{{location}}/runtimes?runtimeId={{name}} +self_link: projects/{{project}}/locations/{{location}}/runtimes/{{name}} +create_verb: :POST +update_verb: :PATCH +update_mask: true +# When set, if any parameter change, they will get recreated. +# Use wisely because any `update_url:` in the hierarchy below this will get ignored. +# immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/ai-platform-notebooks' + api: 'https://cloud.google.com/ai-platform/notebooks/docs/reference/rest' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :GET + parent_resource_attribute: 'runtime_name' + import_format: ["projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}", "{{runtime_name}}"] + # Sets the base url for base_url:GetIamPolicy and base_url:SetIamPolicy in function `qualifyRuntimeUrl` + base_url: projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'location' + description: 'A reference to the zone where the machine resides.' + resource: 'Location' + imports: 'selfLink' + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name specified for the Notebook runtime. + required: true + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{location}}/runtimes/{{name}} + - !ruby/object:Api::Type::NestedObject + name: "virtualMachine" + exactly_one_of: + - virtual_machine + description: | + Use a Compute Engine VM image to start the managed notebook instance. + properties: + - !ruby/object:Api::Type::String + name: "instanceName" + description: | + The user-friendly name of the Managed Compute Engine instance. + output: true + - !ruby/object:Api::Type::String + name: "instanceId" + description: | + The unique identifier of the Managed Compute Engine instance. + output: true + - !ruby/object:Api::Type::NestedObject + name: "virtualMachineConfig" + description: | + Virtual Machine configuration settings. + properties: + - !ruby/object:Api::Type::String + name: "zone" + description: | + The zone where the virtual machine is located. + output: true + - !ruby/object:Api::Type::String + name: "machineType" + description: | + The Compute Engine machine type used for runtimes. + required: true + - !ruby/object:Api::Type::NestedObject + name: "dataDisk" + description: | + Data disk option configuration settings. + required: true + properties: + - !ruby/object:Api::Type::Boolean + name: "autoDelete" + description: | + Optional. Specifies whether the disk will be auto-deleted + when the instance is deleted (but not when the disk is + detached from the instance). + output: true + - !ruby/object:Api::Type::Boolean + name: "boot" + description: | + Optional. Indicates that this is a boot disk. The virtual + machine will use the first partition of the disk for its + root filesystem. + output: true + - !ruby/object:Api::Type::String + name: "deviceName" + description: | + Optional. Specifies a unique device name of your choice + that is reflected into the /dev/disk/by-id/google-* tree + of a Linux operating system running within the instance. + This name can be used to reference the device for mounting, + resizing, and so on, from within the instance. + If not specified, the server chooses a default device name + to apply to this disk, in the form persistent-disk-x, where + x is a number assigned by Google Compute Engine. This field + is only applicable for persistent disks. + output: true + - !ruby/object:Api::Type::Array + name: "guestOsFeatures" + description: | + Indicates a list of features to enable on the guest operating + system. Applicable only for bootable images. To see a list of + available features, read `https://cloud.google.com/compute/docs/ + images/create-delete-deprecate-private-images#guest-os-features` + options. `` + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Integer + name: "index" + description: | + Output only. A zero-based index to this disk, where 0 is + reserved for the boot disk. If you have many disks attached + to an instance, each disk would have a unique index number. + output: true + - !ruby/object:Api::Type::NestedObject + name: "initializeParams" + description: | + Input only. Specifies the parameters for a new disk that will + be created alongside the new instance. Use initialization + parameters to create boot disks or local SSDs attached to the + new instance. This property is mutually exclusive with the + source property; you can only define one or the other, but not + both. + properties: + - !ruby/object:Api::Type::String + name: "description" + description: | + Provide this property when creating the disk. + - !ruby/object:Api::Type::String + name: "diskName" + description: | + Specifies the disk name. If not specified, the default is + to use the name of the instance. If the disk with the + instance name exists already in the given zone/region, a + new name will be automatically generated. + - !ruby/object:Api::Type::Integer + name: "diskSizeGb" + description: | + Specifies the size of the disk in base-2 GB. If not + specified, the disk will be the same size as the image + (usually 10GB). If specified, the size must be equal to + or larger than 10GB. Default 100 GB. + - !ruby/object:Api::Type::String + name: "diskType" + description: | + The type of the boot disk attached to this runtime, + defaults to standard persistent disk. For valid values, + see `https://cloud.google.com/vertex-ai/docs/workbench/ + reference/rest/v1/projects.locations.runtimes#disktype` + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: | + Labels to apply to this disk. These can be later modified + by the disks.setLabels method. This field is only + applicable for persistent disks. + immutable: true + - !ruby/object:Api::Type::String + name: "interface" + description: | + "Specifies the disk interface to use for attaching this disk, + which is either SCSI or NVME. The default is SCSI. Persistent + disks must always use SCSI and the request will fail if you attempt + to attach a persistent disk in any other format than SCSI. Local SSDs + can use either NVME or SCSI. For performance characteristics of SCSI + over NVMe, see Local SSD performance. Valid values: * NVME * SCSI". + - !ruby/object:Api::Type::String + name: "kind" + description: | + Type of the resource. Always compute#attachedDisk for attached + disks. + output: true + - !ruby/object:Api::Type::Array + name: "licenses" + description: | + Output only. Any valid publicly visible licenses. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::String + name: "mode" + description: | + The mode in which to attach this disk, either READ_WRITE + or READ_ONLY. If not specified, the default is to attach + the disk in READ_WRITE mode. + - !ruby/object:Api::Type::String + name: "source" + description: | + Specifies a valid partial or full URL to an existing + Persistent Disk resource. + - !ruby/object:Api::Type::String + name: "type" + description: | + Specifies the type of the disk, either SCRATCH or PERSISTENT. + If not specified, the default is PERSISTENT. + - !ruby/object:Api::Type::Array + name: "containerImages" + description: | + Use a list of container images to start the notebook instance. + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'repository' + description: | + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName} + required: true + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag of the container image. If not specified, this defaults to the latest tag. + - !ruby/object:Api::Type::NestedObject + name: "encryptionConfig" + description: | + Encryption settings for virtual machine data disk. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: "kmsKey" + description: | + The Cloud KMS resource identifier of the customer-managed + encryption key used to protect a resource, such as a disks. + It has the following format: + `projects/{PROJECT_ID}/locations/{REGION}/keyRings/ + {KEY_RING_NAME}/cryptoKeys/{KEY_NAME}` + - !ruby/object:Api::Type::NestedObject + name: "shieldedInstanceConfig" + description: | + Shielded VM Instance configuration settings. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: "enableSecureBoot" + description: | + Defines whether the instance has Secure Boot enabled.Secure + Boot helps ensure that the system only runs authentic software + by verifying the digital signature of all boot components, and + halting the boot process if signature verification fails. + Disabled by default. + - !ruby/object:Api::Type::Boolean + name: "enableVtpm" + description: | + Defines whether the instance has the vTPM enabled. Enabled by + default. + - !ruby/object:Api::Type::Boolean + name: "enableIntegrityMonitoring" + description: | + Defines whether the instance has integrity monitoring enabled. + Enables monitoring and attestation of the boot integrity of + the instance. The attestation is performed against the + integrity policy baseline. This baseline is initially derived + from the implicitly trusted boot image when the instance is + created. Enabled by default. + - !ruby/object:Api::Type::NestedObject + name: "acceleratorConfig" + description: | + The Compute Engine accelerator configuration for this runtime. + properties: + - !ruby/object:Api::Type::String + name: "type" + description: | + Accelerator model. For valid values, see + `https://cloud.google.com/vertex-ai/docs/workbench/reference/ + rest/v1/projects.locations.runtimes#AcceleratorType` + - !ruby/object:Api::Type::Integer + name: "coreCount" + description: | + Count of cores of this accelerator. + - !ruby/object:Api::Type::String + name: "network" + description: | + The Compute Engine network to be used for machine communications. + Cannot be specified with subnetwork. If neither `network` nor + `subnet` is specified, the "default" network of the project is + used, if it exists. A full URL or partial URI. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/ + regions/global/default` + * `projects/[project_id]/regions/global/default` + Runtimes are managed resources inside Google Infrastructure. + Runtimes support the following network configurations: + * Google Managed Network (Network & subnet are empty) + * Consumer Project VPC (network & subnet are required). Requires + configuring Private Service Access. + * Shared VPC (network & subnet are required). Requires + configuring Private Service Access. + immutable: true + - !ruby/object:Api::Type::String + name: "subnet" + description: | + The Compute Engine subnetwork to be used for machine + communications. Cannot be specified with network. A full URL or + partial URI are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/ + regions/us-east1/subnetworks/sub0` + * `projects/[project_id]/regions/us-east1/subnetworks/sub0` + immutable: true + - !ruby/object:Api::Type::Boolean + name: "internalIpOnly" + description: | + If true, runtime will only have internal IP addresses. By default, + runtimes are not restricted to internal IP addresses, and will + have ephemeral external IP addresses assigned to each vm. This + `internal_ip_only` restriction can only be enabled for subnetwork + enabled networks, and all dependencies must be configured to be + accessible without external IP addresses. + immutable: true + - !ruby/object:Api::Type::Array + name: "tags" + description: | + The Compute Engine tags to add to runtime (see [Tagging instances] + (https://cloud.google.com/compute/docs/ + label-or-tag-resources#tags)). + item_type: Api::Type::String + - !ruby/object:Api::Type::KeyValuePairs + name: "guestAttributes" + description: | + The Compute Engine guest attributes. (see [Project and instance + guest attributes](https://cloud.google.com/compute/docs/ + storing-retrieving-metadata#guest_attributes)). + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: "metadata" + description: | + The Compute Engine metadata entries to add to virtual machine. + (see [Project and instance metadata](https://cloud.google.com + /compute/docs/storing-retrieving-metadata#project_and_instance + _metadata)). + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: | + The labels to associate with this runtime. Label **keys** must + contain 1 to 63 characters, and must conform to [RFC 1035] + (https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be + empty, but, if present, must contain 1 to 63 characters, and must + conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No + more than 32 labels can be associated with a cluster. + - !ruby/object:Api::Type::Enum + name: "nicType" + description: | + The type of vNIC to be used on this interface. This may be gVNIC + or VirtioNet. + immutable: true + values: + - UNSPECIFIED_NIC_TYPE + - VIRTIO_NET + - GVNIC + - !ruby/object:Api::Type::String + name: "reservedIpRange" + description: | + Reserved IP Range name is used for VPC Peering. The + subnetwork allocation will use the range *name* if it's assigned. + immutable: true + - !ruby/object:Api::Type::Enum + name: 'state' + values: + - STATE_UNSPECIFIED + - STARTING + - PROVISIONING + - ACTIVE + - STOPPING + - STOPPED + - DELETING + - UPGRADING + - INITIALIZING + description: | + The state of this runtime. + output: true + - !ruby/object:Api::Type::String + name: 'healthState' + description: | + The health state of this runtime. For a list of possible output + values, see `https://cloud.google.com/vertex-ai/docs/workbench/ + reference/rest/v1/projects.locations.runtimes#healthstate`. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'accessConfig' + description: | + The config settings for accessing runtime. + properties: + - !ruby/object:Api::Type::String + name: 'accessType' + description: | + The type of access mode this instance. For valid values, see + `https://cloud.google.com/vertex-ai/docs/workbench/reference/ + rest/v1/projects.locations.runtimes#RuntimeAccessType`. + - !ruby/object:Api::Type::String + name: 'runtimeOwner' + description: | + The owner of this runtime after creation. Format: `alias@example.com`. + Currently supports one owner only. + - !ruby/object:Api::Type::String + name: 'proxyUri' + description: | + The proxy endpoint that is used to access the runtime. + output: true + - !ruby/object:Api::Type::NestedObject + name: "softwareConfig" + description: | + The config settings for software inside the runtime. + properties: + - !ruby/object:Api::Type::String + name: "notebookUpgradeSchedule" + description: | + Cron expression in UTC timezone for schedule instance auto upgrade. + Please follow the [cron format](https://en.wikipedia.org/wiki/Cron). + - !ruby/object:Api::Type::Boolean + name: "enableHealthMonitoring" + description: | + Verifies core internal services are running. Default: True. + default_value: true + - !ruby/object:Api::Type::Boolean + name: "idleShutdown" + description: | + Runtime will automatically shutdown after idle_shutdown_time. + Default: True + default_value: true + - !ruby/object:Api::Type::Integer + name: "idleShutdownTimeout" + description: | + Time in minutes to wait before shuting down runtime. + Default: 180 minutes + - !ruby/object:Api::Type::Boolean + name: "installGpuDriver" + description: | + Install Nvidia Driver automatically. + - !ruby/object:Api::Type::Boolean + name: "upgradeable" + output: true + description: | + Bool indicating whether an newer image is available in an image family. + - !ruby/object:Api::Type::String + name: "customGpuDriverPath" + description: | + Specify a custom Cloud Storage path where the GPU driver is stored. + If not specified, we'll automatically choose from official GPU drivers. + - !ruby/object:Api::Type::String + name: "postStartupScript" + description: | + Path to a Bash script that automatically runs after a notebook instance + fully boots up. The path must be a URL or + Cloud Storage path (gs://path-to-file/file-name). + - !ruby/object:Api::Type::Enum + name: 'postStartupScriptBehavior' + values: + - POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED + - RUN_EVERY_START + - DOWNLOAD_AND_RUN_EVERY_START + description: | + Behavior for the post startup script. + - !ruby/object:Api::Type::Array + name: 'kernels' + description: | + Use a list of container images to use as Kernels in the notebook instance. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'repository' + description: | + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName} + required: true + - !ruby/object:Api::Type::String + name: 'tag' + description: | + The tag of the container image. If not specified, this defaults to the latest tag. + - !ruby/object:Api::Type::NestedObject + name: "metrics" + description: | + Contains Runtime daemon metrics such as Service status and JupyterLab + status + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: "systemMetrics" + description: | + Contains runtime daemon metrics, such as OS and kernels and + sessions stats. + output: true + output: true diff --git a/mmv1/products/notebooks/api.yaml b/mmv1/products/notebooks/api.yaml deleted file mode 100644 index f53088a3b335..000000000000 --- a/mmv1/products/notebooks/api.yaml +++ /dev/null @@ -1,970 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Notebooks -display_name: Cloud AI Notebooks -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://notebooks.googleapis.com/v1/ - # Notebooks has an old beta API but since Beatrix, features - # features are only in V1 with some changes to Spanner which - # makes backporting to v1beta1 challenging. In case, users - # decided to use beta, we use v1 as the API reference. - - !ruby/object:Api::Product::Version - name: beta - base_url: https://notebooks.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Notebooks API - url: https://console.cloud.google.com/apis/api/notebooks.googleapis.com -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - base_url: '{{op_id}}' - path: 'name' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - # Notebooks Environment - - !ruby/object:Api::Resource - name: 'Environment' - description: | - A Cloud AI Platform Notebook environment. - base_url: projects/{{project}}/locations/{{location}}/environments - create_url: projects/{{project}}/locations/{{location}}/environments?environmentId={{name}} - self_link: projects/{{project}}/locations/{{location}}/environments/{{name}} - create_verb: :POST - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/ai-platform-notebooks' - api: 'https://cloud.google.com/ai-platform/notebooks/docs/reference/rest' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name specified for the Environment instance. - Format: projects/{project_id}/locations/{location}/environments/{environmentId} - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{location}}/environments/{{name}} - - !ruby/object:Api::Type::ResourceRef - name: 'location' - description: 'A reference to the zone where the machine resides.' - resource: 'Location' - imports: 'name' - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - Display name of this environment for the UI. - - !ruby/object:Api::Type::String - name: 'description' - description: | - A brief description of this environment. - - !ruby/object:Api::Type::String - name: 'postStartupScript' - description: | - Path to a Bash script that automatically runs after a notebook instance fully boots up. - The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name" - - !ruby/object:Api::Type::Time - name: 'createTime' - description: 'Instance creation time' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'vmImage' - exactly_one_of: - - vm_image - - container_image - description: | - Use a Compute Engine VM image to start the notebook instance. - properties: - - !ruby/object:Api::Type::String - name: 'project' - description: | - The name of the Google Cloud project that this VM image belongs to. - Format: projects/{project_id} - required: true - - !ruby/object:Api::Type::String - name: 'imageName' - description: | - Use VM image name to find the image. - - !ruby/object:Api::Type::String - name: 'imageFamily' - description: | - Use this VM image family to find the image; the newest image in this family will be used. - - !ruby/object:Api::Type::NestedObject - name: 'containerImage' - exactly_one_of: - - vm_image - - container_image - description: | - Use a container image to start the notebook instance. - properties: - - !ruby/object:Api::Type::String - name: 'repository' - description: | - The path to the container image repository. - For example: gcr.io/{project_id}/{imageName} - required: true - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag of the container image. If not specified, this defaults to the latest tag. - # Notebooks Instance - - !ruby/object:Api::Resource - name: 'Instance' - description: | - A Cloud AI Platform Notebook instance. - base_url: projects/{{project}}/locations/{{location}}/instances - create_url: projects/{{project}}/locations/{{location}}/instances?instanceId={{name}} - self_link: projects/{{project}}/locations/{{location}}/instances/{{name}} - create_verb: :POST - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/ai-platform-notebooks' - api: 'https://cloud.google.com/ai-platform/notebooks/docs/reference/rest' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :GET - parent_resource_attribute: 'instance_name' - import_format: ["projects/{{project}}/locations/{{location}}/instances/{{instance_name}}", "{{instance_name}}"] - base_url: projects/{{project}}/locations/{{location}}/instances/{{instance_name}} - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'location' - description: 'A reference to the zone where the machine resides.' - resource: 'Location' - imports: 'selfLink' - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name specified for the Notebook instance. - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{location}}/instances/{{name}} - - !ruby/object:Api::Type::String - name: 'machineType' - description: | - A reference to a machine type which defines VM kind. - required: true - # Machine Type is updatable, but requires the instance to be stopped, just like - # for compute instances. - # TODO: Implement allow_stopping_for_update here and for acceleratorConfig - # update_verb: :PATCH - # update_url: 'projects/{{project}}/locations/{{location}}/instances/{{name}}:setMachineType' - pattern: projects/{{project}}/zones/{{location}}/machineTypes/{{name}} - - !ruby/object:Api::Type::String - name: 'postStartupScript' - description: | - Path to a Bash script that automatically runs after a - notebook instance fully boots up. The path must be a URL - or Cloud Storage path (gs://path-to-file/file-name). - - !ruby/object:Api::Type::String - name: 'proxyUri' - description: | - The proxy endpoint that is used to access the Jupyter notebook. - output: true - - !ruby/object:Api::Type::Array - name: 'instanceOwners' - description: | - The list of owners of this instance after creation. - Format: alias@example.com. - Currently supports one owner only. - If not specified, all of the service account users of - your VM instance's service account can use the instance. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'serviceAccount' - description: | - The service account on this instance, giving access to other - Google Cloud services. You can use any service account within - the same project, but you must have the service account user - permission to use the instance. If not specified, - the Compute Engine default service account is used. - - !ruby/object:Api::Type::Array - name: 'serviceAccountScopes' - description: | - Optional. The URIs of service account scopes to be included in Compute Engine instances. - If not specified, the following scopes are defined: - - https://www.googleapis.com/auth/cloud-platform - - https://www.googleapis.com/auth/userinfo.email - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'acceleratorConfig' - description: | - The hardware accelerator used on this instance. If you use accelerators, - make sure that your configuration has enough vCPUs and memory to support the - machineType you have selected. - # AcceleratorConfig is updatable, but requires the instance to be stopped, just like - # for compute instances. - # TODO: Implement allow_stopping_for_update here and for machineType. - # update_verb: :PATCH - # update_url: 'projects/{{project}}/locations/{{location}}/instances/{{name}}:setAccelerator' - properties: - - !ruby/object:Api::Type::Enum - name: 'type' - values: - - ACCELERATOR_TYPE_UNSPECIFIED - - NVIDIA_TESLA_K80 - - NVIDIA_TESLA_P100 - - NVIDIA_TESLA_V100 - - NVIDIA_TESLA_P4 - - NVIDIA_TESLA_T4 - - NVIDIA_TESLA_T4_VWS - - NVIDIA_TESLA_P100_VWS - - NVIDIA_TESLA_P4_VWS - - NVIDIA_TESLA_A100 - - TPU_V2 - - TPU_V3 - required: true - description: | - Type of this accelerator. - - !ruby/object:Api::Type::Integer - name: 'coreCount' - required: true - description: | - Count of cores of this accelerator. - - !ruby/object:Api::Type::NestedObject - name: 'shieldedInstanceConfig' - description: | - A set of Shielded Instance options. Check [Images using supported Shielded VM features] - Not all combinations are valid - properties: - - !ruby/object:Api::Type::Boolean - name: 'enableIntegrityMonitoring' - description: | - Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the - boot integrity of the instance. The attestation is performed against the integrity policy baseline. - This baseline is initially derived from the implicitly trusted boot image when the instance is created. - Enabled by default. - default_value: true - - !ruby/object:Api::Type::Boolean - name: 'enableSecureBoot' - description: | - Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs - authentic software by verifying the digital signature of all boot components, and halting the boot process - if signature verification fails. - Disabled by default. - - !ruby/object:Api::Type::Boolean - name: 'enableVtpm' - description: | - Defines whether the instance has the vTPM enabled. - Enabled by default. - default_value: true - - !ruby/object:Api::Type::Enum - name: 'nicType' - description: | - The type of vNIC driver. - values: - - UNSPECIFIED_NIC_TYPE - - VIRTIO_NET - - GVNIC - - !ruby/object:Api::Type::NestedObject - name: 'reservationAffinity' - description: | - Reservation Affinity for consuming Zonal reservation. - properties: - - !ruby/object:Api::Type::Enum - name: 'consumeReservationType' - required: true - description: | - The type of Compute Reservation. - values: - - NO_RESERVATION - - ANY_RESERVATION - - SPECIFIC_RESERVATION - - !ruby/object:Api::Type::String - name: 'key' - description: | - Corresponds to the label key of reservation resource. - - !ruby/object:Api::Type::Array - name: 'values' - description: | - Corresponds to the label values of reservation resource. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'state' - description: | - The state of this instance. - output: true - - !ruby/object:Api::Type::Boolean - name: 'installGpuDriver' - description: | - Whether the end user authorizes Google Cloud to install GPU driver - on this instance. If this field is empty or set to false, the GPU driver - won't be installed. Only applicable to instances with GPUs. - input: true - - !ruby/object:Api::Type::String - name: 'customGpuDriverPath' - description: | - Specify a custom Cloud Storage path where the GPU driver is stored. - If not specified, we'll automatically choose from official GPU drivers. - - !ruby/object:Api::Type::Enum - name: 'bootDiskType' - values: - - DISK_TYPE_UNSPECIFIED - - PD_STANDARD - - PD_SSD - - PD_BALANCED - - PD_EXTREME - description: | - Possible disk types for notebook instances. - - !ruby/object:Api::Type::Integer - name: 'bootDiskSizeGb' - description: | - The size of the boot disk in GB attached to this instance, - up to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB. - If not specified, this defaults to 100. - - !ruby/object:Api::Type::Enum - name: 'dataDiskType' - values: - - DISK_TYPE_UNSPECIFIED - - PD_STANDARD - - PD_SSD - - PD_BALANCED - - PD_EXTREME - description: | - Possible disk types for notebook instances. - - !ruby/object:Api::Type::Integer - name: 'dataDiskSizeGb' - description: | - The size of the data disk in GB attached to this instance, - up to a maximum of 64000 GB (64 TB). - You can choose the size of the data disk based on how big your notebooks and data are. - If not specified, this defaults to 100. - - !ruby/object:Api::Type::Boolean - name: 'noRemoveDataDisk' - description: | - If true, the data disk will not be auto deleted when deleting the instance. - - !ruby/object:Api::Type::Enum - name: 'diskEncryption' - values: - - DISK_ENCRYPTION_UNSPECIFIED - - GMEK - - CMEK - description: | - Disk encryption method used on the boot and data disks, defaults to GMEK. - - !ruby/object:Api::Type::String - name: 'kmsKey' - description: | - The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK. - Format: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id} - - !ruby/object:Api::Type::Boolean - name: 'noPublicIp' - description: | - No public IP will be assigned to this instance. - - !ruby/object:Api::Type::Boolean - name: 'noProxyAccess' - description: | - The notebook instance will not register with the proxy.. - - !ruby/object:Api::Type::String - name: 'network' - description: | - The name of the VPC that this instance is in. - Format: projects/{project_id}/global/networks/{network_id} - - !ruby/object:Api::Type::String - name: 'subnet' - description: | - The name of the subnet that this instance is in. - Format: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id} - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels to apply to this instance. These can be later modified by the setLabels method. - An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - update_verb: :PATCH - update_url: 'projects/{{project}}/locations/{{location}}/instances/{{name}}:setLabels' - - !ruby/object:Api::Type::Array - name: 'tags' - description: | - The Compute Engine tags to add to instance. - item_type: Api::Type::String - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - Custom metadata to apply to this instance. - An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::Time - name: 'createTime' - description: 'Instance creation time' - output: true - - !ruby/object:Api::Type::Time - name: 'updateTime' - description: 'Instance update time.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'vmImage' - exactly_one_of: - - vm_image - - container_image - description: | - Use a Compute Engine VM image to start the notebook instance. - properties: - - !ruby/object:Api::Type::String - name: 'project' - description: | - The name of the Google Cloud project that this VM image belongs to. - Format: projects/{project_id} - required: true - - !ruby/object:Api::Type::String - name: 'imageFamily' - description: | - Use this VM image family to find the image; the newest image in this family will be used. - - !ruby/object:Api::Type::String - name: 'imageName' - description: | - Use VM image name to find the image. - - !ruby/object:Api::Type::NestedObject - name: 'containerImage' - exactly_one_of: - - vm_image - - container_image - description: | - Use a container image to start the notebook instance. - properties: - - !ruby/object:Api::Type::String - name: 'repository' - description: | - The path to the container image repository. - For example: gcr.io/{project_id}/{imageName} - required: true - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag of the container image. If not specified, this defaults to the latest tag. - # Notebooks Runtime - - !ruby/object:Api::Resource - name: 'Runtime' - description: | - A Cloud AI Platform Notebook runtime. - base_url: projects/{{project}}/locations/{{location}}/runtimes - create_url: projects/{{project}}/locations/{{location}}/runtimes?runtimeId={{name}} - self_link: projects/{{project}}/locations/{{location}}/runtimes/{{name}} - create_verb: :POST - update_verb: :PATCH - update_mask: true - # When set, if any parameter change, they will get recreated. - # Use wisely because any `update_url:` in the hierarchy below this will get ignored. - # input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/ai-platform-notebooks' - api: 'https://cloud.google.com/ai-platform/notebooks/docs/reference/rest' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :GET - parent_resource_attribute: 'runtime_name' - import_format: ["projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}", "{{runtime_name}}"] - # Sets the base url for base_url:GetIamPolicy and base_url:SetIamPolicy in function `qualifyRuntimeUrl` - base_url: projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'location' - description: 'A reference to the zone where the machine resides.' - resource: 'Location' - imports: 'selfLink' - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name specified for the Notebook runtime. - required: true - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{location}}/runtimes/{{name}} - - !ruby/object:Api::Type::NestedObject - name: "virtualMachine" - exactly_one_of: - - virtual_machine - description: | - Use a Compute Engine VM image to start the managed notebook instance. - properties: - - !ruby/object:Api::Type::String - name: "instanceName" - description: | - The user-friendly name of the Managed Compute Engine instance. - output: true - - !ruby/object:Api::Type::String - name: "instanceId" - description: | - The unique identifier of the Managed Compute Engine instance. - output: true - - !ruby/object:Api::Type::NestedObject - name: "virtualMachineConfig" - description: | - Virtual Machine configuration settings. - properties: - - !ruby/object:Api::Type::String - name: "zone" - description: | - The zone where the virtual machine is located. - output: true - - !ruby/object:Api::Type::String - name: "machineType" - description: | - The Compute Engine machine type used for runtimes. - required: true - - !ruby/object:Api::Type::NestedObject - name: "dataDisk" - description: | - Data disk option configuration settings. - required: true - properties: - - !ruby/object:Api::Type::Boolean - name: "autoDelete" - description: | - Optional. Specifies whether the disk will be auto-deleted - when the instance is deleted (but not when the disk is - detached from the instance). - output: true - - !ruby/object:Api::Type::Boolean - name: "boot" - description: | - Optional. Indicates that this is a boot disk. The virtual - machine will use the first partition of the disk for its - root filesystem. - output: true - - !ruby/object:Api::Type::String - name: "deviceName" - description: | - Optional. Specifies a unique device name of your choice - that is reflected into the /dev/disk/by-id/google-* tree - of a Linux operating system running within the instance. - This name can be used to reference the device for mounting, - resizing, and so on, from within the instance. - If not specified, the server chooses a default device name - to apply to this disk, in the form persistent-disk-x, where - x is a number assigned by Google Compute Engine. This field - is only applicable for persistent disks. - output: true - - !ruby/object:Api::Type::Array - name: "guestOsFeatures" - description: | - Indicates a list of features to enable on the guest operating - system. Applicable only for bootable images. To see a list of - available features, read `https://cloud.google.com/compute/docs/ - images/create-delete-deprecate-private-images#guest-os-features` - options. `` - output: true - item_type: Api::Type::String - - !ruby/object:Api::Type::Integer - name: "index" - description: | - Output only. A zero-based index to this disk, where 0 is - reserved for the boot disk. If you have many disks attached - to an instance, each disk would have a unique index number. - output: true - - !ruby/object:Api::Type::NestedObject - name: "initializeParams" - description: | - Input only. Specifies the parameters for a new disk that will - be created alongside the new instance. Use initialization - parameters to create boot disks or local SSDs attached to the - new instance. This property is mutually exclusive with the - source property; you can only define one or the other, but not - both. - properties: - - !ruby/object:Api::Type::String - name: "description" - description: | - Provide this property when creating the disk. - - !ruby/object:Api::Type::String - name: "diskName" - description: | - Specifies the disk name. If not specified, the default is - to use the name of the instance. If the disk with the - instance name exists already in the given zone/region, a - new name will be automatically generated. - - !ruby/object:Api::Type::Integer - name: "diskSizeGb" - description: | - Specifies the size of the disk in base-2 GB. If not - specified, the disk will be the same size as the image - (usually 10GB). If specified, the size must be equal to - or larger than 10GB. Default 100 GB. - - !ruby/object:Api::Type::String - name: "diskType" - description: | - The type of the boot disk attached to this runtime, - defaults to standard persistent disk. For valid values, - see `https://cloud.google.com/vertex-ai/docs/workbench/ - reference/rest/v1/projects.locations.runtimes#disktype` - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: | - Labels to apply to this disk. These can be later modified - by the disks.setLabels method. This field is only - applicable for persistent disks. - input: true - - !ruby/object:Api::Type::String - name: "interface" - description: | - "Specifies the disk interface to use for attaching this disk, - which is either SCSI or NVME. The default is SCSI. Persistent - disks must always use SCSI and the request will fail if you attempt - to attach a persistent disk in any other format than SCSI. Local SSDs - can use either NVME or SCSI. For performance characteristics of SCSI - over NVMe, see Local SSD performance. Valid values: * NVME * SCSI". - - !ruby/object:Api::Type::String - name: "kind" - description: | - Type of the resource. Always compute#attachedDisk for attached - disks. - output: true - - !ruby/object:Api::Type::Array - name: "licenses" - description: | - Output only. Any valid publicly visible licenses. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::String - name: "mode" - description: | - The mode in which to attach this disk, either READ_WRITE - or READ_ONLY. If not specified, the default is to attach - the disk in READ_WRITE mode. - - !ruby/object:Api::Type::String - name: "source" - description: | - Specifies a valid partial or full URL to an existing - Persistent Disk resource. - - !ruby/object:Api::Type::String - name: "type" - description: | - Specifies the type of the disk, either SCRATCH or PERSISTENT. - If not specified, the default is PERSISTENT. - - !ruby/object:Api::Type::Array - name: "containerImages" - description: | - Use a list of container images to start the notebook instance. - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'repository' - description: | - The path to the container image repository. - For example: gcr.io/{project_id}/{imageName} - required: true - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag of the container image. If not specified, this defaults to the latest tag. - - !ruby/object:Api::Type::NestedObject - name: "encryptionConfig" - description: | - Encryption settings for virtual machine data disk. - input: true - properties: - - !ruby/object:Api::Type::String - name: "kmsKey" - description: | - The Cloud KMS resource identifier of the customer-managed - encryption key used to protect a resource, such as a disks. - It has the following format: - `projects/{PROJECT_ID}/locations/{REGION}/keyRings/ - {KEY_RING_NAME}/cryptoKeys/{KEY_NAME}` - - !ruby/object:Api::Type::NestedObject - name: "shieldedInstanceConfig" - description: | - Shielded VM Instance configuration settings. - input: true - properties: - - !ruby/object:Api::Type::Boolean - name: "enableSecureBoot" - description: | - Defines whether the instance has Secure Boot enabled.Secure - Boot helps ensure that the system only runs authentic software - by verifying the digital signature of all boot components, and - halting the boot process if signature verification fails. - Disabled by default. - - !ruby/object:Api::Type::Boolean - name: "enableVtpm" - description: | - Defines whether the instance has the vTPM enabled. Enabled by - default. - - !ruby/object:Api::Type::Boolean - name: "enableIntegrityMonitoring" - description: | - Defines whether the instance has integrity monitoring enabled. - Enables monitoring and attestation of the boot integrity of - the instance. The attestation is performed against the - integrity policy baseline. This baseline is initially derived - from the implicitly trusted boot image when the instance is - created. Enabled by default. - - !ruby/object:Api::Type::NestedObject - name: "acceleratorConfig" - description: | - The Compute Engine accelerator configuration for this runtime. - properties: - - !ruby/object:Api::Type::String - name: "type" - description: | - Accelerator model. For valid values, see - `https://cloud.google.com/vertex-ai/docs/workbench/reference/ - rest/v1/projects.locations.runtimes#AcceleratorType` - - !ruby/object:Api::Type::Integer - name: "coreCount" - description: | - Count of cores of this accelerator. - - !ruby/object:Api::Type::String - name: "network" - description: | - The Compute Engine network to be used for machine communications. - Cannot be specified with subnetwork. If neither `network` nor - `subnet` is specified, the "default" network of the project is - used, if it exists. A full URL or partial URI. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/ - regions/global/default` - * `projects/[project_id]/regions/global/default` - Runtimes are managed resources inside Google Infrastructure. - Runtimes support the following network configurations: - * Google Managed Network (Network & subnet are empty) - * Consumer Project VPC (network & subnet are required). Requires - configuring Private Service Access. - * Shared VPC (network & subnet are required). Requires - configuring Private Service Access. - input: true - - !ruby/object:Api::Type::String - name: "subnet" - description: | - The Compute Engine subnetwork to be used for machine - communications. Cannot be specified with network. A full URL or - partial URI are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/ - regions/us-east1/subnetworks/sub0` - * `projects/[project_id]/regions/us-east1/subnetworks/sub0` - input: true - - !ruby/object:Api::Type::Boolean - name: "internalIpOnly" - description: | - If true, runtime will only have internal IP addresses. By default, - runtimes are not restricted to internal IP addresses, and will - have ephemeral external IP addresses assigned to each vm. This - `internal_ip_only` restriction can only be enabled for subnetwork - enabled networks, and all dependencies must be configured to be - accessible without external IP addresses. - input: true - - !ruby/object:Api::Type::Array - name: "tags" - description: | - The Compute Engine tags to add to runtime (see [Tagging instances] - (https://cloud.google.com/compute/docs/ - label-or-tag-resources#tags)). - item_type: Api::Type::String - - !ruby/object:Api::Type::KeyValuePairs - name: "guestAttributes" - description: | - The Compute Engine guest attributes. (see [Project and instance - guest attributes](https://cloud.google.com/compute/docs/ - storing-retrieving-metadata#guest_attributes)). - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: "metadata" - description: | - The Compute Engine metadata entries to add to virtual machine. - (see [Project and instance metadata](https://cloud.google.com - /compute/docs/storing-retrieving-metadata#project_and_instance - _metadata)). - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: | - The labels to associate with this runtime. Label **keys** must - contain 1 to 63 characters, and must conform to [RFC 1035] - (https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be - empty, but, if present, must contain 1 to 63 characters, and must - conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No - more than 32 labels can be associated with a cluster. - - !ruby/object:Api::Type::Enum - name: "nicType" - description: | - The type of vNIC to be used on this interface. This may be gVNIC - or VirtioNet. - input: true - values: - - UNSPECIFIED_NIC_TYPE - - VIRTIO_NET - - GVNIC - - !ruby/object:Api::Type::String - name: "reservedIpRange" - description: | - Reserved IP Range name is used for VPC Peering. The - subnetwork allocation will use the range *name* if it's assigned. - input: true - - !ruby/object:Api::Type::Enum - name: 'state' - values: - - STATE_UNSPECIFIED - - STARTING - - PROVISIONING - - ACTIVE - - STOPPING - - STOPPED - - DELETING - - UPGRADING - - INITIALIZING - description: | - The state of this runtime. - output: true - - !ruby/object:Api::Type::String - name: 'healthState' - description: | - The health state of this runtime. For a list of possible output - values, see `https://cloud.google.com/vertex-ai/docs/workbench/ - reference/rest/v1/projects.locations.runtimes#healthstate`. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'accessConfig' - description: | - The config settings for accessing runtime. - properties: - - !ruby/object:Api::Type::String - name: 'accessType' - description: | - The type of access mode this instance. For valid values, see - `https://cloud.google.com/vertex-ai/docs/workbench/reference/ - rest/v1/projects.locations.runtimes#RuntimeAccessType`. - - !ruby/object:Api::Type::String - name: 'runtimeOwner' - description: | - The owner of this runtime after creation. Format: `alias@example.com`. - Currently supports one owner only. - - !ruby/object:Api::Type::String - name: 'proxyUri' - description: | - The proxy endpoint that is used to access the runtime. - output: true - - !ruby/object:Api::Type::NestedObject - name: "softwareConfig" - description: | - The config settings for software inside the runtime. - properties: - - !ruby/object:Api::Type::String - name: "notebookUpgradeSchedule" - description: | - Cron expression in UTC timezone for schedule instance auto upgrade. - Please follow the [cron format](https://en.wikipedia.org/wiki/Cron). - - !ruby/object:Api::Type::Boolean - name: "enableHealthMonitoring" - description: | - Verifies core internal services are running. Default: True. - default_value: true - - !ruby/object:Api::Type::Boolean - name: "idleShutdown" - description: | - Runtime will automatically shutdown after idle_shutdown_time. - Default: True - default_value: true - - !ruby/object:Api::Type::Integer - name: "idleShutdownTimeout" - description: | - Time in minutes to wait before shuting down runtime. - Default: 180 minutes - - !ruby/object:Api::Type::Boolean - name: "installGpuDriver" - description: | - Install Nvidia Driver automatically. - - !ruby/object:Api::Type::Boolean - name: "upgradeable" - output: true - description: | - Bool indicating whether an newer image is available in an image family. - - !ruby/object:Api::Type::String - name: "customGpuDriverPath" - description: | - Specify a custom Cloud Storage path where the GPU driver is stored. - If not specified, we'll automatically choose from official GPU drivers. - - !ruby/object:Api::Type::String - name: "postStartupScript" - description: | - Path to a Bash script that automatically runs after a notebook instance - fully boots up. The path must be a URL or - Cloud Storage path (gs://path-to-file/file-name). - - !ruby/object:Api::Type::Enum - name: 'postStartupScriptBehavior' - values: - - POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED - - RUN_EVERY_START - - DOWNLOAD_AND_RUN_EVERY_START - description: | - Behavior for the post startup script. - - !ruby/object:Api::Type::Array - name: 'kernels' - description: | - Use a list of container images to use as Kernels in the notebook instance. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'repository' - description: | - The path to the container image repository. - For example: gcr.io/{project_id}/{imageName} - required: true - - !ruby/object:Api::Type::String - name: 'tag' - description: | - The tag of the container image. If not specified, this defaults to the latest tag. - - !ruby/object:Api::Type::NestedObject - name: "metrics" - description: | - Contains Runtime daemon metrics such as Service status and JupyterLab - status - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: "systemMetrics" - description: | - Contains runtime daemon metrics, such as OS and kernels and - sessions stats. - output: true - output: true - # Compute Zone (Location) - - !ruby/object:Api::Resource - name: 'Location' - kind: 'compute#zone' - base_url: projects/{{project}}/locations - collection_url_key: 'items' - has_self_link: true - readonly: true - description: 'Represents a Location resource.' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the Location resource.' diff --git a/mmv1/products/notebooks/product.yaml b/mmv1/products/notebooks/product.yaml new file mode 100644 index 000000000000..a90417a68f30 --- /dev/null +++ b/mmv1/products/notebooks/product.yaml @@ -0,0 +1,50 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Notebooks +display_name: Cloud AI Notebooks +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://notebooks.googleapis.com/v1/ + # Notebooks has an old beta API but since Beatrix, features + # features are only in V1 with some changes to Spanner which + # makes backporting to v1beta1 challenging. In case, users + # decided to use beta, we use v1 as the API reference. + - !ruby/object:Api::Product::Version + name: beta + base_url: https://notebooks.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Notebooks API + url: https://console.cloud.google.com/apis/api/notebooks.googleapis.com +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/orgpolicy/CustomConstraint.yaml b/mmv1/products/orgpolicy/CustomConstraint.yaml new file mode 100644 index 000000000000..07ad17d7e6d3 --- /dev/null +++ b/mmv1/products/orgpolicy/CustomConstraint.yaml @@ -0,0 +1,85 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CustomConstraint' +self_link: '{{parent}}/customConstraints/{{name}}' +base_url: '{{parent}}/customConstraints' +update_verb: :PATCH +min_version: beta +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints' + 'Supported Services': + 'https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services' + api: 'https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.constraints' +description: | + Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies. +parameters: + - !ruby/object:Api::Type::String + name: parent + description: | + The parent of the resource, an organization. Format should be `organizations/{organization_id}`. + immutable: true + url_param_only: true + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Immutable. The name of the custom constraint. This is unique within the organization. + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + A human-friendly name for the constraint. + - !ruby/object:Api::Type::String + name: 'description' + description: | + A human-friendly description of the constraint to display as an error message when the policy is violated. + - !ruby/object:Api::Type::String + name: 'condition' + required: true + description: | + A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + - !ruby/object:Api::Type::Enum + name: 'actionType' + required: true + description: | + The action to take if the condition is met. + values: + - :ALLOW + - :DENY + - !ruby/object:Api::Type::Array + name: 'methodTypes' + min_size: 1 + required: true + description: | + A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'resourceTypes' + immutable: true + min_size: 1 + required: true + description: | + Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Output only. The timestamp representing when the constraint was last updated. + diff --git a/mmv1/products/orgpolicy/api.yaml b/mmv1/products/orgpolicy/api.yaml deleted file mode 100644 index 5ab7d84390e1..000000000000 --- a/mmv1/products/orgpolicy/api.yaml +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: OrgPolicy -display_name: Organization Policy -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://orgpolicy.googleapis.com/v2/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Organization Policy API - url: https://console.cloud.google.com/apis/api/orgpolicy.googleapis.com/overview -objects: - - !ruby/object:Api::Resource - name: 'CustomConstraint' - self_link: '{{parent}}/customConstraints/{{name}}' - base_url: '{{parent}}/customConstraints' - update_verb: :PATCH - min_version: beta - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints' - 'Supported Services': - 'https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services' - api: 'https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.constraints' - description: | - Custom constraints are created by administrators to provide more granular and customizable control over the specific fields that are restricted by your organization policies. - parameters: - - !ruby/object:Api::Type::String - name: parent - description: | - The parent of the resource, an organization. Format should be `organizations/{organization_id}`. - input: true - url_param_only: true - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Immutable. The name of the custom constraint. This is unique within the organization. - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - A human-friendly name for the constraint. - - !ruby/object:Api::Type::String - name: 'description' - description: | - A human-friendly description of the constraint to display as an error message when the policy is violated. - - !ruby/object:Api::Type::String - name: 'condition' - required: true - description: | - A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). - - !ruby/object:Api::Type::Enum - name: 'actionType' - required: true - description: | - The action to take if the condition is met. - values: - - :ALLOW - - :DENY - - !ruby/object:Api::Type::Array - name: 'methodTypes' - min_size: 1 - required: true - description: | - A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'resourceTypes' - input: true - min_size: 1 - required: true - description: | - Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - Output only. The timestamp representing when the constraint was last updated. diff --git a/mmv1/products/orgpolicy/product.yaml b/mmv1/products/orgpolicy/product.yaml new file mode 100644 index 000000000000..e3583fb8a0fb --- /dev/null +++ b/mmv1/products/orgpolicy/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: OrgPolicy +display_name: Organization Policy +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://orgpolicy.googleapis.com/v2/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Organization Policy API + url: https://console.cloud.google.com/apis/api/orgpolicy.googleapis.com/overview diff --git a/mmv1/products/osconfig/GuestPolicies.yaml b/mmv1/products/osconfig/GuestPolicies.yaml new file mode 100644 index 000000000000..4ec77acbc3eb --- /dev/null +++ b/mmv1/products/osconfig/GuestPolicies.yaml @@ -0,0 +1,717 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'GuestPolicies' +base_url: "projects/{{project}}/guestPolicies" +create_url: "projects/{{project}}/guestPolicies?guestPolicyId={{guest_policy_id}}" +update_verb: :PATCH +self_link: "projects/{{project}}/guestPolicies/{{guest_policy_id}}" +min_version: beta +identity: + - guestPolicyId +description: | + An OS Config resource representing a guest configuration policy. These policies represent + the desired state for VM instance guest environments including packages to install or remove, + package repository configurations, and software to install. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/os-config-management' + api: 'https://cloud.google.com/compute/docs/osconfig/rest' +parameters: + - !ruby/object:Api::Type::String + name: 'guestPolicyId' + description: | + The logical name of the guest policy in the project with the following restrictions: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Unique name of the resource in this project using one of the following forms: projects/{project_number}/guestPolicies/{guestPolicyId}. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the guest policy. Length of the description is limited to 1024 characters. + - !ruby/object:Api::Type::NestedObject + name: 'assignment' + required: true + description: | + Specifies the VM instances that are assigned to this policy. This allows you to target sets + or groups of VM instances by different parameters such as labels, names, OS, or zones. + If left empty, all VM instances underneath this policy are targeted. + At the same level in the resource hierarchy (that is within a project), the service prevents + the creation of multiple policies that conflict with each other. + For more information, see how the service + [handles assignment conflicts](https://cloud.google.com/compute/docs/os-config-management/create-guest-policy#handle-conflicts). + properties: + - !ruby/object:Api::Type::Array + name: 'groupLabels' + at_least_one_of: + - assignment.0.group_labels + - assignment.0.zones + - assignment.0.instances + - assignment.0.instance_name_prefixes + - assignment.0.os_types + description: | + Targets instances matching at least one of these label sets. This allows an assignment to target disparate groups, + for example "env=prod or env=staging". + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + required: true + description: | + Google Compute Engine instance labels that must be present for an instance to be included in this assignment group. + - !ruby/object:Api::Type::Array + name: 'zones' + at_least_one_of: + - assignment.0.group_labels + - assignment.0.zones + - assignment.0.instances + - assignment.0.instance_name_prefixes + - assignment.0.os_types + description: | + Targets instances in any of these zones. Leave empty to target instances in any zone. + Zonal targeting is uncommon and is supported to facilitate the management of changes by zone. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'instances' + at_least_one_of: + - assignment.0.group_labels + - assignment.0.zones + - assignment.0.instances + - assignment.0.instance_name_prefixes + - assignment.0.os_types + description: | + Targets any of the instances specified. Instances are specified by their URI in the form + zones/[ZONE]/instances/[INSTANCE_NAME]. + Instance targeting is uncommon and is supported to facilitate the management of changes + by the instance or to target specific VM instances for development and testing. + Only supported for project-level policies and must reference instances within this project. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'instanceNamePrefixes' + at_least_one_of: + - assignment.0.group_labels + - assignment.0.zones + - assignment.0.instances + - assignment.0.instance_name_prefixes + - assignment.0.os_types + description: | + Targets VM instances whose name starts with one of these prefixes. + Like labels, this is another way to group VM instances when targeting configs, + for example prefix="prod-". + Only supported for project-level policies. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'osTypes' + at_least_one_of: + - assignment.0.group_labels + - assignment.0.zones + - assignment.0.instances + - assignment.0.instance_name_prefixes + - assignment.0.os_types + description: | + Targets VM instances matching at least one of the following OS types. + VM instances must match all supplied criteria for a given OsType to be included. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'osShortName' + description: | + Targets VM instances with OS Inventory enabled and having the following OS short name, for example "debian" or "windows". + - !ruby/object:Api::Type::String + name: 'osVersion' + description: | + Targets VM instances with OS Inventory enabled and having the following following OS version. + - !ruby/object:Api::Type::String + name: 'osArchitecture' + description: | + Targets VM instances with OS Inventory enabled and having the following OS architecture. + - !ruby/object:Api::Type::Array + name: 'packages' + description: | + The software packages to be managed by this policy. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the package. A package is uniquely identified for conflict validation + by checking the package name and the manager(s) that the package targets. + required: true + - !ruby/object:Api::Type::Enum + name: 'desiredState' + description: | + The desiredState the agent should maintain for this package. The default is to ensure the package is installed. + values: + - :INSTALLED + - :UPDATED + - :REMOVED + - !ruby/object:Api::Type::Enum + name: 'manager' + description: | + Type of package manager that can be used to install this package. If a system does not have the package manager, + the package is not installed or removed no error message is returned. By default, or if you specify ANY, + the agent attempts to install and remove this package using the default package manager. + This is useful when creating a policy that applies to different types of systems. + The default behavior is ANY. + default_value: :ANY + values: + - :ANY + - :APT + - :YUM + - :ZYPPER + - :GOO + - !ruby/object:Api::Type::Array + name: 'packageRepositories' + description: | + A list of package repositories to configure on the VM instance. + This is done before any other configs are applied so they can use these repos. + Package repositories are only configured if the corresponding package manager(s) are available. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'apt' + description: | + An Apt Repository. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::Enum + name: 'archiveType' + description: | + Type of archive files in this repository. The default behavior is DEB. + default_value: :DEB + values: + - :DEB + - :DEB_SRC + - !ruby/object:Api::Type::String + name: 'uri' + description: | + URI for this repository. + required: true + - !ruby/object:Api::Type::String + name: 'distribution' + description: | + Distribution of this repository. + required: true + - !ruby/object:Api::Type::Array + name: 'components' + description: | + List of components for this repository. Must contain at least one item. + required: true + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'gpgKey' + description: | + URI of the key file for this repository. The agent maintains a keyring at + /etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg containing all the keys in any applied guest policy. + - !ruby/object:Api::Type::NestedObject + name: 'yum' + description: | + A Yum Repository. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'id' + description: | + A one word, unique name for this repository. This is the repo id in the Yum config file and also the displayName + if displayName is omitted. This id is also used as the unique identifier when checking for guest policy conflicts. + required: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The display name of the repository. + - !ruby/object:Api::Type::String + name: 'baseUrl' + description: | + The location of the repository directory. + required: true + - !ruby/object:Api::Type::Array + name: 'gpgKeys' + description: | + URIs of GPG keys. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'zypper' + description: | + A Zypper Repository. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'id' + description: | + A one word, unique name for this repository. This is the repo id in the zypper config file and also the displayName + if displayName is omitted. This id is also used as the unique identifier when checking for guest policy conflicts. + required: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The display name of the repository. + - !ruby/object:Api::Type::String + name: 'baseUrl' + description: | + The location of the repository directory. + required: true + - !ruby/object:Api::Type::Array + name: 'gpgKeys' + description: | + URIs of GPG keys. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'goo' + description: | + A Goo Repository. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the repository. + required: true + - !ruby/object:Api::Type::String + name: 'url' + description: | + The url of the repository. + required: true + - !ruby/object:Api::Type::Array + name: 'recipes' + description: | + A list of Recipes to install on the VM instance. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Unique identifier for the recipe. Only one recipe with a given name is installed on an instance. + Names are also used to identify resources which helps to determine whether guest policies have conflicts. + This means that requests to create multiple recipes with the same name and version are rejected since they + could potentially have conflicting assignments. + required: true + - !ruby/object:Api::Type::String + name: 'version' + description: | + The version of this software recipe. Version can be up to 4 period separated numbers (e.g. 12.34.56.78). + - !ruby/object:Api::Type::Array + name: 'artifacts' + description: | + Resources available to be used in the steps in the recipe. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'id' + description: | + Id of the artifact, which the installation and update steps of this recipe can reference. + Artifacts in a recipe cannot have the same id. + required: true + - !ruby/object:Api::Type::Boolean + name: 'allowInsecure' + description: | + Defaults to false. When false, recipes are subject to validations based on the artifact type: + Remote: A checksum must be specified, and only protocols with transport-layer security are permitted. + GCS: An object generation number must be specified. + default_value: false + - !ruby/object:Api::Type::NestedObject + name: 'remote' + description: | + A generic remote artifact. + # TODO (mbang): add conflicts_with when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'uri' + description: | + URI from which to fetch the object. It should contain both the protocol and path following the format {protocol}://{location}. + - !ruby/object:Api::Type::String + name: 'checkSum' + description: | + Must be provided if allowInsecure is false. SHA256 checksum in hex format, to compare to the checksum of the artifact. + If the checksum is not empty and it doesn't match the artifact then the recipe installation fails before running any + of the steps. + - !ruby/object:Api::Type::NestedObject + name: 'gcs' + description: | + A Google Cloud Storage artifact. + # TODO (mbang): add conflicts_with when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + description: | + Bucket of the Google Cloud Storage object. Given an example URL: https://storage.googleapis.com/my-bucket/foo/bar#1234567 + this value would be my-bucket. + - !ruby/object:Api::Type::String + name: 'object' + description: | + Name of the Google Cloud Storage object. Given an example URL: https://storage.googleapis.com/my-bucket/foo/bar#1234567 + this value would be foo/bar. + - !ruby/object:Api::Type::Integer + name: 'generation' + description: | + Must be provided if allowInsecure is false. Generation number of the Google Cloud Storage object. + https://storage.googleapis.com/my-bucket/foo/bar#1234567 this value would be 1234567. + - !ruby/object:Api::Type::Array + name: 'installSteps' + description: | + Actions to be taken for installing this recipe. On failure it stops executing steps and does not attempt another installation. + Any steps taken (including partially completed steps) are not rolled back. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fileCopy' + description: | + Copies a file onto the instance. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::String + name: 'destination' + description: | + The absolute path on the instance to put the file. + required: true + - !ruby/object:Api::Type::Boolean + name: 'overwrite' + description: | + Whether to allow this step to overwrite existing files.If this is false and the file already exists the file + is not overwritten and the step is considered a success. Defaults to false. + default_value: false + - !ruby/object:Api::Type::String + name: 'permissions' + description: | + Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users + for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit + number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default behavior is 755. + + Below are some examples of permissions and their associated values: + read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4 + - !ruby/object:Api::Type::NestedObject + name: 'archiveExtraction' + description: | + Extracts an archive into the specified directory. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::String + name: 'destination' + description: | + Directory to extract archive to. Defaults to / on Linux or C:\ on Windows. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + The type of the archive to extract. + required: true + values: + - :TAR + - :TAR_GZIP + - :TAR_BZIP + - :TAR_LZMA + - :TAR_XZ + - :ZIP + - !ruby/object:Api::Type::NestedObject + name: 'msiInstallation' + description: | + Installs an MSI file. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::Array + name: 'flags' + description: | + The flags to use when installing the MSI. Defaults to the install flag. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowedExitCodes' + description: | + Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] + item_type: Api::Type::Integer + - !ruby/object:Api::Type::NestedObject + name: 'dpkgInstallation' + description: | + Installs a deb file via dpkg. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'rpmInstallation' + description: | + Installs an rpm file via the rpm utility. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'fileExec' + description: | + Executes an artifact or local file. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::Array + name: 'args' + description: | + Arguments to be passed to the provided executable. + item_type: Api::Type::String + - !ruby/object:Api::Type::String + name: 'allowedExitCodes' + description: | + A list of possible return values that the program can return to indicate a success. Defaults to [0]. + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + - !ruby/object:Api::Type::String + name: 'localPath' + description: | + The absolute path of the file on the local filesystem. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + - !ruby/object:Api::Type::NestedObject + name: 'scriptRun' + description: | + Runs commands in a shell. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'script' + description: | + The shell script to be executed. + required: true + - !ruby/object:Api::Type::Array + name: 'allowedExitCodes' + description: | + Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] + item_type: Api::Type::Integer + - !ruby/object:Api::Type::Enum + name: 'interpreter' + description: | + The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, + which likely only succeed for scripts with shebang lines. + values: + - :SHELL + - :POWERSHELL + - !ruby/object:Api::Type::Array + name: 'updateSteps' + description: | + Actions to be taken for updating this recipe. On failure it stops executing steps and does not attempt another update for this recipe. + Any steps taken (including partially completed steps) are not rolled back. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'fileCopy' + description: | + Copies a file onto the instance. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::String + name: 'destination' + description: | + The absolute path on the instance to put the file. + required: true + - !ruby/object:Api::Type::Boolean + name: 'overwrite' + description: | + Whether to allow this step to overwrite existing files.If this is false and the file already exists the file + is not overwritten and the step is considered a success. Defaults to false. + default_value: false + - !ruby/object:Api::Type::String + name: 'permissions' + description: | + Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users + for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit + number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default behavior is 755. + + Below are some examples of permissions and their associated values: + read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4 + - !ruby/object:Api::Type::NestedObject + name: 'archiveExtraction' + description: | + Extracts an archive into the specified directory. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::String + name: 'destination' + description: | + Directory to extract archive to. Defaults to / on Linux or C:\ on Windows. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + The type of the archive to extract. + required: true + values: + - :TAR + - :TAR_GZIP + - :TAR_BZIP + - :TAR_LZMA + - :TAR_XZ + - :ZIP + - !ruby/object:Api::Type::NestedObject + name: 'msiInstallation' + description: | + Installs an MSI file. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::Array + name: 'flags' + description: | + The flags to use when installing the MSI. Defaults to the install flag. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowedExitCodes' + description: | + Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] + item_type: Api::Type::Integer + - !ruby/object:Api::Type::NestedObject + name: 'dpkgInstallation' + description: | + Installs a deb file via dpkg. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'rpmInstallation' + description: | + Installs an rpm file via the rpm utility. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'fileExec' + description: | + Executes an artifact or local file. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::Array + name: 'args' + description: | + Arguments to be passed to the provided executable. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'allowedExitCodes' + description: | + A list of possible return values that the program can return to indicate a success. Defaults to [0]. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::String + name: 'artifactId' + description: | + The id of the relevant artifact in the recipe. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + - !ruby/object:Api::Type::String + name: 'localPath' + description: | + The absolute path of the file on the local filesystem. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + - !ruby/object:Api::Type::NestedObject + name: 'scriptRun' + description: | + Runs commands in a shell. + # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) + properties: + - !ruby/object:Api::Type::String + name: 'script' + description: | + The shell script to be executed. + required: true + - !ruby/object:Api::Type::Array + name: 'allowedExitCodes' + description: | + Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] + item_type: Api::Type::Integer + - !ruby/object:Api::Type::Enum + name: 'interpreter' + description: | + The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, + which likely only succeed for scripts with shebang lines. + values: + - :SHELL + - :POWERSHELL + - !ruby/object:Api::Type::Enum + name: 'desiredState' + description: | + Default is INSTALLED. The desired state the agent should maintain for this recipe. + + INSTALLED: The software recipe is installed on the instance but won't be updated to new versions. + INSTALLED_KEEP_UPDATED: The software recipe is installed on the instance. The recipe is updated to a higher version, + if a higher version of the recipe is assigned to this instance. + REMOVE: Remove is unsupported for software recipes and attempts to create or update a recipe to the REMOVE state is rejected. + default_value: :INSTALLED + values: + - :INSTALLED + - :UPDATED + - :REMOVED + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Time this guest policy was created. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Last time this guest policy was updated. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'etag' + description: | + The etag for this guest policy. If this is provided on update, it must match the server's etag. + diff --git a/mmv1/products/osconfig/PatchDeployment.yaml b/mmv1/products/osconfig/PatchDeployment.yaml new file mode 100644 index 000000000000..02ad8d0f5c62 --- /dev/null +++ b/mmv1/products/osconfig/PatchDeployment.yaml @@ -0,0 +1,864 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'PatchDeployment' +base_url: "projects/{{project}}/patchDeployments" +create_url: "projects/{{project}}/patchDeployments?patchDeploymentId={{patch_deployment_id}}" +self_link: "{{name}}" +description: | + Patch deployments are configurations that individual patch jobs use to complete a patch. + These configurations include instance filter, package repository settings, and a schedule. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/os-patch-management' + api: 'https://cloud.google.com/compute/docs/osconfig/rest' +immutable: true +parameters: + - !ruby/object:Api::Type::String + name: 'patchDeploymentId' + description: | + A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + required: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + output: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the patch deployment. Length of the description is limited to 1024 characters. + - !ruby/object:Api::Type::NestedObject + name: 'instanceFilter' + required: true + description: | + VM instances to patch. + properties: + - !ruby/object:Api::Type::Boolean + name: 'all' + at_least_one_of: + - instance_filter.0.all + - instance_filter.0.group_labels + - instance_filter.0.zones + - instance_filter.0.instances + - instance_filter.0.instance_name_prefixes + description: | + Target all VM instances in the project. If true, no other criteria is permitted. + - !ruby/object:Api::Type::Array + name: 'groupLabels' + at_least_one_of: + - instance_filter.0.all + - instance_filter.0.group_labels + - instance_filter.0.zones + - instance_filter.0.instances + - instance_filter.0.instance_name_prefixes + description: | + Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + required: true + description: | + Compute Engine instance labels that must be present for a VM instance to be targeted by this filter + - !ruby/object:Api::Type::Array + name: 'zones' + at_least_one_of: + - instance_filter.0.all + - instance_filter.0.group_labels + - instance_filter.0.zones + - instance_filter.0.instances + - instance_filter.0.instance_name_prefixes + description: | + Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'instances' + at_least_one_of: + - instance_filter.0.all + - instance_filter.0.group_labels + - instance_filter.0.zones + - instance_filter.0.instances + - instance_filter.0.instance_name_prefixes + description: | + Targets any of the VM instances specified. Instances are specified by their URI in the `form zones/{{zone}}/instances/{{instance_name}}`, + `projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}`, or + `https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}` + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'instanceNamePrefixes' + at_least_one_of: + - instance_filter.0.all + - instance_filter.0.group_labels + - instance_filter.0.zones + - instance_filter.0.instances + - instance_filter.0.instance_name_prefixes + description: | + Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'patchConfig' + description: | + Patch configuration that is applied. + properties: + - !ruby/object:Api::Type::Boolean + name: 'migInstancesAllowed' + description: | + Allows the patch job to run on Managed instance groups (MIGs). + - !ruby/object:Api::Type::Enum + name: 'rebootConfig' + description: | + Post-patch reboot settings. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + values: + - :DEFAULT + - :ALWAYS + - :NEVER + - !ruby/object:Api::Type::NestedObject + name: 'apt' + description: | + Apt update settings. Use this setting to override the default apt patch rules. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::Enum + name: 'type' + at_least_one_of: + - patch_config.0.apt.0.type + - patch_config.0.apt.0.excludes + - patch_config.0.apt.0.exclusive_packages + description: | + By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. + values: + - :DIST + - :UPGRADE + - !ruby/object:Api::Type::Array + name: 'excludes' + at_least_one_of: + - patch_config.0.apt.0.type + - patch_config.0.apt.0.excludes + - patch_config.0.apt.0.exclusive_packages + description: | + List of packages to exclude from update. These packages will be excluded. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exclusivePackages' + at_least_one_of: + - patch_config.0.apt.0.type + - patch_config.0.apt.0.excludes + - patch_config.0.apt.0.exclusive_packages + description: | + An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'yum' + description: | + Yum update settings. Use this setting to override the default yum patch rules. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::Boolean + name: 'security' + at_least_one_of: + - patch_config.0.yum.0.security + - patch_config.0.yum.0.minimal + - patch_config.0.yum.0.excludes + - patch_config.0.yum.0.exclusive_packages + description: | + Adds the --security flag to yum update. Not supported on all platforms. + - !ruby/object:Api::Type::Boolean + name: 'minimal' + at_least_one_of: + - patch_config.0.yum.0.security + - patch_config.0.yum.0.minimal + - patch_config.0.yum.0.excludes + - patch_config.0.yum.0.exclusive_packages + description: | + Will cause patch to run yum update-minimal instead. + - !ruby/object:Api::Type::Array + name: 'excludes' + at_least_one_of: + - patch_config.0.yum.0.security + - patch_config.0.yum.0.minimal + - patch_config.0.yum.0.excludes + - patch_config.0.yum.0.exclusive_packages + description: | + List of packages to exclude from update. These packages will be excluded. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exclusivePackages' + at_least_one_of: + - patch_config.0.yum.0.security + - patch_config.0.yum.0.minimal + - patch_config.0.yum.0.excludes + - patch_config.0.yum.0.exclusive_packages + description: | + An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'goo' + description: | + goo update settings. Use this setting to override the default goo patch rules. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::Boolean + name: enabled + description: | + goo update settings. Use this setting to override the default goo patch rules. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'zypper' + description: | + zypper update settings. Use this setting to override the default zypper patch rules. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::Boolean + name: 'withOptional' + at_least_one_of: + - patch_config.0.zypper.0.withOptional + - patch_config.0.zypper.0.withUpdate + - patch_config.0.zypper.0.categories + - patch_config.0.zypper.0.severities + - patch_config.0.zypper.0.excludes + - patch_config.0.zypper.0.exclusive_patches + description: | + Adds the --with-optional flag to zypper patch. + - !ruby/object:Api::Type::Boolean + name: 'withUpdate' + at_least_one_of: + - patch_config.0.zypper.0.withOptional + - patch_config.0.zypper.0.withUpdate + - patch_config.0.zypper.0.categories + - patch_config.0.zypper.0.severities + - patch_config.0.zypper.0.excludes + - patch_config.0.zypper.0.exclusive_patches + description: | + Adds the --with-update flag, to zypper patch. + - !ruby/object:Api::Type::Array + name: 'categories' + at_least_one_of: + - patch_config.0.zypper.0.withOptional + - patch_config.0.zypper.0.withUpdate + - patch_config.0.zypper.0.categories + - patch_config.0.zypper.0.severities + - patch_config.0.zypper.0.excludes + - patch_config.0.zypper.0.exclusive_patches + description: | + Install only patches with these categories. Common categories include security, recommended, and feature. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'severities' + at_least_one_of: + - patch_config.0.zypper.0.withOptional + - patch_config.0.zypper.0.withUpdate + - patch_config.0.zypper.0.categories + - patch_config.0.zypper.0.severities + - patch_config.0.zypper.0.excludes + - patch_config.0.zypper.0.exclusive_patches + description: | + Install only patches with these severities. Common severities include critical, important, moderate, and low. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludes' + at_least_one_of: + - patch_config.0.zypper.0.withOptional + - patch_config.0.zypper.0.withUpdate + - patch_config.0.zypper.0.categories + - patch_config.0.zypper.0.severities + - patch_config.0.zypper.0.excludes + - patch_config.0.zypper.0.exclusive_patches + description: | + List of packages to exclude from update. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exclusivePatches' + at_least_one_of: + - patch_config.0.zypper.0.withOptional + - patch_config.0.zypper.0.withUpdate + - patch_config.0.zypper.0.categories + - patch_config.0.zypper.0.severities + - patch_config.0.zypper.0.excludes + - patch_config.0.zypper.0.exclusive_patches + description: | + An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'windowsUpdate' + description: | + Windows update settings. Use this setting to override the default Windows patch rules. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::Array + name: 'classifications' + exactly_one_of: + - patch_config.0.windows_update.0.classifications + - patch_config.0.windows_update.0.excludes + - patch_config.0.windows_update.0.exclusive_patches + description: | + Only apply updates of these windows update classifications. If empty, all updates are applied. + item_type: !ruby/object:Api::Type::Enum + name: 'classification' + description: 'What type of updates should we apply?' + values: + - :CRITICAL + - :SECURITY + - :DEFINITION + - :DRIVER + - :FEATURE_PACK + - :SERVICE_PACK + - :TOOL + - :UPDATE_ROLLUP + - :UPDATE + - !ruby/object:Api::Type::Array + name: 'excludes' + exactly_one_of: + - patch_config.0.windows_update.0.classifications + - patch_config.0.windows_update.0.excludes + - patch_config.0.windows_update.0.exclusive_patches + description: | + List of KBs to exclude from update. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'exclusivePatches' + exactly_one_of: + - patch_config.0.windows_update.0.classifications + - patch_config.0.windows_update.0.excludes + - patch_config.0.windows_update.0.exclusive_patches + description: | + An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'preStep' + description: | + The ExecStep to run before the patch update. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::NestedObject + name: 'linuxExecStepConfig' + at_least_one_of: + - patch_config.0.pre_step.0.linux_exec_step_config + - patch_config.0.pre_step.0.windows_exec_step_config + description: | + The ExecStepConfig for all Linux VMs targeted by the PatchJob. + properties: + - !ruby/object:Api::Type::Array + name: 'allowedSuccessCodes' + description: | + Defaults to [0]. A list of possible return values that the execution can return to indicate a success. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::Enum + name: 'interpreter' + description: | + The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. + values: + - :SHELL + - :POWERSHELL + - !ruby/object:Api::Type::String + name: 'localPath' + description: | + An absolute path to the executable on the VM. + exactly_one_of: + - patch_config.0.pre_step.0.linux_exec_step_config.0.local_path + - patch_config.0.pre_step.0.linux_exec_step_config.0.gcs_object + - !ruby/object:Api::Type::NestedObject + name: 'gcsObject' + description: | + A Cloud Storage object containing the executable. + exactly_one_of: + - patch_config.0.pre_step.0.linux_exec_step_config.0.local_path + - patch_config.0.pre_step.0.linux_exec_step_config.0.gcs_object + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + Bucket of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'object' + required: true + description: | + Name of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'generationNumber' + required: true + description: | + Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. + - !ruby/object:Api::Type::NestedObject + name: 'windowsExecStepConfig' + at_least_one_of: + - patch_config.0.pre_step.0.linux_exec_step_config + - patch_config.0.pre_step.0.windows_exec_step_config + description: | + The ExecStepConfig for all Windows VMs targeted by the PatchJob. + properties: + - !ruby/object:Api::Type::Array + name: 'allowedSuccessCodes' + description: | + Defaults to [0]. A list of possible return values that the execution can return to indicate a success. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::Enum + name: 'interpreter' + description: | + The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. + values: + - :SHELL + - :POWERSHELL + - !ruby/object:Api::Type::String + name: 'localPath' + description: | + An absolute path to the executable on the VM. + exactly_one_of: + - patch_config.0.pre_step.0.windows_exec_step_config.0.local_path + - patch_config.0.pre_step.0.windows_exec_step_config.0.gcs_object + - !ruby/object:Api::Type::NestedObject + name: 'gcsObject' + description: | + A Cloud Storage object containing the executable. + exactly_one_of: + - patch_config.0.pre_step.0.windows_exec_step_config.0.local_path + - patch_config.0.pre_step.0.windows_exec_step_config.0.gcs_object + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + Bucket of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'object' + required: true + description: | + Name of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'generationNumber' + required: true + description: | + Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. + - !ruby/object:Api::Type::NestedObject + name: 'postStep' + description: | + The ExecStep to run after the patch update. + at_least_one_of: + - patch_config.0.reboot_config + - patch_config.0.apt + - patch_config.0.yum + - patch_config.0.goo + - patch_config.0.zypper + - patch_config.0.windows_update + - patch_config.0.pre_step + - patch_config.0.post_step + properties: + - !ruby/object:Api::Type::NestedObject + name: 'linuxExecStepConfig' + at_least_one_of: + - patch_config.0.post_step.0.linux_exec_step_config + - patch_config.0.post_step.0.windows_exec_step_config + description: | + The ExecStepConfig for all Linux VMs targeted by the PatchJob. + properties: + - !ruby/object:Api::Type::Array + name: 'allowedSuccessCodes' + description: | + Defaults to [0]. A list of possible return values that the execution can return to indicate a success. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::Enum + name: 'interpreter' + description: | + The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. + values: + - :SHELL + - :POWERSHELL + - !ruby/object:Api::Type::String + name: 'localPath' + description: | + An absolute path to the executable on the VM. + exactly_one_of: + - patch_config.0.post_step.0.linux_exec_step_config.0.local_path + - patch_config.0.post_step.0.linux_exec_step_config.0.gcs_object + - !ruby/object:Api::Type::NestedObject + name: 'gcsObject' + description: | + A Cloud Storage object containing the executable. + exactly_one_of: + - patch_config.0.post_step.0.linux_exec_step_config.0.local_path + - patch_config.0.post_step.0.linux_exec_step_config.0.gcs_object + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + Bucket of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'object' + required: true + description: | + Name of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'generationNumber' + required: true + description: | + Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. + - !ruby/object:Api::Type::NestedObject + name: 'windowsExecStepConfig' + at_least_one_of: + - patch_config.0.post_step.0.linux_exec_step_config + - patch_config.0.post_step.0.windows_exec_step_config + description: | + The ExecStepConfig for all Windows VMs targeted by the PatchJob. + properties: + - !ruby/object:Api::Type::Array + name: 'allowedSuccessCodes' + description: | + Defaults to [0]. A list of possible return values that the execution can return to indicate a success. + item_type: Api::Type::Integer + - !ruby/object:Api::Type::Enum + name: 'interpreter' + description: | + The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. + values: + - :SHELL + - :POWERSHELL + - !ruby/object:Api::Type::String + name: 'localPath' + description: | + An absolute path to the executable on the VM. + exactly_one_of: + - patch_config.0.post_step.0.windows_exec_step_config.0.local_path + - patch_config.0.post_step.0.windows_exec_step_config.0.gcs_object + - !ruby/object:Api::Type::NestedObject + name: 'gcsObject' + description: | + A Cloud Storage object containing the executable. + exactly_one_of: + - patch_config.0.post_step.0.windows_exec_step_config.0.local_path + - patch_config.0.post_step.0.windows_exec_step_config.0.gcs_object + properties: + - !ruby/object:Api::Type::String + name: 'bucket' + required: true + description: | + Bucket of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'object' + required: true + description: | + Name of the Cloud Storage object. + - !ruby/object:Api::Type::String + name: 'generationNumber' + required: true + description: | + Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. + - !ruby/object:Api::Type::String + name: 'duration' + description: | + Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s" + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'lastExecuteTime' + output: true + description: | + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: 'oneTimeSchedule' + exactly_one_of: + - one_time_schedule + - recurring_schedule + description: | + Schedule a one-time execution. + properties: + - !ruby/object:Api::Type::String + name: 'executeTime' + required: true + description: | + The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: 'recurringSchedule' + exactly_one_of: + - one_time_schedule + - recurring_schedule + description: | + Schedule recurring executions. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'timeZone' + required: true + description: | + Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + - !ruby/object:Api::Type::String + name: 'id' + required: true + description: | + IANA Time Zone Database time zone, e.g. "America/New_York". + - !ruby/object:Api::Type::String + name: 'version' + description: | + IANA Time Zone Database version number, e.g. "2019a". + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'endTime' + description: | + The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: 'timeOfDay' + required: true + description: | + Time of the day to run a recurring deployment. + properties: + - !ruby/object:Api::Type::Integer + name: 'hours' + at_least_one_of: + - recurring_schedule.0.time_of_day.0.hours + - recurring_schedule.0.time_of_day.0.minutes + - recurring_schedule.0.time_of_day.0.seconds + - recurring_schedule.0.time_of_day.0.nanos + description: | + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: 'minutes' + at_least_one_of: + - recurring_schedule.0.time_of_day.0.hours + - recurring_schedule.0.time_of_day.0.minutes + - recurring_schedule.0.time_of_day.0.seconds + - recurring_schedule.0.time_of_day.0.nanos + description: | + Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: 'seconds' + at_least_one_of: + - recurring_schedule.0.time_of_day.0.hours + - recurring_schedule.0.time_of_day.0.minutes + - recurring_schedule.0.time_of_day.0.seconds + - recurring_schedule.0.time_of_day.0.nanos + description: | + Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: 'nanos' + at_least_one_of: + - recurring_schedule.0.time_of_day.0.hours + - recurring_schedule.0.time_of_day.0.minutes + - recurring_schedule.0.time_of_day.0.seconds + - recurring_schedule.0.time_of_day.0.nanos + description: | + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::Enum + name: 'frequency' + required: true + description: | + The frequency unit of this recurring schedule. + values: + - :WEEKLY + - :MONTHLY + - !ruby/object:Api::Type::String + name: 'lastExecuteTime' + output: true + description: | + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'nextExecuteTime' + output: true + description: | + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: 'weekly' + description: | + Schedule with weekly executions. + properties: + - !ruby/object:Api::Type::Enum + name: 'dayOfWeek' + required: true + description: | + IANA Time Zone Database time zone, e.g. "America/New_York". + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::NestedObject + name: 'monthly' + description: | + Schedule with monthly executions. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'weekDayOfMonth' + exactly_one_of: + - recurring_schedule.0.monthly.0.week_day_of_month + - recurring_schedule.0.monthly.0.month_day + description: | + Week day in a month. + properties: + - !ruby/object:Api::Type::Integer + name: 'weekOrdinal' + required: true + description: | + Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month. + - !ruby/object:Api::Type::Enum + name: 'dayOfWeek' + required: true + description: | + A day of the week. + values: + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::Integer + name: 'monthDay' + exactly_one_of: + - recurring_schedule.0.monthly.0.week_day_of_month + - recurring_schedule.0.monthly.0.month_day + description: | + One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + - !ruby/object:Api::Type::NestedObject + name: 'rollout' + description: | + Rollout strategy of the patch job. + properties: + - !ruby/object:Api::Type::Enum + name: 'mode' + description: | + Mode of the patch rollout. + values: + - :ZONE_BY_ZONE + - :CONCURRENT_ZONES + required: true + - !ruby/object:Api::Type::NestedObject + name: 'disruptionBudget' + description: | + The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + - !ruby/object:Api::Type::Integer + name: fixed + description: | + Specifies a fixed value. + exactly_one_of: + - rollout.0.disruption_budget.0.fixed + - rollout.0.disruption_budget.0.percentage + - !ruby/object:Api::Type::Integer + name: percentage + api_name: percent + description: | + Specifies the relative value defined as a percentage, which will be multiplied by a reference value. + exactly_one_of: + - rollout.0.disruption_budget.0.fixed + - rollout.0.disruption_budget.0.percentage + required: true diff --git a/mmv1/products/osconfig/api.yaml b/mmv1/products/osconfig/api.yaml deleted file mode 100644 index aafa16bc365c..000000000000 --- a/mmv1/products/osconfig/api.yaml +++ /dev/null @@ -1,1585 +0,0 @@ -# Copyright 2020 google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: OSConfig -display_name: OS Config -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://osconfig.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://osconfig.googleapis.com/v1beta/ -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Identity and Access Management (IAM) API - url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ -scopes: - - https://www.googleapis.com/auth/cloud-platform - - https://www.googleapis.com/auth/compute -objects: - - !ruby/object:Api::Resource - name: 'PatchDeployment' - base_url: "projects/{{project}}/patchDeployments" - create_url: "projects/{{project}}/patchDeployments?patchDeploymentId={{patch_deployment_id}}" - self_link: "{{name}}" - description: | - Patch deployments are configurations that individual patch jobs use to complete a patch. - These configurations include instance filter, package repository settings, and a schedule. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/os-patch-management' - api: 'https://cloud.google.com/compute/docs/osconfig/rest' - input: true - parameters: - - !ruby/object:Api::Type::String - name: 'patchDeploymentId' - description: | - A name for the patch deployment in the project. When creating a name the following rules apply: - * Must contain only lowercase letters, numbers, and hyphens. - * Must start with a letter. - * Must be between 1-63 characters. - * Must end with a number or a letter. - * Must be unique within the project. - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Unique name for the patch deployment resource in a project. - The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of the patch deployment. Length of the description is limited to 1024 characters. - - !ruby/object:Api::Type::NestedObject - name: 'instanceFilter' - required: true - description: | - VM instances to patch. - properties: - - !ruby/object:Api::Type::Boolean - name: 'all' - at_least_one_of: - - instance_filter.0.all - - instance_filter.0.group_labels - - instance_filter.0.zones - - instance_filter.0.instances - - instance_filter.0.instance_name_prefixes - description: | - Target all VM instances in the project. If true, no other criteria is permitted. - - !ruby/object:Api::Type::Array - name: 'groupLabels' - at_least_one_of: - - instance_filter.0.all - - instance_filter.0.group_labels - - instance_filter.0.zones - - instance_filter.0.instances - - instance_filter.0.instance_name_prefixes - description: | - Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - required: true - description: | - Compute Engine instance labels that must be present for a VM instance to be targeted by this filter - - !ruby/object:Api::Type::Array - name: 'zones' - at_least_one_of: - - instance_filter.0.all - - instance_filter.0.group_labels - - instance_filter.0.zones - - instance_filter.0.instances - - instance_filter.0.instance_name_prefixes - description: | - Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'instances' - at_least_one_of: - - instance_filter.0.all - - instance_filter.0.group_labels - - instance_filter.0.zones - - instance_filter.0.instances - - instance_filter.0.instance_name_prefixes - description: | - Targets any of the VM instances specified. Instances are specified by their URI in the `form zones/{{zone}}/instances/{{instance_name}}`, - `projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}`, or - `https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}` - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'instanceNamePrefixes' - at_least_one_of: - - instance_filter.0.all - - instance_filter.0.group_labels - - instance_filter.0.zones - - instance_filter.0.instances - - instance_filter.0.instance_name_prefixes - description: | - Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group - VMs when targeting configs, for example prefix="prod-". - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'patchConfig' - description: | - Patch configuration that is applied. - properties: - - !ruby/object:Api::Type::Boolean - name: 'migInstancesAllowed' - description: | - Allows the patch job to run on Managed instance groups (MIGs). - - !ruby/object:Api::Type::Enum - name: 'rebootConfig' - description: | - Post-patch reboot settings. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - values: - - :DEFAULT - - :ALWAYS - - :NEVER - - !ruby/object:Api::Type::NestedObject - name: 'apt' - description: | - Apt update settings. Use this setting to override the default apt patch rules. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::Enum - name: 'type' - at_least_one_of: - - patch_config.0.apt.0.type - - patch_config.0.apt.0.excludes - - patch_config.0.apt.0.exclusive_packages - description: | - By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. - values: - - :DIST - - :UPGRADE - - !ruby/object:Api::Type::Array - name: 'excludes' - at_least_one_of: - - patch_config.0.apt.0.type - - patch_config.0.apt.0.excludes - - patch_config.0.apt.0.exclusive_packages - description: | - List of packages to exclude from update. These packages will be excluded. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exclusivePackages' - at_least_one_of: - - patch_config.0.apt.0.type - - patch_config.0.apt.0.excludes - - patch_config.0.apt.0.exclusive_packages - description: | - An exclusive list of packages to be updated. These are the only packages that will be updated. - If these packages are not installed, they will be ignored. This field cannot be specified with - any other patch configuration fields. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'yum' - description: | - Yum update settings. Use this setting to override the default yum patch rules. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::Boolean - name: 'security' - at_least_one_of: - - patch_config.0.yum.0.security - - patch_config.0.yum.0.minimal - - patch_config.0.yum.0.excludes - - patch_config.0.yum.0.exclusive_packages - description: | - Adds the --security flag to yum update. Not supported on all platforms. - - !ruby/object:Api::Type::Boolean - name: 'minimal' - at_least_one_of: - - patch_config.0.yum.0.security - - patch_config.0.yum.0.minimal - - patch_config.0.yum.0.excludes - - patch_config.0.yum.0.exclusive_packages - description: | - Will cause patch to run yum update-minimal instead. - - !ruby/object:Api::Type::Array - name: 'excludes' - at_least_one_of: - - patch_config.0.yum.0.security - - patch_config.0.yum.0.minimal - - patch_config.0.yum.0.excludes - - patch_config.0.yum.0.exclusive_packages - description: | - List of packages to exclude from update. These packages will be excluded. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exclusivePackages' - at_least_one_of: - - patch_config.0.yum.0.security - - patch_config.0.yum.0.minimal - - patch_config.0.yum.0.excludes - - patch_config.0.yum.0.exclusive_packages - description: | - An exclusive list of packages to be updated. These are the only packages that will be updated. - If these packages are not installed, they will be ignored. This field cannot be specified with - any other patch configuration fields. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'goo' - description: | - goo update settings. Use this setting to override the default goo patch rules. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::Boolean - name: enabled - description: | - goo update settings. Use this setting to override the default goo patch rules. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'zypper' - description: | - zypper update settings. Use this setting to override the default zypper patch rules. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::Boolean - name: 'withOptional' - at_least_one_of: - - patch_config.0.zypper.0.withOptional - - patch_config.0.zypper.0.withUpdate - - patch_config.0.zypper.0.categories - - patch_config.0.zypper.0.severities - - patch_config.0.zypper.0.excludes - - patch_config.0.zypper.0.exclusive_patches - description: | - Adds the --with-optional flag to zypper patch. - - !ruby/object:Api::Type::Boolean - name: 'withUpdate' - at_least_one_of: - - patch_config.0.zypper.0.withOptional - - patch_config.0.zypper.0.withUpdate - - patch_config.0.zypper.0.categories - - patch_config.0.zypper.0.severities - - patch_config.0.zypper.0.excludes - - patch_config.0.zypper.0.exclusive_patches - description: | - Adds the --with-update flag, to zypper patch. - - !ruby/object:Api::Type::Array - name: 'categories' - at_least_one_of: - - patch_config.0.zypper.0.withOptional - - patch_config.0.zypper.0.withUpdate - - patch_config.0.zypper.0.categories - - patch_config.0.zypper.0.severities - - patch_config.0.zypper.0.excludes - - patch_config.0.zypper.0.exclusive_patches - description: | - Install only patches with these categories. Common categories include security, recommended, and feature. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'severities' - at_least_one_of: - - patch_config.0.zypper.0.withOptional - - patch_config.0.zypper.0.withUpdate - - patch_config.0.zypper.0.categories - - patch_config.0.zypper.0.severities - - patch_config.0.zypper.0.excludes - - patch_config.0.zypper.0.exclusive_patches - description: | - Install only patches with these severities. Common severities include critical, important, moderate, and low. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'excludes' - at_least_one_of: - - patch_config.0.zypper.0.withOptional - - patch_config.0.zypper.0.withUpdate - - patch_config.0.zypper.0.categories - - patch_config.0.zypper.0.severities - - patch_config.0.zypper.0.excludes - - patch_config.0.zypper.0.exclusive_patches - description: | - List of packages to exclude from update. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exclusivePatches' - at_least_one_of: - - patch_config.0.zypper.0.withOptional - - patch_config.0.zypper.0.withUpdate - - patch_config.0.zypper.0.categories - - patch_config.0.zypper.0.severities - - patch_config.0.zypper.0.excludes - - patch_config.0.zypper.0.exclusive_patches - description: | - An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. - This field must not be used with any other patch configuration fields. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'windowsUpdate' - description: | - Windows update settings. Use this setting to override the default Windows patch rules. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::Array - name: 'classifications' - exactly_one_of: - - patch_config.0.windows_update.0.classifications - - patch_config.0.windows_update.0.excludes - - patch_config.0.windows_update.0.exclusive_patches - description: | - Only apply updates of these windows update classifications. If empty, all updates are applied. - item_type: !ruby/object:Api::Type::Enum - name: 'classification' - description: 'What type of updates should we apply?' - values: - - :CRITICAL - - :SECURITY - - :DEFINITION - - :DRIVER - - :FEATURE_PACK - - :SERVICE_PACK - - :TOOL - - :UPDATE_ROLLUP - - :UPDATE - - !ruby/object:Api::Type::Array - name: 'excludes' - exactly_one_of: - - patch_config.0.windows_update.0.classifications - - patch_config.0.windows_update.0.excludes - - patch_config.0.windows_update.0.exclusive_patches - description: | - List of KBs to exclude from update. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'exclusivePatches' - exactly_one_of: - - patch_config.0.windows_update.0.classifications - - patch_config.0.windows_update.0.excludes - - patch_config.0.windows_update.0.exclusive_patches - description: | - An exclusive list of kbs to be updated. These are the only patches that will be updated. - This field must not be used with other patch configurations. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'preStep' - description: | - The ExecStep to run before the patch update. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::NestedObject - name: 'linuxExecStepConfig' - at_least_one_of: - - patch_config.0.pre_step.0.linux_exec_step_config - - patch_config.0.pre_step.0.windows_exec_step_config - description: | - The ExecStepConfig for all Linux VMs targeted by the PatchJob. - properties: - - !ruby/object:Api::Type::Array - name: 'allowedSuccessCodes' - description: | - Defaults to [0]. A list of possible return values that the execution can return to indicate a success. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::Enum - name: 'interpreter' - description: | - The script interpreter to use to run the script. If no interpreter is specified the script will - be executed directly, which will likely only succeed for scripts with shebang lines. - values: - - :SHELL - - :POWERSHELL - - !ruby/object:Api::Type::String - name: 'localPath' - description: | - An absolute path to the executable on the VM. - exactly_one_of: - - patch_config.0.pre_step.0.linux_exec_step_config.0.local_path - - patch_config.0.pre_step.0.linux_exec_step_config.0.gcs_object - - !ruby/object:Api::Type::NestedObject - name: 'gcsObject' - description: | - A Cloud Storage object containing the executable. - exactly_one_of: - - patch_config.0.pre_step.0.linux_exec_step_config.0.local_path - - patch_config.0.pre_step.0.linux_exec_step_config.0.gcs_object - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - required: true - description: | - Bucket of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'object' - required: true - description: | - Name of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'generationNumber' - required: true - description: | - Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. - - !ruby/object:Api::Type::NestedObject - name: 'windowsExecStepConfig' - at_least_one_of: - - patch_config.0.pre_step.0.linux_exec_step_config - - patch_config.0.pre_step.0.windows_exec_step_config - description: | - The ExecStepConfig for all Windows VMs targeted by the PatchJob. - properties: - - !ruby/object:Api::Type::Array - name: 'allowedSuccessCodes' - description: | - Defaults to [0]. A list of possible return values that the execution can return to indicate a success. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::Enum - name: 'interpreter' - description: | - The script interpreter to use to run the script. If no interpreter is specified the script will - be executed directly, which will likely only succeed for scripts with shebang lines. - values: - - :SHELL - - :POWERSHELL - - !ruby/object:Api::Type::String - name: 'localPath' - description: | - An absolute path to the executable on the VM. - exactly_one_of: - - patch_config.0.pre_step.0.windows_exec_step_config.0.local_path - - patch_config.0.pre_step.0.windows_exec_step_config.0.gcs_object - - !ruby/object:Api::Type::NestedObject - name: 'gcsObject' - description: | - A Cloud Storage object containing the executable. - exactly_one_of: - - patch_config.0.pre_step.0.windows_exec_step_config.0.local_path - - patch_config.0.pre_step.0.windows_exec_step_config.0.gcs_object - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - required: true - description: | - Bucket of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'object' - required: true - description: | - Name of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'generationNumber' - required: true - description: | - Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. - - !ruby/object:Api::Type::NestedObject - name: 'postStep' - description: | - The ExecStep to run after the patch update. - at_least_one_of: - - patch_config.0.reboot_config - - patch_config.0.apt - - patch_config.0.yum - - patch_config.0.goo - - patch_config.0.zypper - - patch_config.0.windows_update - - patch_config.0.pre_step - - patch_config.0.post_step - properties: - - !ruby/object:Api::Type::NestedObject - name: 'linuxExecStepConfig' - at_least_one_of: - - patch_config.0.post_step.0.linux_exec_step_config - - patch_config.0.post_step.0.windows_exec_step_config - description: | - The ExecStepConfig for all Linux VMs targeted by the PatchJob. - properties: - - !ruby/object:Api::Type::Array - name: 'allowedSuccessCodes' - description: | - Defaults to [0]. A list of possible return values that the execution can return to indicate a success. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::Enum - name: 'interpreter' - description: | - The script interpreter to use to run the script. If no interpreter is specified the script will - be executed directly, which will likely only succeed for scripts with shebang lines. - values: - - :SHELL - - :POWERSHELL - - !ruby/object:Api::Type::String - name: 'localPath' - description: | - An absolute path to the executable on the VM. - exactly_one_of: - - patch_config.0.post_step.0.linux_exec_step_config.0.local_path - - patch_config.0.post_step.0.linux_exec_step_config.0.gcs_object - - !ruby/object:Api::Type::NestedObject - name: 'gcsObject' - description: | - A Cloud Storage object containing the executable. - exactly_one_of: - - patch_config.0.post_step.0.linux_exec_step_config.0.local_path - - patch_config.0.post_step.0.linux_exec_step_config.0.gcs_object - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - required: true - description: | - Bucket of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'object' - required: true - description: | - Name of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'generationNumber' - required: true - description: | - Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. - - !ruby/object:Api::Type::NestedObject - name: 'windowsExecStepConfig' - at_least_one_of: - - patch_config.0.post_step.0.linux_exec_step_config - - patch_config.0.post_step.0.windows_exec_step_config - description: | - The ExecStepConfig for all Windows VMs targeted by the PatchJob. - properties: - - !ruby/object:Api::Type::Array - name: 'allowedSuccessCodes' - description: | - Defaults to [0]. A list of possible return values that the execution can return to indicate a success. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::Enum - name: 'interpreter' - description: | - The script interpreter to use to run the script. If no interpreter is specified the script will - be executed directly, which will likely only succeed for scripts with shebang lines. - values: - - :SHELL - - :POWERSHELL - - !ruby/object:Api::Type::String - name: 'localPath' - description: | - An absolute path to the executable on the VM. - exactly_one_of: - - patch_config.0.post_step.0.windows_exec_step_config.0.local_path - - patch_config.0.post_step.0.windows_exec_step_config.0.gcs_object - - !ruby/object:Api::Type::NestedObject - name: 'gcsObject' - description: | - A Cloud Storage object containing the executable. - exactly_one_of: - - patch_config.0.post_step.0.windows_exec_step_config.0.local_path - - patch_config.0.post_step.0.windows_exec_step_config.0.gcs_object - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - required: true - description: | - Bucket of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'object' - required: true - description: | - Name of the Cloud Storage object. - - !ruby/object:Api::Type::String - name: 'generationNumber' - required: true - description: | - Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change. - - !ruby/object:Api::Type::String - name: 'duration' - description: | - Duration of the patch. After the duration ends, the patch times out. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s" - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Time the patch deployment was created. Timestamp is in RFC3339 text format. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - Time the patch deployment was last updated. Timestamp is in RFC3339 text format. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'lastExecuteTime' - output: true - description: | - The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: 'oneTimeSchedule' - exactly_one_of: - - one_time_schedule - - recurring_schedule - description: | - Schedule a one-time execution. - properties: - - !ruby/object:Api::Type::String - name: 'executeTime' - required: true - description: | - The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: 'recurringSchedule' - exactly_one_of: - - one_time_schedule - - recurring_schedule - description: | - Schedule recurring executions. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'timeZone' - required: true - description: | - Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are - determined by the chosen time zone. - properties: - - !ruby/object:Api::Type::String - name: 'id' - required: true - description: | - IANA Time Zone Database time zone, e.g. "America/New_York". - - !ruby/object:Api::Type::String - name: 'version' - description: | - IANA Time Zone Database version number, e.g. "2019a". - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'endTime' - description: | - The end time at which a recurring patch deployment schedule is no longer active. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: 'timeOfDay' - required: true - description: | - Time of the day to run a recurring deployment. - properties: - - !ruby/object:Api::Type::Integer - name: 'hours' - at_least_one_of: - - recurring_schedule.0.time_of_day.0.hours - - recurring_schedule.0.time_of_day.0.minutes - - recurring_schedule.0.time_of_day.0.seconds - - recurring_schedule.0.time_of_day.0.nanos - description: | - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: 'minutes' - at_least_one_of: - - recurring_schedule.0.time_of_day.0.hours - - recurring_schedule.0.time_of_day.0.minutes - - recurring_schedule.0.time_of_day.0.seconds - - recurring_schedule.0.time_of_day.0.nanos - description: | - Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: 'seconds' - at_least_one_of: - - recurring_schedule.0.time_of_day.0.hours - - recurring_schedule.0.time_of_day.0.minutes - - recurring_schedule.0.time_of_day.0.seconds - - recurring_schedule.0.time_of_day.0.nanos - description: | - Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: 'nanos' - at_least_one_of: - - recurring_schedule.0.time_of_day.0.hours - - recurring_schedule.0.time_of_day.0.minutes - - recurring_schedule.0.time_of_day.0.seconds - - recurring_schedule.0.time_of_day.0.nanos - description: | - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::Enum - name: 'frequency' - required: true - description: | - The frequency unit of this recurring schedule. - values: - - :WEEKLY - - :MONTHLY - - !ruby/object:Api::Type::String - name: 'lastExecuteTime' - output: true - description: | - The time the last patch job ran successfully. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'nextExecuteTime' - output: true - description: | - The time the next patch job is scheduled to run. - A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: 'weekly' - description: | - Schedule with weekly executions. - properties: - - !ruby/object:Api::Type::Enum - name: 'dayOfWeek' - required: true - description: | - IANA Time Zone Database time zone, e.g. "America/New_York". - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::NestedObject - name: 'monthly' - description: | - Schedule with monthly executions. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'weekDayOfMonth' - exactly_one_of: - - recurring_schedule.0.monthly.0.week_day_of_month - - recurring_schedule.0.monthly.0.month_day - description: | - Week day in a month. - properties: - - !ruby/object:Api::Type::Integer - name: 'weekOrdinal' - required: true - description: | - Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month. - - !ruby/object:Api::Type::Enum - name: 'dayOfWeek' - required: true - description: | - A day of the week. - values: - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::Integer - name: 'monthDay' - exactly_one_of: - - recurring_schedule.0.monthly.0.week_day_of_month - - recurring_schedule.0.monthly.0.month_day - description: | - One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. - Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" - will not run in February, April, June, etc. - - !ruby/object:Api::Type::NestedObject - name: 'rollout' - description: | - Rollout strategy of the patch job. - properties: - - !ruby/object:Api::Type::Enum - name: 'mode' - description: | - Mode of the patch rollout. - values: - - :ZONE_BY_ZONE - - :CONCURRENT_ZONES - required: true - - !ruby/object:Api::Type::NestedObject - name: 'disruptionBudget' - description: | - The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. - During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. - A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. - For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. - For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. - properties: - - !ruby/object:Api::Type::Integer - name: fixed - description: | - Specifies a fixed value. - exactly_one_of: - - rollout.0.disruption_budget.0.fixed - - rollout.0.disruption_budget.0.percentage - - !ruby/object:Api::Type::Integer - name: percentage - api_name: percent - description: | - Specifies the relative value defined as a percentage, which will be multiplied by a reference value. - exactly_one_of: - - rollout.0.disruption_budget.0.fixed - - rollout.0.disruption_budget.0.percentage - required: true - - !ruby/object:Api::Resource - name: 'GuestPolicies' - base_url: "projects/{{project}}/guestPolicies" - create_url: "projects/{{project}}/guestPolicies?guestPolicyId={{guest_policy_id}}" - update_verb: :PATCH - self_link: "projects/{{project}}/guestPolicies/{{guest_policy_id}}" - min_version: beta - identity: - - guestPolicyId - description: | - An OS Config resource representing a guest configuration policy. These policies represent - the desired state for VM instance guest environments including packages to install or remove, - package repository configurations, and software to install. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/os-config-management' - api: 'https://cloud.google.com/compute/docs/osconfig/rest' - parameters: - - !ruby/object:Api::Type::String - name: 'guestPolicyId' - description: | - The logical name of the guest policy in the project with the following restrictions: - * Must contain only lowercase letters, numbers, and hyphens. - * Must start with a letter. - * Must be between 1-63 characters. - * Must end with a number or a letter. - * Must be unique within the project. - required: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Unique name of the resource in this project using one of the following forms: projects/{project_number}/guestPolicies/{guestPolicyId}. - output: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of the guest policy. Length of the description is limited to 1024 characters. - - !ruby/object:Api::Type::NestedObject - name: 'assignment' - required: true - description: | - Specifies the VM instances that are assigned to this policy. This allows you to target sets - or groups of VM instances by different parameters such as labels, names, OS, or zones. - If left empty, all VM instances underneath this policy are targeted. - At the same level in the resource hierarchy (that is within a project), the service prevents - the creation of multiple policies that conflict with each other. - For more information, see how the service - [handles assignment conflicts](https://cloud.google.com/compute/docs/os-config-management/create-guest-policy#handle-conflicts). - properties: - - !ruby/object:Api::Type::Array - name: 'groupLabels' - at_least_one_of: - - assignment.0.group_labels - - assignment.0.zones - - assignment.0.instances - - assignment.0.instance_name_prefixes - - assignment.0.os_types - description: | - Targets instances matching at least one of these label sets. This allows an assignment to target disparate groups, - for example "env=prod or env=staging". - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - required: true - description: | - Google Compute Engine instance labels that must be present for an instance to be included in this assignment group. - - !ruby/object:Api::Type::Array - name: 'zones' - at_least_one_of: - - assignment.0.group_labels - - assignment.0.zones - - assignment.0.instances - - assignment.0.instance_name_prefixes - - assignment.0.os_types - description: | - Targets instances in any of these zones. Leave empty to target instances in any zone. - Zonal targeting is uncommon and is supported to facilitate the management of changes by zone. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'instances' - at_least_one_of: - - assignment.0.group_labels - - assignment.0.zones - - assignment.0.instances - - assignment.0.instance_name_prefixes - - assignment.0.os_types - description: | - Targets any of the instances specified. Instances are specified by their URI in the form - zones/[ZONE]/instances/[INSTANCE_NAME]. - Instance targeting is uncommon and is supported to facilitate the management of changes - by the instance or to target specific VM instances for development and testing. - Only supported for project-level policies and must reference instances within this project. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'instanceNamePrefixes' - at_least_one_of: - - assignment.0.group_labels - - assignment.0.zones - - assignment.0.instances - - assignment.0.instance_name_prefixes - - assignment.0.os_types - description: | - Targets VM instances whose name starts with one of these prefixes. - Like labels, this is another way to group VM instances when targeting configs, - for example prefix="prod-". - Only supported for project-level policies. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'osTypes' - at_least_one_of: - - assignment.0.group_labels - - assignment.0.zones - - assignment.0.instances - - assignment.0.instance_name_prefixes - - assignment.0.os_types - description: | - Targets VM instances matching at least one of the following OS types. - VM instances must match all supplied criteria for a given OsType to be included. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'osShortName' - description: | - Targets VM instances with OS Inventory enabled and having the following OS short name, for example "debian" or "windows". - - !ruby/object:Api::Type::String - name: 'osVersion' - description: | - Targets VM instances with OS Inventory enabled and having the following following OS version. - - !ruby/object:Api::Type::String - name: 'osArchitecture' - description: | - Targets VM instances with OS Inventory enabled and having the following OS architecture. - - !ruby/object:Api::Type::Array - name: 'packages' - description: | - The software packages to be managed by this policy. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the package. A package is uniquely identified for conflict validation - by checking the package name and the manager(s) that the package targets. - required: true - - !ruby/object:Api::Type::Enum - name: 'desiredState' - description: | - The desiredState the agent should maintain for this package. The default is to ensure the package is installed. - values: - - :INSTALLED - - :UPDATED - - :REMOVED - - !ruby/object:Api::Type::Enum - name: 'manager' - description: | - Type of package manager that can be used to install this package. If a system does not have the package manager, - the package is not installed or removed no error message is returned. By default, or if you specify ANY, - the agent attempts to install and remove this package using the default package manager. - This is useful when creating a policy that applies to different types of systems. - The default behavior is ANY. - default_value: :ANY - values: - - :ANY - - :APT - - :YUM - - :ZYPPER - - :GOO - - !ruby/object:Api::Type::Array - name: 'packageRepositories' - description: | - A list of package repositories to configure on the VM instance. - This is done before any other configs are applied so they can use these repos. - Package repositories are only configured if the corresponding package manager(s) are available. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'apt' - description: | - An Apt Repository. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::Enum - name: 'archiveType' - description: | - Type of archive files in this repository. The default behavior is DEB. - default_value: :DEB - values: - - :DEB - - :DEB_SRC - - !ruby/object:Api::Type::String - name: 'uri' - description: | - URI for this repository. - required: true - - !ruby/object:Api::Type::String - name: 'distribution' - description: | - Distribution of this repository. - required: true - - !ruby/object:Api::Type::Array - name: 'components' - description: | - List of components for this repository. Must contain at least one item. - required: true - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'gpgKey' - description: | - URI of the key file for this repository. The agent maintains a keyring at - /etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg containing all the keys in any applied guest policy. - - !ruby/object:Api::Type::NestedObject - name: 'yum' - description: | - A Yum Repository. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'id' - description: | - A one word, unique name for this repository. This is the repo id in the Yum config file and also the displayName - if displayName is omitted. This id is also used as the unique identifier when checking for guest policy conflicts. - required: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The display name of the repository. - - !ruby/object:Api::Type::String - name: 'baseUrl' - description: | - The location of the repository directory. - required: true - - !ruby/object:Api::Type::Array - name: 'gpgKeys' - description: | - URIs of GPG keys. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'zypper' - description: | - A Zypper Repository. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'id' - description: | - A one word, unique name for this repository. This is the repo id in the zypper config file and also the displayName - if displayName is omitted. This id is also used as the unique identifier when checking for guest policy conflicts. - required: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The display name of the repository. - - !ruby/object:Api::Type::String - name: 'baseUrl' - description: | - The location of the repository directory. - required: true - - !ruby/object:Api::Type::Array - name: 'gpgKeys' - description: | - URIs of GPG keys. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'goo' - description: | - A Goo Repository. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the repository. - required: true - - !ruby/object:Api::Type::String - name: 'url' - description: | - The url of the repository. - required: true - - !ruby/object:Api::Type::Array - name: 'recipes' - description: | - A list of Recipes to install on the VM instance. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Unique identifier for the recipe. Only one recipe with a given name is installed on an instance. - Names are also used to identify resources which helps to determine whether guest policies have conflicts. - This means that requests to create multiple recipes with the same name and version are rejected since they - could potentially have conflicting assignments. - required: true - - !ruby/object:Api::Type::String - name: 'version' - description: | - The version of this software recipe. Version can be up to 4 period separated numbers (e.g. 12.34.56.78). - - !ruby/object:Api::Type::Array - name: 'artifacts' - description: | - Resources available to be used in the steps in the recipe. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'id' - description: | - Id of the artifact, which the installation and update steps of this recipe can reference. - Artifacts in a recipe cannot have the same id. - required: true - - !ruby/object:Api::Type::Boolean - name: 'allowInsecure' - description: | - Defaults to false. When false, recipes are subject to validations based on the artifact type: - Remote: A checksum must be specified, and only protocols with transport-layer security are permitted. - GCS: An object generation number must be specified. - default_value: false - - !ruby/object:Api::Type::NestedObject - name: 'remote' - description: | - A generic remote artifact. - # TODO (mbang): add conflicts_with when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'uri' - description: | - URI from which to fetch the object. It should contain both the protocol and path following the format {protocol}://{location}. - - !ruby/object:Api::Type::String - name: 'checkSum' - description: | - Must be provided if allowInsecure is false. SHA256 checksum in hex format, to compare to the checksum of the artifact. - If the checksum is not empty and it doesn't match the artifact then the recipe installation fails before running any - of the steps. - - !ruby/object:Api::Type::NestedObject - name: 'gcs' - description: | - A Google Cloud Storage artifact. - # TODO (mbang): add conflicts_with when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - description: | - Bucket of the Google Cloud Storage object. Given an example URL: https://storage.googleapis.com/my-bucket/foo/bar#1234567 - this value would be my-bucket. - - !ruby/object:Api::Type::String - name: 'object' - description: | - Name of the Google Cloud Storage object. Given an example URL: https://storage.googleapis.com/my-bucket/foo/bar#1234567 - this value would be foo/bar. - - !ruby/object:Api::Type::Integer - name: 'generation' - description: | - Must be provided if allowInsecure is false. Generation number of the Google Cloud Storage object. - https://storage.googleapis.com/my-bucket/foo/bar#1234567 this value would be 1234567. - - !ruby/object:Api::Type::Array - name: 'installSteps' - description: | - Actions to be taken for installing this recipe. On failure it stops executing steps and does not attempt another installation. - Any steps taken (including partially completed steps) are not rolled back. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fileCopy' - description: | - Copies a file onto the instance. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::String - name: 'destination' - description: | - The absolute path on the instance to put the file. - required: true - - !ruby/object:Api::Type::Boolean - name: 'overwrite' - description: | - Whether to allow this step to overwrite existing files.If this is false and the file already exists the file - is not overwritten and the step is considered a success. Defaults to false. - default_value: false - - !ruby/object:Api::Type::String - name: 'permissions' - description: | - Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users - for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit - number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one - bit corresponds to the execute permission. Default behavior is 755. - - Below are some examples of permissions and their associated values: - read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4 - - !ruby/object:Api::Type::NestedObject - name: 'archiveExtraction' - description: | - Extracts an archive into the specified directory. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::String - name: 'destination' - description: | - Directory to extract archive to. Defaults to / on Linux or C:\ on Windows. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - The type of the archive to extract. - required: true - values: - - :TAR - - :TAR_GZIP - - :TAR_BZIP - - :TAR_LZMA - - :TAR_XZ - - :ZIP - - !ruby/object:Api::Type::NestedObject - name: 'msiInstallation' - description: | - Installs an MSI file. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::Array - name: 'flags' - description: | - The flags to use when installing the MSI. Defaults to the install flag. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowedExitCodes' - description: | - Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] - item_type: Api::Type::Integer - - !ruby/object:Api::Type::NestedObject - name: 'dpkgInstallation' - description: | - Installs a deb file via dpkg. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'rpmInstallation' - description: | - Installs an rpm file via the rpm utility. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'fileExec' - description: | - Executes an artifact or local file. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::Array - name: 'args' - description: | - Arguments to be passed to the provided executable. - item_type: Api::Type::String - - !ruby/object:Api::Type::String - name: 'allowedExitCodes' - description: | - A list of possible return values that the program can return to indicate a success. Defaults to [0]. - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - - !ruby/object:Api::Type::String - name: 'localPath' - description: | - The absolute path of the file on the local filesystem. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - - !ruby/object:Api::Type::NestedObject - name: 'scriptRun' - description: | - Runs commands in a shell. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'script' - description: | - The shell script to be executed. - required: true - - !ruby/object:Api::Type::Array - name: 'allowedExitCodes' - description: | - Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] - item_type: Api::Type::Integer - - !ruby/object:Api::Type::Enum - name: 'interpreter' - description: | - The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, - which likely only succeed for scripts with shebang lines. - values: - - :SHELL - - :POWERSHELL - - !ruby/object:Api::Type::Array - name: 'updateSteps' - description: | - Actions to be taken for updating this recipe. On failure it stops executing steps and does not attempt another update for this recipe. - Any steps taken (including partially completed steps) are not rolled back. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'fileCopy' - description: | - Copies a file onto the instance. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::String - name: 'destination' - description: | - The absolute path on the instance to put the file. - required: true - - !ruby/object:Api::Type::Boolean - name: 'overwrite' - description: | - Whether to allow this step to overwrite existing files.If this is false and the file already exists the file - is not overwritten and the step is considered a success. Defaults to false. - default_value: false - - !ruby/object:Api::Type::String - name: 'permissions' - description: | - Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users - for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit - number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one - bit corresponds to the execute permission. Default behavior is 755. - - Below are some examples of permissions and their associated values: - read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4 - - !ruby/object:Api::Type::NestedObject - name: 'archiveExtraction' - description: | - Extracts an archive into the specified directory. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::String - name: 'destination' - description: | - Directory to extract archive to. Defaults to / on Linux or C:\ on Windows. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - The type of the archive to extract. - required: true - values: - - :TAR - - :TAR_GZIP - - :TAR_BZIP - - :TAR_LZMA - - :TAR_XZ - - :ZIP - - !ruby/object:Api::Type::NestedObject - name: 'msiInstallation' - description: | - Installs an MSI file. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::Array - name: 'flags' - description: | - The flags to use when installing the MSI. Defaults to the install flag. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowedExitCodes' - description: | - Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] - item_type: Api::Type::Integer - - !ruby/object:Api::Type::NestedObject - name: 'dpkgInstallation' - description: | - Installs a deb file via dpkg. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'rpmInstallation' - description: | - Installs an rpm file via the rpm utility. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'fileExec' - description: | - Executes an artifact or local file. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::Array - name: 'args' - description: | - Arguments to be passed to the provided executable. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'allowedExitCodes' - description: | - A list of possible return values that the program can return to indicate a success. Defaults to [0]. - item_type: Api::Type::Integer - - !ruby/object:Api::Type::String - name: 'artifactId' - description: | - The id of the relevant artifact in the recipe. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - - !ruby/object:Api::Type::String - name: 'localPath' - description: | - The absolute path of the file on the local filesystem. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - - !ruby/object:Api::Type::NestedObject - name: 'scriptRun' - description: | - Runs commands in a shell. - # TODO (mbang): add exactly_one_of when it can be applied to lists (https://github.com/hashicorp/terraform-plugin-sdk/issues/470) - properties: - - !ruby/object:Api::Type::String - name: 'script' - description: | - The shell script to be executed. - required: true - - !ruby/object:Api::Type::Array - name: 'allowedExitCodes' - description: | - Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0] - item_type: Api::Type::Integer - - !ruby/object:Api::Type::Enum - name: 'interpreter' - description: | - The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, - which likely only succeed for scripts with shebang lines. - values: - - :SHELL - - :POWERSHELL - - !ruby/object:Api::Type::Enum - name: 'desiredState' - description: | - Default is INSTALLED. The desired state the agent should maintain for this recipe. - - INSTALLED: The software recipe is installed on the instance but won't be updated to new versions. - INSTALLED_KEEP_UPDATED: The software recipe is installed on the instance. The recipe is updated to a higher version, - if a higher version of the recipe is assigned to this instance. - REMOVE: Remove is unsupported for software recipes and attempts to create or update a recipe to the REMOVE state is rejected. - default_value: :INSTALLED - values: - - :INSTALLED - - :UPDATED - - :REMOVED - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Time this guest policy was created. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - Last time this guest policy was updated. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'etag' - description: | - The etag for this guest policy. If this is provided on update, it must match the server's etag. diff --git a/mmv1/products/osconfig/product.yaml b/mmv1/products/osconfig/product.yaml new file mode 100644 index 000000000000..e922b75bfacf --- /dev/null +++ b/mmv1/products/osconfig/product.yaml @@ -0,0 +1,30 @@ +# Copyright 2020 google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: OSConfig +display_name: OS Config +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://osconfig.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://osconfig.googleapis.com/v1beta/ +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Identity and Access Management (IAM) API + url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ +scopes: + - https://www.googleapis.com/auth/cloud-platform + - https://www.googleapis.com/auth/compute diff --git a/mmv1/products/oslogin/SSHPublicKey.yaml b/mmv1/products/oslogin/SSHPublicKey.yaml new file mode 100644 index 000000000000..5c04609d666f --- /dev/null +++ b/mmv1/products/oslogin/SSHPublicKey.yaml @@ -0,0 +1,60 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SSHPublicKey' +kind: user#sshPublicKeys +base_url: "users/{{user}}/sshPublicKeys/{{fingerprint}}" +create_url: "users/{{user}}:importSshPublicKey" +create_verb: :POST +update_verb: :PATCH +description: | + The SSH public key information associated with a Google account. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/compute/docs/oslogin' + api: 'https://cloud.google.com/compute/docs/oslogin/rest/v1/users.sshPublicKeys' +update_mask: true +parameters: + - !ruby/object:Api::Type::String + name: user + description: | + The user email. + immutable: true + url_param_only: true + required: true + - !ruby/object:Api::Type::String + name: project + description: | + The project ID of the Google Cloud Platform project. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'key' + description: | + Public key text in SSH format, defined by RFC4253 section 6.6. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'expirationTimeUsec' + description: | + An expiration time in microseconds since epoch. + required: false + - !ruby/object:Api::Type::String + name: fingerprint + description: | + The SHA-256 fingerprint of the SSH public key. + output: true + diff --git a/mmv1/products/oslogin/api.yaml b/mmv1/products/oslogin/api.yaml deleted file mode 100644 index a7a92667717e..000000000000 --- a/mmv1/products/oslogin/api.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: OSLogin -display_name: OS Login -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://oslogin.googleapis.com/v1/ -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Identity and Access Management (IAM) API - url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ -scopes: - - https://www.googleapis.com/auth/cloud-platform - - https://www.googleapis.com/auth/compute -objects: - - !ruby/object:Api::Resource - name: 'SSHPublicKey' - kind: user#sshPublicKeys - base_url: "users/{{user}}/sshPublicKeys/{{fingerprint}}" - create_url: "users/{{user}}:importSshPublicKey" - create_verb: :POST - update_verb: :PATCH - description: | - The SSH public key information associated with a Google account. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/compute/docs/oslogin' - api: 'https://cloud.google.com/compute/docs/oslogin/rest/v1/users.sshPublicKeys' - update_mask: true - parameters: - - !ruby/object:Api::Type::String - name: user - description: | - The user email. - input: true - url_param_only: true - required: true - - !ruby/object:Api::Type::String - name: project - description: | - The project ID of the Google Cloud Platform project. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'key' - description: | - Public key text in SSH format, defined by RFC4253 section 6.6. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'expirationTimeUsec' - description: | - An expiration time in microseconds since epoch. - required: false - - !ruby/object:Api::Type::String - name: fingerprint - description: | - The SHA-256 fingerprint of the SSH public key. - output: true diff --git a/mmv1/products/oslogin/product.yaml b/mmv1/products/oslogin/product.yaml new file mode 100644 index 000000000000..10338ba08348 --- /dev/null +++ b/mmv1/products/oslogin/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: OSLogin +display_name: OS Login +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://oslogin.googleapis.com/v1/ +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Identity and Access Management (IAM) API + url: https://console.cloud.google.com/apis/library/iam.googleapis.com/ +scopes: + - https://www.googleapis.com/auth/cloud-platform + - https://www.googleapis.com/auth/compute diff --git a/mmv1/products/privateca/CaPool.yaml b/mmv1/products/privateca/CaPool.yaml new file mode 100644 index 000000000000..771e1d8d55f2 --- /dev/null +++ b/mmv1/products/privateca/CaPool.yaml @@ -0,0 +1,445 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CaPool' +base_url: 'projects/{{project}}/locations/{{location}}/caPools' +create_url: 'projects/{{project}}/locations/{{location}}/caPools?caPoolId={{name}}' +self_link: 'projects/{{project}}/locations/{{location}}/caPools/{{name}}' +update_verb: :PATCH +update_mask: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: | + A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage + issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the + trust anchor. +parameters: + - !ruby/object:Api::Type::String + name: location + description: | + Location of the CaPool. A full list of valid locations can be found by + running `gcloud privateca locations list`. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this CaPool. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::Enum + name: 'tier' + description: | + The Tier of this CaPool. + values: + - "ENTERPRISE" + - "DEVOPS" + immutable: true + required: true + - !ruby/object:Api::Type::NestedObject + name: 'issuancePolicy' + description: | + The IssuancePolicy to control how Certificates will be issued from this CaPool. + properties: + - !ruby/object:Api::Type::Array + name: 'allowedKeyTypes' + description: | + If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. + Otherwise, any key may be used. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'rsa' + description: | + Describes an RSA key that may be used in a Certificate issued from a CaPool. + properties: + - !ruby/object:Api::Type::String + name: 'minModulusSize' + description: | + The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the + service-level min RSA modulus size will continue to apply. + - !ruby/object:Api::Type::String + name: 'maxModulusSize' + description: | + The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the + service will not enforce an explicit upper bound on RSA modulus sizes. + - !ruby/object:Api::Type::NestedObject + name: 'ellipticCurve' + description: | + Represents an allowed Elliptic Curve key type. + properties: + - !ruby/object:Api::Type::Enum + name: 'signatureAlgorithm' + description: | + The algorithm used. + required: true + values: + - ECDSA_P256 + - ECDSA_P384 + - EDDSA_25519 + - !ruby/object:Api::Type::String + name: 'maximumLifetime' + description: | + The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it. + - !ruby/object:Api::Type::NestedObject + name: 'allowedIssuanceModes' + description: | + IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. + properties: + - !ruby/object:Api::Type::Boolean + name: 'allowCsrBasedIssuance' + required: true + description: | + When true, allows callers to create Certificates by specifying a CSR. + - !ruby/object:Api::Type::Boolean + name: 'allowConfigBasedIssuance' + required: true + description: | + When true, allows callers to create Certificates by specifying a CertificateConfig. + - !ruby/object:Api::Type::NestedObject + name: 'identityConstraints' + description: | + Describes constraints on identities that may appear in Certificates issued through this CaPool. + If this is omitted, then this CaPool will not add restrictions on a certificate's identity. + properties: + - !ruby/object:Api::Type::Boolean + name: 'allowSubjectPassthrough' + required: true + send_empty_value: true + description: | + If this is set, the Subject field may be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + - !ruby/object:Api::Type::Boolean + name: 'allowSubjectAltNamesPassthrough' + required: true + send_empty_value: true + description: | + If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + - !ruby/object:Api::Type::NestedObject + name: 'celExpression' + description: | + A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a + certificate is signed. To see the full allowed syntax and some examples, + see https://cloud.google.com/certificate-authority-service/docs/cel-guide + properties: + - !ruby/object:Api::Type::String + name: 'expression' + required: true + description: | + Textual representation of an expression in Common Expression Language syntax. + - !ruby/object:Api::Type::String + name: 'title' + description: | + Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + - !ruby/object:Api::Type::String + name: 'location' + description: | + String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + - !ruby/object:Api::Type::NestedObject + name: 'baselineValues' + description: | + A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request + includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate + issuance request will fail. + properties: + - !ruby/object:Api::Type::Array + name: 'additionalExtensions' + description: | + Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + required: true + description: | + Indicates whether or not this extension is critical (i.e., if the client does not know how to + handle this extension, the client should consider this to be an error). + - !ruby/object:Api::Type::String + name: 'value' + required: true + description: | + The value of this X.509 extension. A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'objectId' + required: true + description: | + Describes values that are relevant in a CA certificate. + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::Array + name: 'policyIds' + description: | + Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::Array + name: 'aiaOcspServers' + item_type: Api::Type::String + description: | + Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + - !ruby/object:Api::Type::NestedObject + name: 'caOptions' + required: true + description: | + Describes values that are relevant in a CA certificate. + properties: + - !ruby/object:Api::Type::Boolean + name: 'isCa' + description: | + When true, the "CA" in Basic Constraints extension will be set to true. + - !ruby/object:Api::Type::Boolean + name: 'nonCa' + url_param_only: true + description: | + When true, the "CA" in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. + - !ruby/object:Api::Type::Integer + name: 'maxIssuerPathLength' + description: | + Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. + - !ruby/object:Api::Type::Boolean + name: 'zeroMaxIssuerPathLength' + url_param_only: true + description: | + When true, the "path length constraint" in Basic Constraints extension will be set to 0. + if both `max_issuer_path_length` and `zero_max_issuer_path_length` are unset, + the max path length will be omitted from the CA certificate. + - !ruby/object:Api::Type::NestedObject + name: 'keyUsage' + required: true + description: | + Indicates the intended use for keys that correspond to a certificate. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseKeyUsage' + required: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::Boolean + name: 'digitalSignature' + description: | + The key may be used for digital signatures. + - !ruby/object:Api::Type::Boolean + name: 'contentCommitment' + description: | + The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + - !ruby/object:Api::Type::Boolean + name: 'keyEncipherment' + description: | + The key may be used to encipher other keys. + - !ruby/object:Api::Type::Boolean + name: 'dataEncipherment' + description: | + The key may be used to encipher data. + - !ruby/object:Api::Type::Boolean + name: 'keyAgreement' + description: | + The key may be used in a key agreement protocol. + - !ruby/object:Api::Type::Boolean + name: 'certSign' + description: | + The key may be used to sign certificates. + - !ruby/object:Api::Type::Boolean + name: 'crlSign' + description: | + The key may be used sign certificate revocation lists. + - !ruby/object:Api::Type::Boolean + name: 'encipherOnly' + description: | + The key may be used to encipher only. + - !ruby/object:Api::Type::Boolean + name: 'decipherOnly' + description: | + The key may be used to decipher only. + - !ruby/object:Api::Type::NestedObject + name: 'extendedKeyUsage' + required: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::Boolean + name: 'serverAuth' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. + - !ruby/object:Api::Type::Boolean + name: 'clientAuth' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. + - !ruby/object:Api::Type::Boolean + name: 'codeSigning' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". + - !ruby/object:Api::Type::Boolean + name: 'emailProtection' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". + - !ruby/object:Api::Type::Boolean + name: 'timeStamping' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". + - !ruby/object:Api::Type::Boolean + name: 'ocspSigning' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". + - !ruby/object:Api::Type::Array + name: 'unknownExtendedKeyUsages' + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::NestedObject + name: 'nameConstraints' + description: | + Describes the X.509 name constraints extension. + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + description: Indicates whether or not the name constraints are marked critical. + required: true + - !ruby/object:Api::Type::Array + name: 'permittedDnsNames' + description: | + Contains permitted DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedDnsNames' + description: | + Contains excluded DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedIpRanges' + description: | + Contains the permitted IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedIpRanges' + description: | + Contains the excluded IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedEmailAddresses' + description: | + Contains the permitted email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedEmailAddresses' + description: | + Contains the excluded email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedUris' + description: | + Contains the permitted URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedUris' + description: | + Contains the excluded URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'publishingOptions' + description: | + The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. + properties: + - !ruby/object:Api::Type::Boolean + name: 'publishCaCert' + required: true + description: | + When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" + X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + - !ruby/object:Api::Type::Boolean + name: 'publishCrl' + required: true + description: | + When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension + in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not + be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are + also rebuilt shortly after a certificate is revoked. + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: | + Labels with user-defined metadata. + + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": + "1.3kg", "count": "3" }. diff --git a/mmv1/products/privateca/Certificate.yaml b/mmv1/products/privateca/Certificate.yaml new file mode 100644 index 000000000000..79078a78a10c --- /dev/null +++ b/mmv1/products/privateca/Certificate.yaml @@ -0,0 +1,1144 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Certificate' +base_url: 'projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates' +create_url: 'projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates?certificateId={{name}}' +delete_url: 'projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}:revoke' +delete_verb: :POST +update_verb: :PATCH +update_mask: true +description: | + A Certificate corresponds to a signed X.509 certificate issued by a Certificate. +parameters: + - !ruby/object:Api::Type::String + name: location + description: | + Location of the Certificate. A full list of valid locations can be found by + running `gcloud privateca locations list`. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: certificate_authority + description: | + The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from + a Certificate Authority with resource name `projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca`, + argument `pool` should be set to `projects/my-project/locations/us-central1/caPools/my-pool`, argument `certificate_authority` + should be set to `my-ca`. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: pool + description: The name of the CaPool this Certificate belongs to. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name for this Certificate. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'issuerCertificateAuthority' + description: | + The resource name of the issuing CertificateAuthority in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + output: true + - !ruby/object:Api::Type::String + name: 'lifetime' + description: | + The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and + "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine + fractional digits, terminated by 's'. Example: "3.5s". + default_value: 315360000s # 10 years + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'revocationDetails' + description: | + Output only. Details regarding the revocation of this Certificate. This Certificate is + considered revoked if and only if this field is present. + output: true + properties: + - !ruby/object:Api::Type::Enum + name: 'revocationState' + output: true + description: | + Indicates why a Certificate was revoked. + values: + - "REVOCATION_REASON_UNSPECIFIED" + - "KEY_COMPROMISE" + - "CERTIFICATE_AUTHORITY_COMPROMISE" + - "AFFILIATION_CHANGED" + - "SUPERSEDED" + - "CESSATION_OF_OPERATION" + - "CERTIFICATE_HOLD" + - "PRIVILEGE_WITHDRAWN" + - "ATTRIBUTE_AUTHORITY_COMPROMISE" + - !ruby/object:Api::Type::String + name: 'revocationTime' + output: true + description: | + The time at which this Certificate was revoked. + - !ruby/object:Api::Type::String + name: 'pemCertificate' + output: true + description: | + Output only. The pem-encoded, signed X.509 certificate. + - !ruby/object:Api::Type::NestedObject + name: 'certificateDescription' + description: | + Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present. + output: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'subjectDescription' + output: true + description: | + Describes some of the values in a certificate that are related to the subject and lifetime. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'subject' + output: true + description: | + Contains distinguished name fields such as the location and organization. + properties: + - !ruby/object:Api::Type::String + name: 'countryCode' + output: true + description: | + The country code of the subject. + - !ruby/object:Api::Type::String + name: 'organization' + output: true + description: | + The organization of the subject. + - !ruby/object:Api::Type::String + name: 'organizationalUnit' + output: true + description: | + The organizationalUnit of the subject. + - !ruby/object:Api::Type::String + name: 'locality' + output: true + description: | + The locality or city of the subject. + - !ruby/object:Api::Type::String + name: 'province' + output: true + description: | + The province of the subject. + - !ruby/object:Api::Type::String + name: 'streetAddress' + output: true + description: | + The streetAddress or city of the subject. + - !ruby/object:Api::Type::String + name: 'postalCode' + output: true + description: | + The postalCode or city of the subject. + - !ruby/object:Api::Type::String + name: 'commonName' + output: true + description: | + The "common name" of the distinguished name. + - !ruby/object:Api::Type::NestedObject + name: 'subjectAltName' + output: true + description: | + The subject alternative name fields. + properties: + - !ruby/object:Api::Type::Array + name: 'dnsNames' + output: true + description: | + Contains only valid, fully-qualified host names. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + output: true + name: 'uris' + description: | + Contains only valid RFC 3986 URIs. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'emailAddresses' + output: true + item_type: Api::Type::String + description: | + Contains only valid RFC 2822 E-mail addresses. + - !ruby/object:Api::Type::Array + name: 'ipAddresses' + output: true + item_type: Api::Type::String + description: | + Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. + - !ruby/object:Api::Type::Array + name: 'customSans' + output: true + description: | + Contains additional subject alternative name values. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'obectId' + output: true + description: | + Describes how some of the technical fields in a certificate should be populated. + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + output: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::Boolean + name: 'critical' + output: true + description: | + Required. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). + - !ruby/object:Api::Type::String + name: 'value' + output: true + description: | + The value of this X.509 extension. + - !ruby/object:Api::Type::String + name: 'hexSerialNumber' + output: true + description: | + The serial number encoded in lowercase hexadecimal. + - !ruby/object:Api::Type::String + name: 'lifetime' + output: true + description: | + For convenience, the actual lifetime of an issued certificate. Corresponds to 'notAfterTime' - 'notBeforeTime'. + - !ruby/object:Api::Type::String + name: 'notBeforeTime' + output: true + description: | + The time at which the certificate becomes valid. + - !ruby/object:Api::Type::String + name: 'notAfterTime' + output: true + description: | + The time at which the certificate expires. + - !ruby/object:Api::Type::NestedObject + name: 'x509Description' + output: true + description: | + A structured description of the issued X.509 certificate. + properties: + - !ruby/object:Api::Type::Array + name: 'additionalExtensions' + description: | + Describes custom X.509 extensions. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + description: | + Indicates whether or not this extension is critical (i.e., if the client does not know how to + handle this extension, the client should consider this to be an error). + output: true + - !ruby/object:Api::Type::String + name: 'value' + description: | + The value of this X.509 extension. A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'objectId' + description: | + Describes values that are relevant in a CA certificate. + output: true + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + output: true + - !ruby/object:Api::Type::Array + name: 'policyIds' + description: | + Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + output: true + - !ruby/object:Api::Type::Array + name: 'aiaOcspServers' + item_type: Api::Type::String + description: | + Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'caOptions' + description: | + Describes values that are relevant in a CA certificate. + output: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'isCa' + description: | + When true, the "CA" in Basic Constraints extension will be set to true. + output: true + - !ruby/object:Api::Type::Integer + name: 'maxIssuerPathLength' + description: | + Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'keyUsage' + description: | + Indicates the intended use for keys that correspond to a certificate. + output: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseKeyUsage' + description: | + Describes high-level ways in which a key may be used. + output: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'digitalSignature' + description: | + The key may be used for digital signatures. + output: true + - !ruby/object:Api::Type::Boolean + name: 'contentCommitment' + description: | + The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + output: true + - !ruby/object:Api::Type::Boolean + name: 'keyEncipherment' + description: | + The key may be used to encipher other keys. + output: true + - !ruby/object:Api::Type::Boolean + name: 'dataEncipherment' + description: | + The key may be used to encipher data. + output: true + - !ruby/object:Api::Type::Boolean + name: 'keyAgreement' + description: | + The key may be used in a key agreement protocol. + output: true + - !ruby/object:Api::Type::Boolean + name: 'certSign' + description: | + The key may be used to sign certificates. + output: true + - !ruby/object:Api::Type::Boolean + name: 'crlSign' + description: | + The key may be used sign certificate revocation lists. + output: true + - !ruby/object:Api::Type::Boolean + name: 'encipherOnly' + description: | + The key may be used to encipher only. + output: true + - !ruby/object:Api::Type::Boolean + name: 'decipherOnly' + description: | + The key may be used to decipher only. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'extendedKeyUsage' + description: | + Describes high-level ways in which a key may be used. + output: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'serverAuth' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. + output: true + - !ruby/object:Api::Type::Boolean + name: 'clientAuth' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. + output: true + - !ruby/object:Api::Type::Boolean + name: 'codeSigning' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". + output: true + - !ruby/object:Api::Type::Boolean + name: 'emailProtection' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". + output: true + - !ruby/object:Api::Type::Boolean + name: 'timeStamping' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". + output: true + - !ruby/object:Api::Type::Boolean + name: 'ocspSigning' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". + output: true + - !ruby/object:Api::Type::Array + name: 'unknownExtendedKeyUsages' + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'nameConstraints' + description: | + Describes the X.509 name constraints extension. + output: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + description: Indicates whether or not the name constraints are marked critical. + output: true + - !ruby/object:Api::Type::Array + name: 'permittedDnsNames' + description: | + Contains permitted DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedDnsNames' + description: | + Contains excluded DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedIpRanges' + description: | + Contains the permitted IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedIpRanges' + description: | + Contains the excluded IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedEmailAddresses' + description: | + Contains the permitted email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedEmailAddresses' + description: | + Contains the excluded email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedUris' + description: | + Contains the permitted URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedUris' + description: | + Contains the excluded URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + output: true + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'configValues' + deprecation_message: Deprecated in favor of `x509_description`. + output: true + description: | + Describes some of the technical fields in a certificate. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'keyUsage' + output: true + description: | + Indicates the intended use for keys that correspond to a certificate. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseKeyUsage' + output: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'keyUsageOptions' + output: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::Boolean + name: 'digitalSignature' + output: true + description: | + The key may be used for digital signatures. + - !ruby/object:Api::Type::Boolean + name: 'contentCommitment' + output: true + description: | + The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + - !ruby/object:Api::Type::Boolean + name: 'keyEncipherment' + output: true + description: | + The key may be used to encipher other keys. + - !ruby/object:Api::Type::Boolean + name: 'dataEncipherment' + output: true + description: | + The key may be used to encipher data. + - !ruby/object:Api::Type::Boolean + name: 'keyAgreement' + output: true + description: | + The key may be used in a key agreement protocol. + - !ruby/object:Api::Type::Boolean + name: 'certSign' + output: true + description: | + The key may be used to sign certificates. + - !ruby/object:Api::Type::Boolean + name: 'crlSign' + output: true + description: | + The key may be used sign certificate revocation lists. + - !ruby/object:Api::Type::Boolean + name: 'encipherOnly' + output: true + description: | + The key may be used to encipher only. + - !ruby/object:Api::Type::Boolean + name: 'decipherOnly' + output: true + description: | + The key may be used to decipher only. + - !ruby/object:Api::Type::NestedObject + name: 'extendedKeyUsage' + output: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::Boolean + name: 'serverAuth' + output: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. + - !ruby/object:Api::Type::Boolean + name: 'clientAuth' + output: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. + - !ruby/object:Api::Type::Boolean + name: 'codeSigning' + output: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". + - !ruby/object:Api::Type::Boolean + name: 'emailProtection' + output: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". + - !ruby/object:Api::Type::Boolean + name: 'timeStamping' + output: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". + - !ruby/object:Api::Type::Boolean + name: 'ocspSigning' + output: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". + - !ruby/object:Api::Type::Array + name: 'unknownExtendedKeyUsages' + output: true + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'obectId' + output: true + description: | + Required. Describes how some of the technical fields in a certificate should be populated. + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + output: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::NestedObject + name: 'publicKey' + output: true + description: | + A PublicKey describes a public key. + properties: + - !ruby/object:Api::Type::String + name: 'key' + output: true + description: | + Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string. + - !ruby/object:Api::Type::Enum + name: 'format' + output: true + description: | + The format of the public key. Currently, only PEM format is supported. + values: + - "KEY_TYPE_UNSPECIFIED" + - "PEM" + - !ruby/object:Api::Type::NestedObject + name: 'subjectKeyId' + output: true + description: | + Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + - !ruby/object:Api::Type::String + name: 'keyId' + output: true + description: | + Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + - !ruby/object:Api::Type::NestedObject + name: 'authorityKeyId' + output: true + description: | + Identifies the subjectKeyId of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + - !ruby/object:Api::Type::String + name: 'keyId' + output: true + description: | + Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + - !ruby/object:Api::Type::Array + name: 'crlDistributionPoints' + output: true + description: | + Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'aiaIssuingCertificateUrls' + output: true + description: | + Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate. + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'certFingerprint' + output: true + description: | + The hash of the x.509 certificate. + properties: + - !ruby/object:Api::Type::String + name: 'sha256Hash' + output: true + description: | + The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate. + - !ruby/object:Api::Type::Array + name: 'pemCertificateChain' + output: true + description: | + The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246. + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'pemCertificates' + deprecation_message: Deprecated in favor of `pem_certificate_chain`. + output: true + description: | + Required. Expected to be in leaf-to-root order according to RFC 5246. + item_type: Api::Type::String + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time that this resource was created on the server. + This is in RFC3339 text format. + output: true + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: | + Output only. The time at which this CertificateAuthority was updated. + This is in RFC3339 text format. + output: true + # Note: would be a resourceref, except that CertificateTemplate is in the DCL + # and we don't have references across mmv1-dcl bridge yet. + - !ruby/object:Api::Type::String + name: 'certificateTemplate' + immutable: true + description: | + The resource name for a CertificateTemplate used to issue this certificate, + in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, + the caller must have the necessary permission to use this template. If this is + omitted, no template will be used. This template must be in the same location + as the Certificate. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels with user-defined metadata to apply to this resource. + - !ruby/object:Api::Type::String + name: 'pemCsr' + immutable: true + description: | + Immutable. A pem-encoded X.509 certificate signing request (CSR). + exactly_one_of: + - pem_csr + - config + - !ruby/object:Api::Type::NestedObject + name: 'config' + description: The config used to create a self-signed X.509 certificate or CSR. + exactly_one_of: + - pem_csr + - config + immutable: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'x509Config' + required: true + send_empty_value: true + immutable: true + description: | + Describes how some of the technical X.509 fields in a certificate should be populated. + properties: + - !ruby/object:Api::Type::Array + name: 'additionalExtensions' + immutable: true + description: | + Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + required: true + description: | + Indicates whether or not this extension is critical (i.e., if the client does not know how to + handle this extension, the client should consider this to be an error). + immutable: true + - !ruby/object:Api::Type::String + name: 'value' + required: true + description: | + The value of this X.509 extension. A base64-encoded string. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'objectId' + required: true + description: | + Describes values that are relevant in a CA certificate. + immutable: true + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + immutable: true + - !ruby/object:Api::Type::Array + name: 'policyIds' + description: | + Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + immutable: true + - !ruby/object:Api::Type::Array + name: 'aiaOcspServers' + item_type: Api::Type::String + description: | + Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'caOptions' + send_empty_value: true + description: | + Describes values that are relevant in a CA certificate. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'isCa' + description: | + When true, the "CA" in Basic Constraints extension will be set to true. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'nonCa' + url_param_only: true + description: | + When true, the "CA" in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. + immutable: true + - !ruby/object:Api::Type::Integer + name: 'maxIssuerPathLength' + description: | + Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'zeroMaxIssuerPathLength' + url_param_only: true + description: | + When true, the "path length constraint" in Basic Constraints extension will be set to 0. + if both `max_issuer_path_length` and `zero_max_issuer_path_length` are unset, + the max path length will be omitted from the CA certificate. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'keyUsage' + required: true + description: | + Indicates the intended use for keys that correspond to a certificate. + immutable: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseKeyUsage' + required: true + description: | + Describes high-level ways in which a key may be used. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'digitalSignature' + description: | + The key may be used for digital signatures. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'contentCommitment' + description: | + The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'keyEncipherment' + description: | + The key may be used to encipher other keys. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'dataEncipherment' + description: | + The key may be used to encipher data. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'keyAgreement' + description: | + The key may be used in a key agreement protocol. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'certSign' + description: | + The key may be used to sign certificates. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'crlSign' + description: | + The key may be used sign certificate revocation lists. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'encipherOnly' + description: | + The key may be used to encipher only. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'decipherOnly' + description: | + The key may be used to decipher only. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'extendedKeyUsage' + required: true + description: | + Describes high-level ways in which a key may be used. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'serverAuth' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'clientAuth' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'codeSigning' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'emailProtection' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'timeStamping' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". + immutable: true + - !ruby/object:Api::Type::Boolean + name: 'ocspSigning' + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". + immutable: true + - !ruby/object:Api::Type::Array + name: 'unknownExtendedKeyUsages' + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'nameConstraints' + description: | + Describes the X.509 name constraints extension. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + description: Indicates whether or not the name constraints are marked critical. + immutable: true + required: true + - !ruby/object:Api::Type::Array + name: 'permittedDnsNames' + description: | + Contains permitted DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedDnsNames' + description: | + Contains excluded DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedIpRanges' + description: | + Contains the permitted IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedIpRanges' + description: | + Contains the excluded IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedEmailAddresses' + description: | + Contains the permitted email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedEmailAddresses' + description: | + Contains the excluded email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedUris' + description: | + Contains the permitted URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedUris' + description: | + Contains the excluded URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'subjectConfig' + description: | + Specifies some of the values in a certificate that are related to the subject. + required: true + immutable: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'subject' + description: Contains distinguished name fields such as the location and organization. + required: true + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'countryCode' + description: The country code of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'organization' + description: The organization of the subject. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'organizationalUnit' + description: The organizational unit of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'locality' + description: The locality or city of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'province' + description: The province, territory, or regional state of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'streetAddress' + description: The street address of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'postalCode' + description: The postal code of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'commonName' + description: The common name of the distinguished name. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'subjectAltName' + description: The subject alternative name fields. + immutable: true + properties: + - !ruby/object:Api::Type::Array + name: 'dnsNames' + description: Contains only valid, fully-qualified host names. + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + immutable: true + - !ruby/object:Api::Type::Array + name: 'uris' + description: Contains only valid RFC 3986 URIs. + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + immutable: true + - !ruby/object:Api::Type::Array + name: 'emailAddresses' + description: Contains only valid RFC 2822 E-mail addresses. + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + immutable: true + - !ruby/object:Api::Type::Array + name: 'ipAddresses' + description: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'publicKey' + required: true + description: | + A PublicKey describes a public key. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'key' + description: | + Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string. + immutable: true + - !ruby/object:Api::Type::Enum + name: 'format' + required: true + description: | + The format of the public key. Currently, only PEM format is supported. + immutable: true + values: + - "KEY_TYPE_UNSPECIFIED" + - "PEM" diff --git a/mmv1/products/privateca/CertificateAuthority.yaml b/mmv1/products/privateca/CertificateAuthority.yaml new file mode 100644 index 000000000000..64f237d217dd --- /dev/null +++ b/mmv1/products/privateca/CertificateAuthority.yaml @@ -0,0 +1,636 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CertificateAuthority' +description: | + A CertificateAuthority represents an individual Certificate Authority. A + CertificateAuthority can be used to create Certificates. +base_url: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities +create_url: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities?certificateAuthorityId={{certificate_authority_id}} +self_link: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}} +delete_url: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}?ignoreActiveCertificates={{ignore_active_certificates_on_deletion}}&skipGracePeriod={{skip_grace_period}} +update_verb: :PATCH +update_mask: true +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/certificate-authority-service' + api: 'https://cloud.google.com/certificate-authority-service/docs/reference/rest' +properties: + - !ruby/object:Api::Type::String + name: pem_ca_certificate + description: | + The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer. + url_param_only: true + - !ruby/object:Api::Type::Boolean + name: 'ignore_active_certificates_on_deletion' + default_value: false + url_param_only: true + description: | + This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs. + Use with care. Defaults to `false`. + - !ruby/object:Api::Type::Boolean + name: 'skip_grace_period' + default_value: false + url_param_only: true + description: | + If this flag is set, the Certificate Authority will be deleted as soon as + possible without a 30-day grace period where undeletion would have been + allowed. If you proceed, there will be no way to recover this CA. + Use with care. Defaults to `false`. + - !ruby/object:Api::Type::String + name: location + description: | + Location of the CertificateAuthority. A full list of valid locations can be found by + running `gcloud privateca locations list`. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: certificateAuthorityId + description: The user provided Resource ID for this Certificate Authority. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: pool + description: The name of the CaPool this Certificate Authority belongs to. + required: true + immutable: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for this CertificateAuthority in the format + projects/*/locations/*/certificateAuthorities/*. + output: true + - !ruby/object:Api::Type::Enum + name: 'type' + description: The Type of this CertificateAuthority. + immutable: true + values: + - :SELF_SIGNED + - :SUBORDINATE + default_value: :SELF_SIGNED + - !ruby/object:Api::Type::NestedObject + name: 'config' + description: The config used to create a self-signed X.509 certificate or CSR. + required: true + immutable: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'x509Config' + required: true + immutable: true + description: | + Describes how some of the technical X.509 fields in a certificate should be populated. + properties: + - !ruby/object:Api::Type::Array + name: 'additionalExtensions' + immutable: true + description: | + Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + immutable: true + required: true + description: | + Indicates whether or not this extension is critical (i.e., if the client does not know how to + handle this extension, the client should consider this to be an error). + - !ruby/object:Api::Type::String + name: 'value' + immutable: true + required: true + description: | + The value of this X.509 extension. A base64-encoded string. + - !ruby/object:Api::Type::NestedObject + name: 'objectId' + immutable: true + required: true + description: | + Describes values that are relevant in a CA certificate. + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + immutable: true + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::Array + name: 'policyIds' + immutable: true + description: | + Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + immutable: true + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::Array + name: 'aiaOcspServers' + immutable: true + item_type: Api::Type::String + description: | + Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + - !ruby/object:Api::Type::NestedObject + name: 'caOptions' + immutable: true + required: true + description: | + Describes values that are relevant in a CA certificate. + properties: + - !ruby/object:Api::Type::Boolean + name: 'isCa' + immutable: true + required: true + description: | + When true, the "CA" in Basic Constraints extension will be set to true. + - !ruby/object:Api::Type::Boolean + name: 'nonCa' + immutable: true + url_param_only: true + description: | + When true, the "CA" in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. + - !ruby/object:Api::Type::Integer + name: 'maxIssuerPathLength' + immutable: true + description: | + Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 + requires setting `zero_max_issuer_path_length = true`. + - !ruby/object:Api::Type::Boolean + name: 'zeroMaxIssuerPathLength' + immutable: true + url_param_only: true + description: | + When true, the "path length constraint" in Basic Constraints extension will be set to 0. + If both `max_issuer_path_length` and `zero_max_issuer_path_length` are unset, + the max path length will be omitted from the CA certificate. + - !ruby/object:Api::Type::NestedObject + name: 'keyUsage' + immutable: true + required: true + description: | + Indicates the intended use for keys that correspond to a certificate. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'baseKeyUsage' + immutable: true + required: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::Boolean + name: 'digitalSignature' + immutable: true + description: | + The key may be used for digital signatures. + - !ruby/object:Api::Type::Boolean + name: 'contentCommitment' + immutable: true + description: | + The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". + - !ruby/object:Api::Type::Boolean + name: 'keyEncipherment' + immutable: true + description: | + The key may be used to encipher other keys. + - !ruby/object:Api::Type::Boolean + name: 'dataEncipherment' + immutable: true + description: | + The key may be used to encipher data. + - !ruby/object:Api::Type::Boolean + name: 'keyAgreement' + immutable: true + description: | + The key may be used in a key agreement protocol. + - !ruby/object:Api::Type::Boolean + name: 'certSign' + immutable: true + description: | + The key may be used to sign certificates. + - !ruby/object:Api::Type::Boolean + name: 'crlSign' + immutable: true + description: | + The key may be used sign certificate revocation lists. + - !ruby/object:Api::Type::Boolean + name: 'encipherOnly' + immutable: true + description: | + The key may be used to encipher only. + - !ruby/object:Api::Type::Boolean + name: 'decipherOnly' + immutable: true + description: | + The key may be used to decipher only. + - !ruby/object:Api::Type::NestedObject + name: 'extendedKeyUsage' + immutable: true + required: true + description: | + Describes high-level ways in which a key may be used. + properties: + - !ruby/object:Api::Type::Boolean + name: 'serverAuth' + immutable: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. + - !ruby/object:Api::Type::Boolean + name: 'clientAuth' + immutable: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. + - !ruby/object:Api::Type::Boolean + name: 'codeSigning' + immutable: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". + - !ruby/object:Api::Type::Boolean + name: 'emailProtection' + immutable: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". + - !ruby/object:Api::Type::Boolean + name: 'timeStamping' + immutable: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". + - !ruby/object:Api::Type::Boolean + name: 'ocspSigning' + immutable: true + description: | + Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". + - !ruby/object:Api::Type::Array + name: 'unknownExtendedKeyUsages' + immutable: true + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Array + name: 'objectIdPath' + immutable: true + required: true + item_type: Api::Type::Integer + description: | + An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. + - !ruby/object:Api::Type::NestedObject + name: 'nameConstraints' + description: | + Describes the X.509 name constraints extension. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: 'critical' + description: Indicates whether or not the name constraints are marked critical. + immutable: true + required: true + - !ruby/object:Api::Type::Array + name: 'permittedDnsNames' + description: | + Contains permitted DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedDnsNames' + description: | + Contains excluded DNS names. Any DNS name that can be + constructed by simply adding zero or more labels to + the left-hand side of the name satisfies the name constraint. + For example, `example.com`, `www.example.com`, `www.sub.example.com` + would satisfy `example.com` while `example1.com` does not. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedIpRanges' + description: | + Contains the permitted IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedIpRanges' + description: | + Contains the excluded IP ranges. For IPv4 addresses, the ranges + are expressed using CIDR notation as specified in RFC 4632. + For IPv6 addresses, the ranges are expressed in similar encoding as IPv4 + addresses. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedEmailAddresses' + description: | + Contains the permitted email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedEmailAddresses' + description: | + Contains the excluded email addresses. The value can be a particular + email address, a hostname to indicate all email addresses on that host or + a domain with a leading period (e.g. `.example.com`) to indicate + all email addresses in that domain. + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'permittedUris' + description: | + Contains the permitted URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'excludedUris' + description: | + Contains the excluded URIs that apply to the host part of the name. + The value can be a hostname or a domain with a + leading period (like `.example.com`) + immutable: true + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: 'subjectConfig' + immutable: true + description: | + Specifies some of the values in a certificate that are related to the subject. + required: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'subject' + immutable: true + description: Contains distinguished name fields such as the location and organization. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'countryCode' + description: The country code of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'organization' + description: The organization of the subject. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'organizationalUnit' + description: The organizational unit of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'locality' + description: The locality or city of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'province' + description: The province, territory, or regional state of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'streetAddress' + description: The street address of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'postalCode' + description: The postal code of the subject. + immutable: true + - !ruby/object:Api::Type::String + name: 'commonName' + description: The common name of the distinguished name. + immutable: true + required: true + - !ruby/object:Api::Type::NestedObject + name: 'subjectAltName' + description: The subject alternative name fields. + immutable: true + properties: + - !ruby/object:Api::Type::Array + name: 'dnsNames' + description: Contains only valid, fully-qualified host names. + immutable: true + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + - !ruby/object:Api::Type::Array + name: 'uris' + description: Contains only valid RFC 3986 URIs. + immutable: true + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + - !ruby/object:Api::Type::Array + name: 'emailAddresses' + description: Contains only valid RFC 2822 E-mail addresses. + immutable: true + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + - !ruby/object:Api::Type::Array + name: 'ipAddresses' + description: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. + immutable: true + item_type: Api::Type::String + at_least_one_of: + - config.0.subject_config.0.subject_alt_name.0.dns_names + - config.0.subject_config.0.subject_alt_name.0.uris + - config.0.subject_config.0.subject_alt_name.0.email_addresses + - config.0.subject_config.0.subject_alt_name.0.ip_addresses + - !ruby/object:Api::Type::String + name: 'lifetime' + description: | + The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and + "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine + fractional digits, terminated by 's'. Example: "3.5s". + default_value: 315360000s # 10 years + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'keySpec' + description: | + Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority + is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA + certificate. Otherwise, it is used to sign a CSR. + required: true + immutable: true + properties: + - !ruby/object:Api::Type::String + name: 'cloudKmsKeyVersion' + description: | + The resource name for an existing Cloud KMS CryptoKeyVersion in the format + `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + immutable: true + exactly_one_of: + - key_spec.0.cloud_kms_key_version + - key_spec.0.algorithm + - !ruby/object:Api::Type::Enum + name: 'algorithm' + description: | + The algorithm to use for creating a managed Cloud KMS key for a for a simplified + experience. All managed keys will be have their ProtectionLevel as HSM. + immutable: true + values: + - :SIGN_HASH_ALGORITHM_UNSPECIFIED + - :RSA_PSS_2048_SHA256 + - :RSA_PSS_3072_SHA256 + - :RSA_PSS_4096_SHA256 + - :RSA_PKCS1_2048_SHA256 + - :RSA_PKCS1_3072_SHA256 + - :RSA_PKCS1_4096_SHA256 + - :EC_P256_SHA256 + - :EC_P384_SHA384 + exactly_one_of: + - key_spec.0.cloud_kms_key_version + - key_spec.0.algorithm + - !ruby/object:Api::Type::NestedObject + name: 'subordinateConfig' + description: | + If this is a subordinate CertificateAuthority, this field will be set + with the subordinate configuration, which describes its issuers. + properties: + - !ruby/object:Api::Type::String + name: 'certificateAuthority' + description: | + This can refer to a CertificateAuthority that was used to create a + subordinate CertificateAuthority. This field is used for information + and usability purposes only. The resource name is in the format + `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + exactly_one_of: + - subordinate_config.0.certificate_authority + - subordinate_config.0.pem_issuer_chain + - !ruby/object:Api::Type::NestedObject + name: 'pemIssuerChain' + description: | + Contains the PEM certificate chain for the issuers of this CertificateAuthority, + but not pem certificate for this CA itself. + exactly_one_of: + - subordinate_config.0.certificate_authority + - subordinate_config.0.pem_issuer_chain + properties: + - !ruby/object:Api::Type::Array + name: 'pemCertificates' + description: | + Expected to be in leaf-to-root order according to RFC 5246. + item_type: Api::Type::String + - !ruby/object:Api::Type::Enum + name: 'state' + description: The State for this CertificateAuthority. + output: true + values: + - :STATE_UNSPECIFIED + - :ENABLED + - :DISABLED + - :STAGED + - :AWAITING_USER_ACTIVATION + - :PENDING_DELETION + - !ruby/object:Api::Type::Array + name: 'pemCaCertificates' + description: | + This CertificateAuthority's certificate chain, including the current + CertificateAuthority's certificate. Ordered such that the root issuer is the final + element (consistent with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::String + name: 'gcsBucket' + description: | + The name of a Cloud Storage bucket where this CertificateAuthority will publish content, + such as the CA certificate and CRLs. This must be a bucket name, without any prefixes + (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named + my-bucket, you would simply specify `my-bucket`. If not specified, a managed bucket will be + created. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'accessUrls' + description: | + URLs for accessing content published by this CA, such as the CA certificate and CRLs. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'caCertificateAccessUrl' + description: | + The URL where this CertificateAuthority's CA certificate is published. This will only be + set for CAs that have been activated. + output: true + - !ruby/object:Api::Type::Array + name: 'crlAccessUrls' + description: | + The URL where this CertificateAuthority's CRLs are published. This will only be set for + CAs that have been activated. + item_type: Api::Type::String + output: true + - !ruby/object:Api::Type::String + name: 'createTime' + description: | + The time at which this CertificateAuthority was created. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::String + name: 'updateTime' + description: | + The time at which this CertificateAuthority was updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: | + Labels with user-defined metadata. + + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": + "1.3kg", "count": "3" }. diff --git a/mmv1/products/privateca/CertificateTemplate.yaml b/mmv1/products/privateca/CertificateTemplate.yaml new file mode 100644 index 000000000000..991bd917e507 --- /dev/null +++ b/mmv1/products/privateca/CertificateTemplate.yaml @@ -0,0 +1,28 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'CertificateTemplate' +base_url: projects/{{project}}/locations/{{location}}/certificateTemplates +self_link: projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}} +# This resource is only used to generate IAM resources. They do not correspond to real +# GCP resources, and should not be used to generate anything other than IAM support. +exclude_resource: true +description: | + Only used to generate IAM resources +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Dummy property. + required: true + diff --git a/mmv1/products/privateca/api.yaml b/mmv1/products/privateca/api.yaml deleted file mode 100644 index 47eacc1de6d6..000000000000 --- a/mmv1/products/privateca/api.yaml +++ /dev/null @@ -1,1911 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Privateca -display_name: Certificate Authority Service -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://privateca.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Certificate Authority API - url: https://console.cloud.google.com/apis/api/privateca.googleapis.com -objects: - # CertificateAuthority - - !ruby/object:Api::Resource - name: 'CertificateAuthority' - description: | - A CertificateAuthority represents an individual Certificate Authority. A - CertificateAuthority can be used to create Certificates. - base_url: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities - create_url: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities?certificateAuthorityId={{certificate_authority_id}} - self_link: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}} - delete_url: projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}?ignoreActiveCertificates={{ignore_active_certificates_on_deletion}}&skipGracePeriod={{skip_grace_period}} - update_verb: :PATCH - update_mask: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - base_url: '{{op_id}}' - path: 'name' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/certificate-authority-service' - api: 'https://cloud.google.com/certificate-authority-service/docs/reference/rest' - properties: - - !ruby/object:Api::Type::String - name: pem_ca_certificate - description: | - The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer. - url_param_only: true - - !ruby/object:Api::Type::Boolean - name: 'ignore_active_certificates_on_deletion' - default_value: false - url_param_only: true - description: | - This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs. - Use with care. Defaults to `false`. - - !ruby/object:Api::Type::Boolean - name: 'skip_grace_period' - default_value: false - url_param_only: true - description: | - If this flag is set, the Certificate Authority will be deleted as soon as - possible without a 30-day grace period where undeletion would have been - allowed. If you proceed, there will be no way to recover this CA. - Use with care. Defaults to `false`. - - !ruby/object:Api::Type::String - name: location - description: | - Location of the CertificateAuthority. A full list of valid locations can be found by - running `gcloud privateca locations list`. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: certificateAuthorityId - description: The user provided Resource ID for this Certificate Authority. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: pool - description: The name of the CaPool this Certificate Authority belongs to. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for this CertificateAuthority in the format - projects/*/locations/*/certificateAuthorities/*. - output: true - - !ruby/object:Api::Type::Enum - name: 'type' - description: The Type of this CertificateAuthority. - input: true - values: - - :SELF_SIGNED - - :SUBORDINATE - default_value: :SELF_SIGNED - - !ruby/object:Api::Type::NestedObject - name: 'config' - description: The config used to create a self-signed X.509 certificate or CSR. - required: true - input: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'x509Config' - required: true - input: true - description: | - Describes how some of the technical X.509 fields in a certificate should be populated. - properties: - - !ruby/object:Api::Type::Array - name: 'additionalExtensions' - input: true - description: | - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Boolean - name: 'critical' - input: true - required: true - description: | - Indicates whether or not this extension is critical (i.e., if the client does not know how to - handle this extension, the client should consider this to be an error). - - !ruby/object:Api::Type::String - name: 'value' - input: true - required: true - description: | - The value of this X.509 extension. A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'objectId' - input: true - required: true - description: | - Describes values that are relevant in a CA certificate. - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - input: true - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::Array - name: 'policyIds' - input: true - description: | - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - input: true - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::Array - name: 'aiaOcspServers' - input: true - item_type: Api::Type::String - description: | - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - - !ruby/object:Api::Type::NestedObject - name: 'caOptions' - input: true - required: true - description: | - Describes values that are relevant in a CA certificate. - properties: - - !ruby/object:Api::Type::Boolean - name: 'isCa' - input: true - required: true - description: | - When true, the "CA" in Basic Constraints extension will be set to true. - - !ruby/object:Api::Type::Boolean - name: 'nonCa' - input: true - url_param_only: true - description: | - When true, the "CA" in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. - - !ruby/object:Api::Type::Integer - name: 'maxIssuerPathLength' - input: true - description: | - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0 - requires setting `zero_max_issuer_path_length = true`. - - !ruby/object:Api::Type::Boolean - name: 'zeroMaxIssuerPathLength' - input: true - url_param_only: true - description: | - When true, the "path length constraint" in Basic Constraints extension will be set to 0. - If both `max_issuer_path_length` and `zero_max_issuer_path_length` are unset, - the max path length will be omitted from the CA certificate. - - !ruby/object:Api::Type::NestedObject - name: 'keyUsage' - input: true - required: true - description: | - Indicates the intended use for keys that correspond to a certificate. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseKeyUsage' - input: true - required: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::Boolean - name: 'digitalSignature' - input: true - description: | - The key may be used for digital signatures. - - !ruby/object:Api::Type::Boolean - name: 'contentCommitment' - input: true - description: | - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - - !ruby/object:Api::Type::Boolean - name: 'keyEncipherment' - input: true - description: | - The key may be used to encipher other keys. - - !ruby/object:Api::Type::Boolean - name: 'dataEncipherment' - input: true - description: | - The key may be used to encipher data. - - !ruby/object:Api::Type::Boolean - name: 'keyAgreement' - input: true - description: | - The key may be used in a key agreement protocol. - - !ruby/object:Api::Type::Boolean - name: 'certSign' - input: true - description: | - The key may be used to sign certificates. - - !ruby/object:Api::Type::Boolean - name: 'crlSign' - input: true - description: | - The key may be used sign certificate revocation lists. - - !ruby/object:Api::Type::Boolean - name: 'encipherOnly' - input: true - description: | - The key may be used to encipher only. - - !ruby/object:Api::Type::Boolean - name: 'decipherOnly' - input: true - description: | - The key may be used to decipher only. - - !ruby/object:Api::Type::NestedObject - name: 'extendedKeyUsage' - input: true - required: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::Boolean - name: 'serverAuth' - input: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - - !ruby/object:Api::Type::Boolean - name: 'clientAuth' - input: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - - !ruby/object:Api::Type::Boolean - name: 'codeSigning' - input: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - - !ruby/object:Api::Type::Boolean - name: 'emailProtection' - input: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - - !ruby/object:Api::Type::Boolean - name: 'timeStamping' - input: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". - - !ruby/object:Api::Type::Boolean - name: 'ocspSigning' - input: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - - !ruby/object:Api::Type::Array - name: 'unknownExtendedKeyUsages' - input: true - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - input: true - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::NestedObject - name: 'subjectConfig' - input: true - description: | - Specifies some of the values in a certificate that are related to the subject. - required: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'subject' - input: true - description: Contains distinguished name fields such as the location and organization. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'countryCode' - description: The country code of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'organization' - description: The organization of the subject. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'organizationalUnit' - description: The organizational unit of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'locality' - description: The locality or city of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'province' - description: The province, territory, or regional state of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'streetAddress' - description: The street address of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'postalCode' - description: The postal code of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'commonName' - description: The common name of the distinguished name. - input: true - required: true - - !ruby/object:Api::Type::NestedObject - name: 'subjectAltName' - description: The subject alternative name fields. - input: true - properties: - - !ruby/object:Api::Type::Array - name: 'dnsNames' - description: Contains only valid, fully-qualified host names. - input: true - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - - !ruby/object:Api::Type::Array - name: 'uris' - description: Contains only valid RFC 3986 URIs. - input: true - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - - !ruby/object:Api::Type::Array - name: 'emailAddresses' - description: Contains only valid RFC 2822 E-mail addresses. - input: true - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - - !ruby/object:Api::Type::Array - name: 'ipAddresses' - description: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. - input: true - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - - !ruby/object:Api::Type::String - name: 'lifetime' - description: | - The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and - "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine - fractional digits, terminated by 's'. Example: "3.5s". - default_value: 315360000s # 10 years - input: true - - !ruby/object:Api::Type::NestedObject - name: 'keySpec' - description: | - Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority - is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA - certificate. Otherwise, it is used to sign a CSR. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'cloudKmsKeyVersion' - description: | - The resource name for an existing Cloud KMS CryptoKeyVersion in the format - `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - input: true - exactly_one_of: - - key_spec.0.cloud_kms_key_version - - key_spec.0.algorithm - - !ruby/object:Api::Type::Enum - name: 'algorithm' - description: | - The algorithm to use for creating a managed Cloud KMS key for a for a simplified - experience. All managed keys will be have their ProtectionLevel as HSM. - input: true - values: - - :SIGN_HASH_ALGORITHM_UNSPECIFIED - - :RSA_PSS_2048_SHA256 - - :RSA_PSS_3072_SHA256 - - :RSA_PSS_4096_SHA256 - - :RSA_PKCS1_2048_SHA256 - - :RSA_PKCS1_3072_SHA256 - - :RSA_PKCS1_4096_SHA256 - - :EC_P256_SHA256 - - :EC_P384_SHA384 - exactly_one_of: - - key_spec.0.cloud_kms_key_version - - key_spec.0.algorithm - - !ruby/object:Api::Type::NestedObject - name: 'subordinateConfig' - description: | - If this is a subordinate CertificateAuthority, this field will be set - with the subordinate configuration, which describes its issuers. - properties: - - !ruby/object:Api::Type::String - name: 'certificateAuthority' - description: | - This can refer to a CertificateAuthority that was used to create a - subordinate CertificateAuthority. This field is used for information - and usability purposes only. The resource name is in the format - `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - exactly_one_of: - - subordinate_config.0.certificate_authority - - subordinate_config.0.pem_issuer_chain - - !ruby/object:Api::Type::NestedObject - name: 'pemIssuerChain' - description: | - Contains the PEM certificate chain for the issuers of this CertificateAuthority, - but not pem certificate for this CA itself. - exactly_one_of: - - subordinate_config.0.certificate_authority - - subordinate_config.0.pem_issuer_chain - properties: - - !ruby/object:Api::Type::Array - name: 'pemCertificates' - description: | - Expected to be in leaf-to-root order according to RFC 5246. - item_type: Api::Type::String - - !ruby/object:Api::Type::Enum - name: 'state' - description: The State for this CertificateAuthority. - output: true - values: - - :STATE_UNSPECIFIED - - :ENABLED - - :DISABLED - - :STAGED - - :AWAITING_USER_ACTIVATION - - :PENDING_DELETION - - !ruby/object:Api::Type::Array - name: 'pemCaCertificates' - description: | - This CertificateAuthority's certificate chain, including the current - CertificateAuthority's certificate. Ordered such that the root issuer is the final - element (consistent with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::String - name: 'gcsBucket' - description: | - The name of a Cloud Storage bucket where this CertificateAuthority will publish content, - such as the CA certificate and CRLs. This must be a bucket name, without any prefixes - (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named - my-bucket, you would simply specify `my-bucket`. If not specified, a managed bucket will be - created. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'accessUrls' - description: | - URLs for accessing content published by this CA, such as the CA certificate and CRLs. - output: true - properties: - - !ruby/object:Api::Type::String - name: 'caCertificateAccessUrl' - description: | - The URL where this CertificateAuthority's CA certificate is published. This will only be - set for CAs that have been activated. - output: true - - !ruby/object:Api::Type::Array - name: 'crlAccessUrls' - description: | - The URL where this CertificateAuthority's CRLs are published. This will only be set for - CAs that have been activated. - item_type: Api::Type::String - output: true - - !ruby/object:Api::Type::String - name: 'createTime' - description: | - The time at which this CertificateAuthority was created. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine - fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::String - name: 'updateTime' - description: | - The time at which this CertificateAuthority was updated. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine - fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: | - Labels with user-defined metadata. - - An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": - "1.3kg", "count": "3" }. - - - # Certificate - - !ruby/object:Api::Resource - name: 'Certificate' - base_url: 'projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates' - create_url: 'projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates?certificateId={{name}}' - delete_url: 'projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}:revoke' - delete_verb: :POST - update_verb: :PATCH - update_mask: true - description: | - A Certificate corresponds to a signed X.509 certificate issued by a Certificate. - parameters: - - !ruby/object:Api::Type::String - name: location - description: | - Location of the Certificate. A full list of valid locations can be found by - running `gcloud privateca locations list`. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: certificate_authority - description: | - The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from - a Certificate Authority with resource name `projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca`, - argument `pool` should be set to `projects/my-project/locations/us-central1/caPools/my-pool`, argument `certificate_authority` - should be set to `my-ca`. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: pool - description: The name of the CaPool this Certificate belongs to. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this Certificate. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'issuerCertificateAuthority' - description: | - The resource name of the issuing CertificateAuthority in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - output: true - - !ruby/object:Api::Type::String - name: 'lifetime' - description: | - The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and - "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine - fractional digits, terminated by 's'. Example: "3.5s". - default_value: 315360000s # 10 years - input: true - - !ruby/object:Api::Type::NestedObject - name: 'revocationDetails' - description: | - Output only. Details regarding the revocation of this Certificate. This Certificate is - considered revoked if and only if this field is present. - output: true - properties: - - !ruby/object:Api::Type::Enum - name: 'revocationState' - output: true - description: | - Indicates why a Certificate was revoked. - values: - - "REVOCATION_REASON_UNSPECIFIED" - - "KEY_COMPROMISE" - - "CERTIFICATE_AUTHORITY_COMPROMISE" - - "AFFILIATION_CHANGED" - - "SUPERSEDED" - - "CESSATION_OF_OPERATION" - - "CERTIFICATE_HOLD" - - "PRIVILEGE_WITHDRAWN" - - "ATTRIBUTE_AUTHORITY_COMPROMISE" - - !ruby/object:Api::Type::String - name: 'revocationTime' - output: true - description: | - The time at which this Certificate was revoked. - - !ruby/object:Api::Type::String - name: 'pemCertificate' - output: true - description: | - Output only. The pem-encoded, signed X.509 certificate. - - !ruby/object:Api::Type::NestedObject - name: 'certificateDescription' - description: | - Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present. - output: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'subjectDescription' - output: true - description: | - Describes some of the values in a certificate that are related to the subject and lifetime. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'subject' - output: true - description: | - Contains distinguished name fields such as the location and organization. - properties: - - !ruby/object:Api::Type::String - name: 'countryCode' - output: true - description: | - The country code of the subject. - - !ruby/object:Api::Type::String - name: 'organization' - output: true - description: | - The organization of the subject. - - !ruby/object:Api::Type::String - name: 'organizationalUnit' - output: true - description: | - The organizationalUnit of the subject. - - !ruby/object:Api::Type::String - name: 'locality' - output: true - description: | - The locality or city of the subject. - - !ruby/object:Api::Type::String - name: 'province' - output: true - description: | - The province of the subject. - - !ruby/object:Api::Type::String - name: 'streetAddress' - output: true - description: | - The streetAddress or city of the subject. - - !ruby/object:Api::Type::String - name: 'postalCode' - output: true - description: | - The postalCode or city of the subject. - - !ruby/object:Api::Type::String - name: 'commonName' - output: true - description: | - The "common name" of the distinguished name. - - !ruby/object:Api::Type::NestedObject - name: 'subjectAltName' - output: true - description: | - The subject alternative name fields. - properties: - - !ruby/object:Api::Type::Array - name: 'dnsNames' - output: true - description: | - Contains only valid, fully-qualified host names. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - output: true - name: 'uris' - description: | - Contains only valid RFC 3986 URIs. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'emailAddresses' - output: true - item_type: Api::Type::String - description: | - Contains only valid RFC 2822 E-mail addresses. - - !ruby/object:Api::Type::Array - name: 'ipAddresses' - output: true - item_type: Api::Type::String - description: | - Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. - - !ruby/object:Api::Type::Array - name: 'customSans' - output: true - description: | - Contains additional subject alternative name values. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'obectId' - output: true - description: | - Describes how some of the technical fields in a certificate should be populated. - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - output: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::Boolean - name: 'critical' - output: true - description: | - Required. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error). - - !ruby/object:Api::Type::String - name: 'value' - output: true - description: | - The value of this X.509 extension. - - !ruby/object:Api::Type::String - name: 'hexSerialNumber' - output: true - description: | - The serial number encoded in lowercase hexadecimal. - - !ruby/object:Api::Type::String - name: 'lifetime' - output: true - description: | - For convenience, the actual lifetime of an issued certificate. Corresponds to 'notAfterTime' - 'notBeforeTime'. - - !ruby/object:Api::Type::String - name: 'notBeforeTime' - output: true - description: | - The time at which the certificate becomes valid. - - !ruby/object:Api::Type::String - name: 'notAfterTime' - output: true - description: | - The time at which the certificate expires. - - !ruby/object:Api::Type::NestedObject - name: 'x509Description' - output: true - description: | - A structured description of the issued X.509 certificate. - properties: - - !ruby/object:Api::Type::Array - name: 'additionalExtensions' - description: | - Describes custom X.509 extensions. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Boolean - name: 'critical' - description: | - Indicates whether or not this extension is critical (i.e., if the client does not know how to - handle this extension, the client should consider this to be an error). - output: true - - !ruby/object:Api::Type::String - name: 'value' - description: | - The value of this X.509 extension. A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'objectId' - description: | - Describes values that are relevant in a CA certificate. - output: true - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - output: true - - !ruby/object:Api::Type::Array - name: 'policyIds' - description: | - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - output: true - - !ruby/object:Api::Type::Array - name: 'aiaOcspServers' - item_type: Api::Type::String - description: | - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'caOptions' - description: | - Describes values that are relevant in a CA certificate. - output: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'isCa' - description: | - When true, the "CA" in Basic Constraints extension will be set to true. - output: true - - !ruby/object:Api::Type::Integer - name: 'maxIssuerPathLength' - description: | - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'keyUsage' - description: | - Indicates the intended use for keys that correspond to a certificate. - output: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseKeyUsage' - description: | - Describes high-level ways in which a key may be used. - output: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'digitalSignature' - description: | - The key may be used for digital signatures. - output: true - - !ruby/object:Api::Type::Boolean - name: 'contentCommitment' - description: | - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - output: true - - !ruby/object:Api::Type::Boolean - name: 'keyEncipherment' - description: | - The key may be used to encipher other keys. - output: true - - !ruby/object:Api::Type::Boolean - name: 'dataEncipherment' - description: | - The key may be used to encipher data. - output: true - - !ruby/object:Api::Type::Boolean - name: 'keyAgreement' - description: | - The key may be used in a key agreement protocol. - output: true - - !ruby/object:Api::Type::Boolean - name: 'certSign' - description: | - The key may be used to sign certificates. - output: true - - !ruby/object:Api::Type::Boolean - name: 'crlSign' - description: | - The key may be used sign certificate revocation lists. - output: true - - !ruby/object:Api::Type::Boolean - name: 'encipherOnly' - description: | - The key may be used to encipher only. - output: true - - !ruby/object:Api::Type::Boolean - name: 'decipherOnly' - description: | - The key may be used to decipher only. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'extendedKeyUsage' - description: | - Describes high-level ways in which a key may be used. - output: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'serverAuth' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - output: true - - !ruby/object:Api::Type::Boolean - name: 'clientAuth' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - output: true - - !ruby/object:Api::Type::Boolean - name: 'codeSigning' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - output: true - - !ruby/object:Api::Type::Boolean - name: 'emailProtection' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - output: true - - !ruby/object:Api::Type::Boolean - name: 'timeStamping' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". - output: true - - !ruby/object:Api::Type::Boolean - name: 'ocspSigning' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - output: true - - !ruby/object:Api::Type::Array - name: 'unknownExtendedKeyUsages' - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'configValues' - deprecation_message: Deprecated in favor of `x509_description`. - output: true - description: | - Describes some of the technical fields in a certificate. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'keyUsage' - output: true - description: | - Indicates the intended use for keys that correspond to a certificate. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseKeyUsage' - output: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'keyUsageOptions' - output: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::Boolean - name: 'digitalSignature' - output: true - description: | - The key may be used for digital signatures. - - !ruby/object:Api::Type::Boolean - name: 'contentCommitment' - output: true - description: | - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - - !ruby/object:Api::Type::Boolean - name: 'keyEncipherment' - output: true - description: | - The key may be used to encipher other keys. - - !ruby/object:Api::Type::Boolean - name: 'dataEncipherment' - output: true - description: | - The key may be used to encipher data. - - !ruby/object:Api::Type::Boolean - name: 'keyAgreement' - output: true - description: | - The key may be used in a key agreement protocol. - - !ruby/object:Api::Type::Boolean - name: 'certSign' - output: true - description: | - The key may be used to sign certificates. - - !ruby/object:Api::Type::Boolean - name: 'crlSign' - output: true - description: | - The key may be used sign certificate revocation lists. - - !ruby/object:Api::Type::Boolean - name: 'encipherOnly' - output: true - description: | - The key may be used to encipher only. - - !ruby/object:Api::Type::Boolean - name: 'decipherOnly' - output: true - description: | - The key may be used to decipher only. - - !ruby/object:Api::Type::NestedObject - name: 'extendedKeyUsage' - output: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::Boolean - name: 'serverAuth' - output: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - - !ruby/object:Api::Type::Boolean - name: 'clientAuth' - output: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - - !ruby/object:Api::Type::Boolean - name: 'codeSigning' - output: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - - !ruby/object:Api::Type::Boolean - name: 'emailProtection' - output: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - - !ruby/object:Api::Type::Boolean - name: 'timeStamping' - output: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". - - !ruby/object:Api::Type::Boolean - name: 'ocspSigning' - output: true - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - - !ruby/object:Api::Type::Array - name: 'unknownExtendedKeyUsages' - output: true - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'obectId' - output: true - description: | - Required. Describes how some of the technical fields in a certificate should be populated. - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - output: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::NestedObject - name: 'publicKey' - output: true - description: | - A PublicKey describes a public key. - properties: - - !ruby/object:Api::Type::String - name: 'key' - output: true - description: | - Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string. - - !ruby/object:Api::Type::Enum - name: 'format' - output: true - description: | - The format of the public key. Currently, only PEM format is supported. - values: - - "KEY_TYPE_UNSPECIFIED" - - "PEM" - - !ruby/object:Api::Type::NestedObject - name: 'subjectKeyId' - output: true - description: | - Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - - !ruby/object:Api::Type::String - name: 'keyId' - output: true - description: | - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. - - !ruby/object:Api::Type::NestedObject - name: 'authorityKeyId' - output: true - description: | - Identifies the subjectKeyId of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - - !ruby/object:Api::Type::String - name: 'keyId' - output: true - description: | - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. - - !ruby/object:Api::Type::Array - name: 'crlDistributionPoints' - output: true - description: | - Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'aiaIssuingCertificateUrls' - output: true - description: | - Describes lists of issuer CA certificate URLs that appear in the "Authority Information Access" extension in the certificate. - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: 'certFingerprint' - output: true - description: | - The hash of the x.509 certificate. - properties: - - !ruby/object:Api::Type::String - name: 'sha256Hash' - output: true - description: | - The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate. - - !ruby/object:Api::Type::Array - name: 'pemCertificateChain' - output: true - description: | - The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246. - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'pemCertificates' - deprecation_message: Deprecated in favor of `pem_certificate_chain`. - output: true - description: | - Required. Expected to be in leaf-to-root order according to RFC 5246. - item_type: Api::Type::String - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time that this resource was created on the server. - This is in RFC3339 text format. - output: true - - !ruby/object:Api::Type::Time - name: 'updateTime' - description: | - Output only. The time at which this CertificateAuthority was updated. - This is in RFC3339 text format. - output: true - # Note: would be a resourceref, except that CertificateTemplate is in the DCL - # and we don't have references across mmv1-dcl bridge yet. - - !ruby/object:Api::Type::String - name: 'certificateTemplate' - input: true - description: | - The resource name for a CertificateTemplate used to issue this certificate, - in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, - the caller must have the necessary permission to use this template. If this is - omitted, no template will be used. This template must be in the same location - as the Certificate. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels with user-defined metadata to apply to this resource. - - !ruby/object:Api::Type::String - name: 'pemCsr' - input: true - description: | - Immutable. A pem-encoded X.509 certificate signing request (CSR). - exactly_one_of: - - pem_csr - - config - - !ruby/object:Api::Type::NestedObject - name: 'config' - description: The config used to create a self-signed X.509 certificate or CSR. - exactly_one_of: - - pem_csr - - config - input: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'x509Config' - required: true - send_empty_value: true - input: true - description: | - Describes how some of the technical X.509 fields in a certificate should be populated. - properties: - - !ruby/object:Api::Type::Array - name: 'additionalExtensions' - input: true - description: | - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Boolean - name: 'critical' - required: true - description: | - Indicates whether or not this extension is critical (i.e., if the client does not know how to - handle this extension, the client should consider this to be an error). - input: true - - !ruby/object:Api::Type::String - name: 'value' - required: true - description: | - The value of this X.509 extension. A base64-encoded string. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'objectId' - required: true - description: | - Describes values that are relevant in a CA certificate. - input: true - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - input: true - - !ruby/object:Api::Type::Array - name: 'policyIds' - description: | - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - input: true - - !ruby/object:Api::Type::Array - name: 'aiaOcspServers' - item_type: Api::Type::String - description: | - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'caOptions' - send_empty_value: true - description: | - Describes values that are relevant in a CA certificate. - input: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'isCa' - description: | - When true, the "CA" in Basic Constraints extension will be set to true. - input: true - - !ruby/object:Api::Type::Boolean - name: 'nonCa' - url_param_only: true - description: | - When true, the "CA" in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. - input: true - - !ruby/object:Api::Type::Integer - name: 'maxIssuerPathLength' - description: | - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. - input: true - - !ruby/object:Api::Type::Boolean - name: 'zeroMaxIssuerPathLength' - url_param_only: true - description: | - When true, the "path length constraint" in Basic Constraints extension will be set to 0. - if both `max_issuer_path_length` and `zero_max_issuer_path_length` are unset, - the max path length will be omitted from the CA certificate. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'keyUsage' - required: true - description: | - Indicates the intended use for keys that correspond to a certificate. - input: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseKeyUsage' - required: true - description: | - Describes high-level ways in which a key may be used. - input: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'digitalSignature' - description: | - The key may be used for digital signatures. - input: true - - !ruby/object:Api::Type::Boolean - name: 'contentCommitment' - description: | - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - input: true - - !ruby/object:Api::Type::Boolean - name: 'keyEncipherment' - description: | - The key may be used to encipher other keys. - input: true - - !ruby/object:Api::Type::Boolean - name: 'dataEncipherment' - description: | - The key may be used to encipher data. - input: true - - !ruby/object:Api::Type::Boolean - name: 'keyAgreement' - description: | - The key may be used in a key agreement protocol. - input: true - - !ruby/object:Api::Type::Boolean - name: 'certSign' - description: | - The key may be used to sign certificates. - input: true - - !ruby/object:Api::Type::Boolean - name: 'crlSign' - description: | - The key may be used sign certificate revocation lists. - input: true - - !ruby/object:Api::Type::Boolean - name: 'encipherOnly' - description: | - The key may be used to encipher only. - input: true - - !ruby/object:Api::Type::Boolean - name: 'decipherOnly' - description: | - The key may be used to decipher only. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'extendedKeyUsage' - required: true - description: | - Describes high-level ways in which a key may be used. - input: true - properties: - - !ruby/object:Api::Type::Boolean - name: 'serverAuth' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - input: true - - !ruby/object:Api::Type::Boolean - name: 'clientAuth' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - input: true - - !ruby/object:Api::Type::Boolean - name: 'codeSigning' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - input: true - - !ruby/object:Api::Type::Boolean - name: 'emailProtection' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - input: true - - !ruby/object:Api::Type::Boolean - name: 'timeStamping' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". - input: true - - !ruby/object:Api::Type::Boolean - name: 'ocspSigning' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - input: true - - !ruby/object:Api::Type::Array - name: 'unknownExtendedKeyUsages' - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'subjectConfig' - description: | - Specifies some of the values in a certificate that are related to the subject. - required: true - input: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'subject' - description: Contains distinguished name fields such as the location and organization. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'countryCode' - description: The country code of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'organization' - description: The organization of the subject. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'organizationalUnit' - description: The organizational unit of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'locality' - description: The locality or city of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'province' - description: The province, territory, or regional state of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'streetAddress' - description: The street address of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'postalCode' - description: The postal code of the subject. - input: true - - !ruby/object:Api::Type::String - name: 'commonName' - description: The common name of the distinguished name. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: 'subjectAltName' - description: The subject alternative name fields. - input: true - properties: - - !ruby/object:Api::Type::Array - name: 'dnsNames' - description: Contains only valid, fully-qualified host names. - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - input: true - - !ruby/object:Api::Type::Array - name: 'uris' - description: Contains only valid RFC 3986 URIs. - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - input: true - - !ruby/object:Api::Type::Array - name: 'emailAddresses' - description: Contains only valid RFC 2822 E-mail addresses. - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - input: true - - !ruby/object:Api::Type::Array - name: 'ipAddresses' - description: Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses. - item_type: Api::Type::String - at_least_one_of: - - config.0.subject_config.0.subject_alt_name.0.dns_names - - config.0.subject_config.0.subject_alt_name.0.uris - - config.0.subject_config.0.subject_alt_name.0.email_addresses - - config.0.subject_config.0.subject_alt_name.0.ip_addresses - input: true - - !ruby/object:Api::Type::NestedObject - name: 'publicKey' - required: true - description: | - A PublicKey describes a public key. - input: true - properties: - - !ruby/object:Api::Type::String - name: 'key' - description: | - Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string. - input: true - - !ruby/object:Api::Type::Enum - name: 'format' - required: true - description: | - The format of the public key. Currently, only PEM format is supported. - input: true - values: - - "KEY_TYPE_UNSPECIFIED" - - "PEM" - - - !ruby/object:Api::Resource - name: 'CaPool' - base_url: 'projects/{{project}}/locations/{{location}}/caPools' - create_url: 'projects/{{project}}/locations/{{location}}/caPools?caPoolId={{name}}' - self_link: 'projects/{{project}}/locations/{{location}}/caPools/{{name}}' - update_verb: :PATCH - update_mask: true - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - base_url: '{{op_id}}' - path: 'name' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: | - A CaPool represents a group of CertificateAuthorities that form a trust anchor. A CaPool can be used to manage - issuance policies for one or more CertificateAuthority resources and to rotate CA certificates in and out of the - trust anchor. - parameters: - - !ruby/object:Api::Type::String - name: location - description: | - Location of the CaPool. A full list of valid locations can be found by - running `gcloud privateca locations list`. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name for this CaPool. - required: true - input: true - url_param_only: true - - !ruby/object:Api::Type::Enum - name: 'tier' - description: | - The Tier of this CaPool. - values: - - "ENTERPRISE" - - "DEVOPS" - input: true - required: true - - !ruby/object:Api::Type::NestedObject - name: 'issuancePolicy' - description: | - The IssuancePolicy to control how Certificates will be issued from this CaPool. - properties: - - !ruby/object:Api::Type::Array - name: 'allowedKeyTypes' - description: | - If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. - Otherwise, any key may be used. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'rsa' - description: | - Describes an RSA key that may be used in a Certificate issued from a CaPool. - properties: - - !ruby/object:Api::Type::String - name: 'minModulusSize' - description: | - The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the - service-level min RSA modulus size will continue to apply. - - !ruby/object:Api::Type::String - name: 'maxModulusSize' - description: | - The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the - service will not enforce an explicit upper bound on RSA modulus sizes. - - !ruby/object:Api::Type::NestedObject - name: 'ellipticCurve' - description: | - Represents an allowed Elliptic Curve key type. - properties: - - !ruby/object:Api::Type::Enum - name: 'signatureAlgorithm' - description: | - The algorithm used. - required: true - values: - - ECDSA_P256 - - ECDSA_P384 - - EDDSA_25519 - - !ruby/object:Api::Type::String - name: 'maximumLifetime' - description: | - The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it. - - !ruby/object:Api::Type::NestedObject - name: 'allowedIssuanceModes' - description: | - IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool. - properties: - - !ruby/object:Api::Type::Boolean - name: 'allowCsrBasedIssuance' - required: true - description: | - When true, allows callers to create Certificates by specifying a CSR. - - !ruby/object:Api::Type::Boolean - name: 'allowConfigBasedIssuance' - required: true - description: | - When true, allows callers to create Certificates by specifying a CertificateConfig. - - !ruby/object:Api::Type::NestedObject - name: 'identityConstraints' - description: | - Describes constraints on identities that may appear in Certificates issued through this CaPool. - If this is omitted, then this CaPool will not add restrictions on a certificate's identity. - properties: - - !ruby/object:Api::Type::Boolean - name: 'allowSubjectPassthrough' - required: true - send_empty_value: true - description: | - If this is set, the Subject field may be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - - !ruby/object:Api::Type::Boolean - name: 'allowSubjectAltNamesPassthrough' - required: true - send_empty_value: true - description: | - If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - - !ruby/object:Api::Type::NestedObject - name: 'celExpression' - description: | - A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a - certificate is signed. To see the full allowed syntax and some examples, - see https://cloud.google.com/certificate-authority-service/docs/cel-guide - properties: - - !ruby/object:Api::Type::String - name: 'expression' - required: true - description: | - Textual representation of an expression in Common Expression Language syntax. - - !ruby/object:Api::Type::String - name: 'title' - description: | - Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. - - !ruby/object:Api::Type::String - name: 'location' - description: | - String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. - - !ruby/object:Api::Type::NestedObject - name: 'baselineValues' - description: | - A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request - includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate - issuance request will fail. - properties: - - !ruby/object:Api::Type::Array - name: 'additionalExtensions' - description: | - Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Boolean - name: 'critical' - required: true - description: | - Indicates whether or not this extension is critical (i.e., if the client does not know how to - handle this extension, the client should consider this to be an error). - - !ruby/object:Api::Type::String - name: 'value' - required: true - description: | - The value of this X.509 extension. A base64-encoded string. - - !ruby/object:Api::Type::NestedObject - name: 'objectId' - required: true - description: | - Describes values that are relevant in a CA certificate. - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::Array - name: 'policyIds' - description: | - Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::Array - name: 'aiaOcspServers' - item_type: Api::Type::String - description: | - Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - - !ruby/object:Api::Type::NestedObject - name: 'caOptions' - required: true - description: | - Describes values that are relevant in a CA certificate. - properties: - - !ruby/object:Api::Type::Boolean - name: 'isCa' - description: | - When true, the "CA" in Basic Constraints extension will be set to true. - - !ruby/object:Api::Type::Boolean - name: 'nonCa' - url_param_only: true - description: | - When true, the "CA" in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate. - - !ruby/object:Api::Type::Integer - name: 'maxIssuerPathLength' - description: | - Refers to the "path length constraint" in Basic Constraints extension. For a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. - - !ruby/object:Api::Type::Boolean - name: 'zeroMaxIssuerPathLength' - url_param_only: true - description: | - When true, the "path length constraint" in Basic Constraints extension will be set to 0. - if both `max_issuer_path_length` and `zero_max_issuer_path_length` are unset, - the max path length will be omitted from the CA certificate. - - !ruby/object:Api::Type::NestedObject - name: 'keyUsage' - required: true - description: | - Indicates the intended use for keys that correspond to a certificate. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'baseKeyUsage' - required: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::Boolean - name: 'digitalSignature' - description: | - The key may be used for digital signatures. - - !ruby/object:Api::Type::Boolean - name: 'contentCommitment' - description: | - The key may be used for cryptographic commitments. Note that this may also be referred to as "non-repudiation". - - !ruby/object:Api::Type::Boolean - name: 'keyEncipherment' - description: | - The key may be used to encipher other keys. - - !ruby/object:Api::Type::Boolean - name: 'dataEncipherment' - description: | - The key may be used to encipher data. - - !ruby/object:Api::Type::Boolean - name: 'keyAgreement' - description: | - The key may be used in a key agreement protocol. - - !ruby/object:Api::Type::Boolean - name: 'certSign' - description: | - The key may be used to sign certificates. - - !ruby/object:Api::Type::Boolean - name: 'crlSign' - description: | - The key may be used sign certificate revocation lists. - - !ruby/object:Api::Type::Boolean - name: 'encipherOnly' - description: | - The key may be used to encipher only. - - !ruby/object:Api::Type::Boolean - name: 'decipherOnly' - description: | - The key may be used to decipher only. - - !ruby/object:Api::Type::NestedObject - name: 'extendedKeyUsage' - required: true - description: | - Describes high-level ways in which a key may be used. - properties: - - !ruby/object:Api::Type::Boolean - name: 'serverAuth' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW server authentication", though regularly used for non-WWW TLS. - - !ruby/object:Api::Type::Boolean - name: 'clientAuth' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW client authentication", though regularly used for non-WWW TLS. - - !ruby/object:Api::Type::Boolean - name: 'codeSigning' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of downloadable executable code client authentication". - - !ruby/object:Api::Type::Boolean - name: 'emailProtection' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email protection". - - !ruby/object:Api::Type::Boolean - name: 'timeStamping' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding the hash of an object to a time". - - !ruby/object:Api::Type::Boolean - name: 'ocspSigning' - description: | - Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing OCSP responses". - - !ruby/object:Api::Type::Array - name: 'unknownExtendedKeyUsages' - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Array - name: 'objectIdPath' - required: true - item_type: Api::Type::Integer - description: | - An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages. - - !ruby/object:Api::Type::NestedObject - name: 'publishingOptions' - description: | - The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool. - properties: - - !ruby/object:Api::Type::Boolean - name: 'publishCaCert' - required: true - description: | - When true, publishes each CertificateAuthority's CA certificate and includes its URL in the "Authority Information Access" - X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. - - !ruby/object:Api::Type::Boolean - name: 'publishCrl' - required: true - description: | - When true, publishes each CertificateAuthority's CRL and includes its URL in the "CRL Distribution Points" X.509 extension - in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not - be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are - also rebuilt shortly after a certificate is revoked. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: | - Labels with user-defined metadata. - - An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": - "1.3kg", "count": "3" }. - # This resource is only used to generate IAM resources. They do not correspond to real - # GCP resources, and should not be used to generate anything other than IAM support. - - !ruby/object:Api::Resource - name: 'CertificateTemplate' - base_url: projects/{{project}}/locations/{{location}}/certificateTemplates - self_link: projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}} - exclude_resource: true - description: | - Only used to generate IAM resources - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Dummy property. - required: true diff --git a/mmv1/products/privateca/product.yaml b/mmv1/products/privateca/product.yaml new file mode 100644 index 000000000000..11bf7804df5c --- /dev/null +++ b/mmv1/products/privateca/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Privateca +display_name: Certificate Authority Service +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://privateca.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Certificate Authority API + url: https://console.cloud.google.com/apis/api/privateca.googleapis.com diff --git a/mmv1/products/pubsub/Schema.yaml b/mmv1/products/pubsub/Schema.yaml new file mode 100644 index 000000000000..22980a5bb6f2 --- /dev/null +++ b/mmv1/products/pubsub/Schema.yaml @@ -0,0 +1,48 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Schema' +immutable: true +description: | + A schema is a format that messages must follow, + creating a contract between publisher and subscriber that Pub/Sub will enforce. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Creating and managing schemas': + 'https://cloud.google.com/pubsub/docs/schemas' + api: 'https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.schemas' +base_url: projects/{{project}}/schemas +create_url: projects/{{project}}/schemas?schemaId={{name}} +parameters: + - !ruby/object:Api::Type::String + name: 'name' + description: The ID to use for the schema, which will become the final component of the schema's resource name. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::Enum + name: 'type' + description: The type of the schema definition + default_value: :TYPE_UNSPECIFIED + values: + - :TYPE_UNSPECIFIED + - :PROTOCOL_BUFFER + - :AVRO + - !ruby/object:Api::Type::String + name: 'definition' + description: | + The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + diff --git a/mmv1/products/pubsub/Subscription.yaml b/mmv1/products/pubsub/Subscription.yaml new file mode 100644 index 000000000000..ed7213bad949 --- /dev/null +++ b/mmv1/products/pubsub/Subscription.yaml @@ -0,0 +1,295 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Subscription' +description: | + A named resource representing the stream of messages from a single, + specific topic, to be delivered to the subscribing application. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Subscriptions': + 'https://cloud.google.com/pubsub/docs/admin#managing_subscriptions' + api: 'https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions' +base_url: projects/{{project}}/subscriptions +create_verb: :PUT +update_verb: :PATCH +update_mask: true +update_url: projects/{{project}}/subscriptions/{{name}} +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: true + method_name_separator: ':' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the subscription.' + required: true + immutable: true + pattern: 'projects/{{project}}/subscriptions/{{name}}' + - !ruby/object:Api::Type::ResourceRef + name: 'topic' + resource: 'Topic' + imports: 'name' + description: | + A reference to a Topic resource. + required: true + immutable: true + pattern: 'projects/{{project}}/topics/{{topic}}' + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this Subscription. + - !ruby/object:Api::Type::NestedObject + name: 'bigqueryConfig' + conflicts: + - push_config + description: | + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + - !ruby/object:Api::Type::String + name: 'table' + description: | + The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} + required: true + - !ruby/object:Api::Type::Boolean + name: 'useTopicSchema' + description: | + When true, use the topic's schema as the columns to write to in BigQuery, if it exists. + - !ruby/object:Api::Type::Boolean + name: 'writeMetadata' + description: | + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + - !ruby/object:Api::Type::Boolean + name: 'dropUnknownFields' + description: | + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + - !ruby/object:Api::Type::NestedObject + name: 'pushConfig' + conflicts: + - bigquery_config + description: | + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'oidcToken' + description: | + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + - !ruby/object:Api::Type::String + name: 'serviceAccountEmail' + required: true + description: | + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + - !ruby/object:Api::Type::String + name: 'audience' + description: | + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + - !ruby/object:Api::Type::String + name: 'pushEndpoint' + description: | + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + required: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'attributes' + description: | + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + - !ruby/object:Api::Type::Integer + name: 'ackDeadlineSeconds' + description: | + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + - !ruby/object:Api::Type::String + name: 'messageRetentionDuration' + default_value: '604800s' + description: | + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days (`"604800s"`) or less than 10 minutes (`"600s"`). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: `"600.5s"`. + - !ruby/object:Api::Type::Boolean + name: 'retainAckedMessages' + description: | + Indicates whether to retain acknowledged messages. If `true`, then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + - !ruby/object:Api::Type::NestedObject + name: 'expirationPolicy' + allow_empty_object: true + send_empty_value: true + description: | + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + - !ruby/object:Api::Type::String + name: 'ttl' + required: true + description: | + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is not set, the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + - !ruby/object:Api::Type::String + name: 'filter' + required: false + description: | + The subscription only delivers the messages that match the filter. + Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages + by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, + you can't modify the filter. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'deadLetterPolicy' + send_empty_value: true + description: | + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + - !ruby/object:Api::Type::String + name: 'deadLetterTopic' + description: | + The name of the topic to which dead letter messages should be published. + Format is `projects/{project}/topics/{topic}`. + + The Cloud Pub/Sub service account associated with the enclosing subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Publish() to this topic. + + The operation will fail if the topic does not exist. + Users should ensure that there is a subscription attached to this topic + since messages published to a topic with no subscriptions are lost. + - !ruby/object:Api::Type::Integer + name: 'maxDeliveryAttempts' + description: | + The maximum number of delivery attempts for any message. The value must be + between 5 and 100. + + The number of delivery attempts is defined as 1 + (the sum of number of + NACKs and number of times the acknowledgement deadline has been exceeded for the message). + + A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that + client libraries may automatically extend ack_deadlines. + + This field will be honored on a best effort basis. + + If this parameter is 0, a default value of 5 is used. + - !ruby/object:Api::Type::NestedObject + name: 'retryPolicy' + description: | + A policy that specifies how Pub/Sub retries message delivery for this subscription. + + If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. + RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message + properties: + - !ruby/object:Api::Type::String + name: 'minimumBackoff' + description: | + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::String + name: 'maximumBackoff' + description: | + The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::Boolean + name: 'enableMessageOrdering' + immutable: true + description: | + If `true`, messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + - !ruby/object:Api::Type::Boolean + name: 'enableExactlyOnceDelivery' + description: | + If `true`, Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when `enable_exactly_once_delivery` + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values diff --git a/mmv1/products/pubsub/Topic.yaml b/mmv1/products/pubsub/Topic.yaml new file mode 100644 index 000000000000..170cc571a571 --- /dev/null +++ b/mmv1/products/pubsub/Topic.yaml @@ -0,0 +1,100 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Topic' +description: | + A named resource to which messages are sent by publishers. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Topics': + 'https://cloud.google.com/pubsub/docs/admin#managing_topics' + api: 'https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics' +base_url: projects/{{project}}/topics +create_verb: :PUT +update_verb: :PATCH +update_mask: true +update_url: projects/{{project}}/topics/{{name}} +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude: false + method_name_separator: ':' +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + description: 'Name of the topic.' + immutable: true + pattern: 'projects/{{project}}/topics/{{name}}' + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + The resource name of the Cloud KMS CryptoKey to be used to protect access + to messages published on this topic. Your project's PubSub service account + (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) must have + `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. + The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*` + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this Topic. + - !ruby/object:Api::Type::NestedObject + name: 'messageStoragePolicy' + description: | + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + - !ruby/object:Api::Type::Array + name: 'allowedPersistenceRegions' + description: | + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + item_type: Api::Type::String + required: true + - !ruby/object:Api::Type::NestedObject + name: 'schemaSettings' + description: | + Settings for validating messages published against a schema. + properties: + - !ruby/object:Api::Type::String + name: 'schema' + description: | + The name of the schema that messages published should be + validated against. Format is projects/{project}/schemas/{schema}. + The value of this field will be _deleted-schema_ + if the schema has been deleted. + required: true + immutable: true + - !ruby/object:Api::Type::Enum + name: 'encoding' + description: The encoding of messages validated against schema. + immutable: true + default_value: :ENCODING_UNSPECIFIED + values: + - :ENCODING_UNSPECIFIED + - :JSON + - :BINARY + - !ruby/object:Api::Type::String + name: 'messageRetentionDuration' + description: | + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. diff --git a/mmv1/products/pubsub/api.yaml b/mmv1/products/pubsub/api.yaml deleted file mode 100644 index 53b5db0c7602..000000000000 --- a/mmv1/products/pubsub/api.yaml +++ /dev/null @@ -1,430 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Pubsub -display_name: Cloud Pub/Sub -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://pubsub.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/pubsub -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Pub/Sub API - url: https://console.cloud.google.com/apis/library/pubsub.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Topic' - description: | - A named resource to which messages are sent by publishers. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Topics': - 'https://cloud.google.com/pubsub/docs/admin#managing_topics' - api: 'https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics' - base_url: projects/{{project}}/topics - create_verb: :PUT - update_verb: :PATCH - update_mask: true - update_url: projects/{{project}}/topics/{{name}} - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: false - method_name_separator: ':' - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: 'Name of the topic.' - input: true - pattern: 'projects/{{project}}/topics/{{name}}' - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - description: | - The resource name of the Cloud KMS CryptoKey to be used to protect access - to messages published on this topic. Your project's PubSub service account - (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) must have - `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. - The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*` - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this Topic. - - !ruby/object:Api::Type::NestedObject - name: 'messageStoragePolicy' - description: | - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - - !ruby/object:Api::Type::Array - name: 'allowedPersistenceRegions' - description: | - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - item_type: Api::Type::String - required: true - - !ruby/object:Api::Type::NestedObject - name: 'schemaSettings' - description: | - Settings for validating messages published against a schema. - properties: - - !ruby/object:Api::Type::String - name: 'schema' - description: | - The name of the schema that messages published should be - validated against. Format is projects/{project}/schemas/{schema}. - The value of this field will be _deleted-schema_ - if the schema has been deleted. - required: true - input: true - - !ruby/object:Api::Type::Enum - name: 'encoding' - description: The encoding of messages validated against schema. - input: true - default_value: :ENCODING_UNSPECIFIED - values: - - :ENCODING_UNSPECIFIED - - :JSON - - :BINARY - - !ruby/object:Api::Type::String - name: 'messageRetentionDuration' - description: | - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - - !ruby/object:Api::Resource - name: 'Subscription' - description: | - A named resource representing the stream of messages from a single, - specific topic, to be delivered to the subscribing application. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Subscriptions': - 'https://cloud.google.com/pubsub/docs/admin#managing_subscriptions' - api: 'https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.subscriptions' - base_url: projects/{{project}}/subscriptions - create_verb: :PUT - update_verb: :PATCH - update_mask: true - update_url: projects/{{project}}/subscriptions/{{name}} - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude: true - method_name_separator: ':' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the subscription.' - required: true - input: true - pattern: 'projects/{{project}}/subscriptions/{{name}}' - - !ruby/object:Api::Type::ResourceRef - name: 'topic' - resource: 'Topic' - imports: 'name' - description: | - A reference to a Topic resource. - required: true - input: true - pattern: 'projects/{{project}}/topics/{{topic}}' - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this Subscription. - - !ruby/object:Api::Type::NestedObject - name: 'bigqueryConfig' - conflicts: - - push_config - description: | - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - - !ruby/object:Api::Type::String - name: 'table' - description: | - The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId} - required: true - - !ruby/object:Api::Type::Boolean - name: 'useTopicSchema' - description: | - When true, use the topic's schema as the columns to write to in BigQuery, if it exists. - - !ruby/object:Api::Type::Boolean - name: 'writeMetadata' - description: | - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - - !ruby/object:Api::Type::Boolean - name: 'dropUnknownFields' - description: | - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - - !ruby/object:Api::Type::NestedObject - name: 'pushConfig' - conflicts: - - bigquery_config - description: | - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'oidcToken' - description: | - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - - !ruby/object:Api::Type::String - name: 'serviceAccountEmail' - required: true - description: | - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - - !ruby/object:Api::Type::String - name: 'audience' - description: | - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - - !ruby/object:Api::Type::String - name: 'pushEndpoint' - description: | - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - required: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'attributes' - description: | - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - - !ruby/object:Api::Type::Integer - name: 'ackDeadlineSeconds' - description: | - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - - !ruby/object:Api::Type::String - name: 'messageRetentionDuration' - default_value: '604800s' - description: | - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days (`"604800s"`) or less than 10 minutes (`"600s"`). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: `"600.5s"`. - - !ruby/object:Api::Type::Boolean - name: 'retainAckedMessages' - description: | - Indicates whether to retain acknowledged messages. If `true`, then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - - !ruby/object:Api::Type::NestedObject - name: 'expirationPolicy' - allow_empty_object: true - send_empty_value: true - description: | - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - - !ruby/object:Api::Type::String - name: 'ttl' - required: true - description: | - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - - !ruby/object:Api::Type::String - name: 'filter' - required: false - description: | - The subscription only delivers the messages that match the filter. - Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages - by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, - you can't modify the filter. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'deadLetterPolicy' - send_empty_value: true - description: | - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - - !ruby/object:Api::Type::String - name: 'deadLetterTopic' - description: | - The name of the topic to which dead letter messages should be published. - Format is `projects/{project}/topics/{topic}`. - - The Cloud Pub/Sub service account associated with the enclosing subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Publish() to this topic. - - The operation will fail if the topic does not exist. - Users should ensure that there is a subscription attached to this topic - since messages published to a topic with no subscriptions are lost. - - !ruby/object:Api::Type::Integer - name: 'maxDeliveryAttempts' - description: | - The maximum number of delivery attempts for any message. The value must be - between 5 and 100. - - The number of delivery attempts is defined as 1 + (the sum of number of - NACKs and number of times the acknowledgement deadline has been exceeded for the message). - - A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that - client libraries may automatically extend ack_deadlines. - - This field will be honored on a best effort basis. - - If this parameter is 0, a default value of 5 is used. - - !ruby/object:Api::Type::NestedObject - name: 'retryPolicy' - description: | - A policy that specifies how Pub/Sub retries message delivery for this subscription. - - If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. - RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message - properties: - - !ruby/object:Api::Type::String - name: 'minimumBackoff' - description: | - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::String - name: 'maximumBackoff' - description: | - The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::Boolean - name: 'enableMessageOrdering' - input: true - description: | - If `true`, messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - - !ruby/object:Api::Type::Boolean - name: 'enableExactlyOnceDelivery' - description: | - If `true`, Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when `enable_exactly_once_delivery` - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values - - !ruby/object:Api::Resource - name: 'Schema' - input: true - description: | - A schema is a format that messages must follow, - creating a contract between publisher and subscriber that Pub/Sub will enforce. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Creating and managing schemas': - 'https://cloud.google.com/pubsub/docs/schemas' - api: 'https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.schemas' - base_url: projects/{{project}}/schemas - create_url: projects/{{project}}/schemas?schemaId={{name}} - parameters: - - !ruby/object:Api::Type::String - name: 'name' - description: The ID to use for the schema, which will become the final component of the schema's resource name. - required: true - input: true - properties: - - !ruby/object:Api::Type::Enum - name: 'type' - description: The type of the schema definition - default_value: :TYPE_UNSPECIFIED - values: - - :TYPE_UNSPECIFIED - - :PROTOCOL_BUFFER - - :AVRO - - !ruby/object:Api::Type::String - name: 'definition' - description: | - The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. diff --git a/mmv1/products/pubsub/product.yaml b/mmv1/products/pubsub/product.yaml new file mode 100644 index 000000000000..f63d92f5d171 --- /dev/null +++ b/mmv1/products/pubsub/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Pubsub +display_name: Cloud Pub/Sub +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://pubsub.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/pubsub +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Pub/Sub API + url: https://console.cloud.google.com/apis/library/pubsub.googleapis.com/ diff --git a/mmv1/products/pubsub/test.yaml b/mmv1/products/pubsub/test.yaml deleted file mode 100644 index 8e3f775a7a34..000000000000 --- a/mmv1/products/pubsub/test.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -Topic: - present: - not_exist: - success: - title_and_name: - before: | - expect_network_get_failed 1, name: 'test name#0 data' - expect_network_create \\ - 1, - name: 'projects/test project#0 data/topics/test name#0 data' - title_eq_name: - before: | - expect_network_get_failed 1, name: 'title0' - expect_network_create \\ - 1, - { - 'name' => 'projects/test project#0 data/topics/title0' - }, - name: 'title0' -Subscription: - present: - not_exist: - success: - title_and_name: - before: | - expect_network_get_failed 1, name: 'test name#0 data' - expect_network_create \\ - 1, - { - 'name' => - 'projects/test project#0 data/subscriptions/test name#0 data', - 'topic' => - 'projects/test project#0 data/topics/test name#0 data', - 'pushConfig' => { - 'pushEndpoint' => 'test push_endpoint#0 data' - }, - 'ackDeadlineSeconds' => 1_733_817_478 - }, - name: 'test name#0 data' - expect_network_get_success_topic 1, name: 'test name#0 data' - title_eq_name: - before: | - expect_network_get_failed 1, name: 'title0' - expect_network_create \\ - 1, - { - 'name' => - 'projects/test project#0 data/subscriptions/title0', - 'topic' => - 'projects/test project#0 data/topics/test name#0 data', - 'pushConfig' => { - 'pushEndpoint' => 'test push_endpoint#0 data' - }, - 'ackDeadlineSeconds' => 1_733_817_478 - }, - name: 'title0' - expect_network_get_success_topic 1, name: 'test name#0 data' diff --git a/mmv1/products/pubsublite/Reservation.yaml b/mmv1/products/pubsublite/Reservation.yaml new file mode 100644 index 000000000000..dc5dd31dc5b9 --- /dev/null +++ b/mmv1/products/pubsublite/Reservation.yaml @@ -0,0 +1,46 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Reservation' +description: | + A named resource representing a shared pool of capacity. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Reservations': + 'https://cloud.google.com/pubsub/lite/docs/reservations' + api: 'https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.reservations' +base_url: projects/{{project}}/locations/{{region}}/reservations +create_url: projects/{{project}}/locations/{{region}}/reservations?reservationId={{name}} +update_verb: :PATCH +update_mask: true +update_url: projects/{{project}}/locations/{{region}}/reservations/{{name}} +parameters: +- !ruby/object:Api::Type::String + name: region + description: The region of the pubsub lite reservation. + url_param_only: true +- !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the reservation.' + required: true + immutable: true + url_param_only: true +properties: +- !ruby/object:Api::Type::Integer + name: 'throughputCapacity' + description: | + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + required: true diff --git a/mmv1/products/pubsublite/Subscription.yaml b/mmv1/products/pubsublite/Subscription.yaml new file mode 100644 index 000000000000..307bf9edde2a --- /dev/null +++ b/mmv1/products/pubsublite/Subscription.yaml @@ -0,0 +1,68 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Subscription' +description: | + A named resource representing the stream of messages from a single, + specific topic, to be delivered to the subscribing application. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Subscriptions': + 'https://cloud.google.com/pubsub/lite/docs/subscriptions' + api: 'https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.subscriptions' +base_url: projects/{{project}}/locations/{{zone}}/subscriptions +create_url: projects/{{project}}/locations/{{zone}}/subscriptions?subscriptionId={{name}} +update_verb: :PATCH +update_mask: true +update_url: projects/{{project}}/locations/{{zone}}/subscriptions/{{name}} +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the pubsub lite topic. + url_param_only: true + - !ruby/object:Api::Type::String + name: zone + description: The zone of the pubsub lite topic. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the subscription.' + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::ResourceRef + name: 'topic' + resource: 'Topic' + imports: 'name' + description: | + A reference to a Topic resource. + required: true + immutable: true + pattern: 'projects/{{project}}/locations/{{zone}}/topics/{{name}}' + - !ruby/object:Api::Type::NestedObject + name: 'deliveryConfig' + description: | + The settings for this subscription's message delivery. + properties: + - !ruby/object:Api::Type::Enum + name: 'deliveryRequirement' + required: true + description: | + When this subscription should send messages to subscribers relative to messages persistence in storage. + values: + - :DELIVER_IMMEDIATELY + - :DELIVER_AFTER_STORED + - :DELIVERY_REQUIREMENT_UNSPECIFIED + diff --git a/mmv1/products/pubsublite/Topic.yaml b/mmv1/products/pubsublite/Topic.yaml new file mode 100644 index 000000000000..29a7f3a1f76e --- /dev/null +++ b/mmv1/products/pubsublite/Topic.yaml @@ -0,0 +1,99 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Topic' +description: | + A named resource to which messages are sent by publishers. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Topics': + 'https://cloud.google.com/pubsub/lite/docs/topics' + api: 'https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.topics' +base_url: projects/{{project}}/locations/{{zone}}/topics +create_url: projects/{{project}}/locations/{{zone}}/topics?topicId={{name}} +update_verb: :PATCH +update_mask: true +update_url: projects/{{project}}/locations/{{zone}}/topics/{{name}} +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the pubsub lite topic. + url_param_only: true + - !ruby/object:Api::Type::String + name: zone + description: The zone of the pubsub lite topic. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'Name of the topic.' + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::NestedObject + name: 'partitionConfig' + description: | + The settings for this topic's partitions. + properties: + - !ruby/object:Api::Type::Integer + name: 'count' + description: | + The number of partitions in the topic. Must be at least 1. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'capacity' + description: | + The capacity configuration. + properties: + - !ruby/object:Api::Type::Integer + name: 'publishMibPerSec' + description: | + Subscribe throughput capacity per partition in MiB/s. Must be >= 4 and <= 16. + required: true + - !ruby/object:Api::Type::Integer + name: 'subscribeMibPerSec' + description: | + Publish throughput capacity per partition in MiB/s. Must be >= 4 and <= 16. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'retentionConfig' + description: | + The settings for a topic's message retention. + properties: + - !ruby/object:Api::Type::String + name: 'perPartitionBytes' + description: | + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + required: true + - !ruby/object:Api::Type::String + name: 'period' + description: | + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + - !ruby/object:Api::Type::NestedObject + name: 'reservationConfig' + description: | + The settings for this topic's Reservation usage. + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'throughputReservation' + resource: 'Reservation' + imports: 'name' + description: | + The Reservation to use for this topic's throughput capacity. + pattern: 'projects/{{project}}/locations/{{region}}/reservations/{{name}}' diff --git a/mmv1/products/pubsublite/api.yaml b/mmv1/products/pubsublite/api.yaml deleted file mode 100644 index 01322d74f473..000000000000 --- a/mmv1/products/pubsublite/api.yaml +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: PubsubLite -display_name: Cloud Pub/Sub # Merges docs under Pub/Sub -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://{{region}}-pubsublite.googleapis.com/v1/admin/ - cai_base_url: https://pubsublite.googleapis.com/v1/admin/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Pub/Sub Lite API - url: https://console.cloud.google.com/apis/library/pubsublite.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Reservation' - description: | - A named resource representing a shared pool of capacity. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Reservations': - 'https://cloud.google.com/pubsub/lite/docs/reservations' - api: 'https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.reservations' - base_url: projects/{{project}}/locations/{{region}}/reservations - create_url: projects/{{project}}/locations/{{region}}/reservations?reservationId={{name}} - update_verb: :PATCH - update_mask: true - update_url: projects/{{project}}/locations/{{region}}/reservations/{{name}} - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the pubsub lite reservation. - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the reservation.' - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::Integer - name: 'throughputCapacity' - description: | - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - required: true - - !ruby/object:Api::Resource - name: 'Topic' - description: | - A named resource to which messages are sent by publishers. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Topics': - 'https://cloud.google.com/pubsub/lite/docs/topics' - api: 'https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.topics' - base_url: projects/{{project}}/locations/{{zone}}/topics - create_url: projects/{{project}}/locations/{{zone}}/topics?topicId={{name}} - update_verb: :PATCH - update_mask: true - update_url: projects/{{project}}/locations/{{zone}}/topics/{{name}} - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the pubsub lite topic. - url_param_only: true - - !ruby/object:Api::Type::String - name: zone - description: The zone of the pubsub lite topic. - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the topic.' - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::NestedObject - name: 'partitionConfig' - description: | - The settings for this topic's partitions. - properties: - - !ruby/object:Api::Type::Integer - name: 'count' - description: | - The number of partitions in the topic. Must be at least 1. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'capacity' - description: | - The capacity configuration. - properties: - - !ruby/object:Api::Type::Integer - name: 'publishMibPerSec' - description: | - Subscribe throughput capacity per partition in MiB/s. Must be >= 4 and <= 16. - required: true - - !ruby/object:Api::Type::Integer - name: 'subscribeMibPerSec' - description: | - Publish throughput capacity per partition in MiB/s. Must be >= 4 and <= 16. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'retentionConfig' - description: | - The settings for a topic's message retention. - properties: - - !ruby/object:Api::Type::String - name: 'perPartitionBytes' - description: | - The provisioned storage, in bytes, per partition. If the number of bytes stored - in any of the topic's partitions grows beyond this value, older messages will be - dropped to make room for newer ones, regardless of the value of period. - required: true - - !ruby/object:Api::Type::String - name: 'period' - description: | - How long a published message is retained. If unset, messages will be retained as - long as the bytes retained for each partition is below perPartitionBytes. A - duration in seconds with up to nine fractional digits, terminated by 's'. - Example: "3.5s". - - !ruby/object:Api::Type::NestedObject - name: 'reservationConfig' - description: | - The settings for this topic's Reservation usage. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'throughputReservation' - resource: 'Reservation' - imports: 'name' - description: | - The Reservation to use for this topic's throughput capacity. - pattern: 'projects/{{project}}/locations/{{region}}/reservations/{{name}}' - - !ruby/object:Api::Resource - name: 'Subscription' - description: | - A named resource representing the stream of messages from a single, - specific topic, to be delivered to the subscribing application. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Subscriptions': - 'https://cloud.google.com/pubsub/lite/docs/subscriptions' - api: 'https://cloud.google.com/pubsub/lite/docs/reference/rest/v1/admin.projects.locations.subscriptions' - base_url: projects/{{project}}/locations/{{zone}}/subscriptions - create_url: projects/{{project}}/locations/{{zone}}/subscriptions?subscriptionId={{name}} - update_verb: :PATCH - update_mask: true - update_url: projects/{{project}}/locations/{{zone}}/subscriptions/{{name}} - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the pubsub lite topic. - url_param_only: true - - !ruby/object:Api::Type::String - name: zone - description: The zone of the pubsub lite topic. - url_param_only: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'Name of the subscription.' - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'topic' - resource: 'Topic' - imports: 'name' - description: | - A reference to a Topic resource. - required: true - input: true - pattern: 'projects/{{project}}/locations/{{zone}}/topics/{{name}}' - - !ruby/object:Api::Type::NestedObject - name: 'deliveryConfig' - description: | - The settings for this subscription's message delivery. - properties: - - !ruby/object:Api::Type::Enum - name: 'deliveryRequirement' - required: true - description: | - When this subscription should send messages to subscribers relative to messages persistence in storage. - values: - - :DELIVER_IMMEDIATELY - - :DELIVER_AFTER_STORED - - :DELIVERY_REQUIREMENT_UNSPECIFIED diff --git a/mmv1/products/pubsublite/product.yaml b/mmv1/products/pubsublite/product.yaml new file mode 100644 index 000000000000..5060d5f2f48f --- /dev/null +++ b/mmv1/products/pubsublite/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: PubsubLite +display_name: Cloud Pub/Sub # Merges docs under Pub/Sub +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://{{region}}-pubsublite.googleapis.com/v1/admin/ + cai_base_url: https://pubsublite.googleapis.com/v1/admin/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Pub/Sub Lite API + url: https://console.cloud.google.com/apis/library/pubsublite.googleapis.com/ diff --git a/mmv1/products/redis/Instance.yaml b/mmv1/products/redis/Instance.yaml new file mode 100644 index 000000000000..2b8eb486ea3d --- /dev/null +++ b/mmv1/products/redis/Instance.yaml @@ -0,0 +1,429 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +base_url: projects/{{project}}/locations/{{region}}/instances +create_url: projects/{{project}}/locations/{{region}}/instances?instanceId={{name}} +update_verb: :PATCH +update_mask: true +description: | + A Google Cloud Redis instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/memorystore/docs/redis/' + api: 'https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances' +parameters: + - !ruby/object:Api::Type::String # TODO: resourceref? + name: 'region' + description: | + The name of the Redis region of the instance. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: alternativeLocationId + description: | + Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + immutable: true + - !ruby/object:Api::Type::Boolean + name: authEnabled + description: | + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + default_value: false + - !ruby/object:Api::Type::String + name: authorizedNetwork + description: | + The full name of the Google Compute Engine network to which the + instance is connected. If left unspecified, the default network + will be used. + immutable: true + - !ruby/object:Api::Type::Enum + name: connectMode + description: | + The connection mode of the Redis instance. + immutable: true + values: + - :DIRECT_PEERING + - :PRIVATE_SERVICE_ACCESS + default_value: :DIRECT_PEERING + - !ruby/object:Api::Type::Time + name: createTime + description: | + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + output: true + - !ruby/object:Api::Type::String + name: currentLocationId + description: | + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + output: true + - !ruby/object:Api::Type::String + name: displayName + description: | + An arbitrary and optional user-provided name for the instance. + - !ruby/object:Api::Type::String + name: host + description: | + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: Resource labels to represent user provided metadata. + - !ruby/object:Api::Type::KeyValuePairs + name: 'redisConfigs' + description: | + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs + - !ruby/object:Api::Type::String + name: locationId + description: | + The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + immutable: true + - !ruby/object:Api::Type::String + name: name + description: | + The ID of the instance or a fully qualified identifier for the instance. + required: true + immutable: true + - !ruby/object:Api::Type::NestedObject + name: persistenceConfig + description: Persistence configuration for an instance. + properties: + - !ruby/object:Api::Type::Enum + name: 'persistenceMode' + required: true + description: | + Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used. + + - DISABLED: Persistence is disabled for the instance, and any existing snapshots are deleted. + - RDB: RDB based Persistence is enabled. + values: + - :DISABLED + - :RDB + - !ruby/object:Api::Type::Enum + name: 'rdbSnapshotPeriod' + required: false + description: | + Optional. Available snapshot periods for scheduling. + + - ONE_HOUR: Snapshot every 1 hour. + - SIX_HOURS: Snapshot every 6 hours. + - TWELVE_HOURS: Snapshot every 12 hours. + - TWENTY_FOUR_HOURS: Snapshot every 24 hours. + values: + - :ONE_HOUR + - :SIX_HOURS + - :TWELVE_HOURS + - :TWENTY_FOUR_HOURS + - !ruby/object:Api::Type::String + name: 'rdbNextSnapshotTime' + output: true + description: | + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: 'rdbSnapshotStartTime' + description: | + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::NestedObject + name: maintenancePolicy + description: Maintenance policy for an instance. + properties: + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'description' + description: | + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + - !ruby/object:Api::Type::Array + name: 'weeklyMaintenanceWindow' + description: | + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'day' + required: true + description: | + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday + values: + - :DAY_OF_WEEK_UNSPECIFIED + - :MONDAY + - :TUESDAY + - :WEDNESDAY + - :THURSDAY + - :FRIDAY + - :SATURDAY + - :SUNDAY + - !ruby/object:Api::Type::String + name: 'duration' + output: true + description: | + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::NestedObject + name: 'startTime' + required: true + allow_empty_object: true + send_empty_value: true + description: | + Required. Start time of the window in UTC time. + properties: + - !ruby/object:Api::Type::Integer + name: 'hours' + description: | + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + - !ruby/object:Api::Type::Integer + name: 'minutes' + description: | + Minutes of hour of day. Must be from 0 to 59. + - !ruby/object:Api::Type::Integer + name: 'seconds' + description: | + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + - !ruby/object:Api::Type::Integer + name: 'nanos' + description: | + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + - !ruby/object:Api::Type::NestedObject + name: maintenanceSchedule + description: Upcoming maintenance schedule. + properties: + - !ruby/object:Api::Type::String + name: 'startTime' + output: true + description: | + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'endTime' + output: true + description: | + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'scheduleDeadlineTime' + output: true + description: | + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + - !ruby/object:Api::Type::Integer + name: memorySizeGb + description: Redis memory size in GiB. + required: true + - !ruby/object:Api::Type::Integer + name: port + description: The port number of the exposed Redis endpoint. + output: true + - !ruby/object:Api::Type::String + name: persistenceIamIdentity + description: | + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + output: true + - !ruby/object:Api::Type::String + name: redisVersion + description: | + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + - !ruby/object:Api::Type::String + name: reservedIpRange + description: | + The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + immutable: true + # In some situations the returned IP range may not match the sent value + # but will be a subset of the range. + ignore_read: true + - !ruby/object:Api::Type::Enum + name: tier + description: | + The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances + values: + - :BASIC + - :STANDARD_HA + default_value: :BASIC + immutable: true + - !ruby/object:Api::Type::Enum + name: transitEncryptionMode + immutable: true + description: | + The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication + values: + - :SERVER_AUTHENTICATION + - :DISABLED + default_value: :DISABLED + - !ruby/object:Api::Type::Array + name: 'serverCaCerts' + description: | + List of server CA certificates for the instance. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'serialNumber' + output: true + description: | + Serial number, as extracted from the certificate. + - !ruby/object:Api::Type::String + name: 'cert' + output: true + description: | + The certificate data in PEM format. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The time when the certificate was created. + - !ruby/object:Api::Type::String + name: 'expireTime' + output: true + description: | + The time when the certificate expires. + - !ruby/object:Api::Type::String + name: 'sha1Fingerprint' + output: true + description: | + Sha1 Fingerprint of the certificate. + - !ruby/object:Api::Type::Integer + name: replicaCount + description: | + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + - !ruby/object:Api::Type::Array + name: nodes + description: | + Output only. Info per node. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'id' + output: true + description: | + Node identifying string. e.g. 'node-0', 'node-1' + - !ruby/object:Api::Type::String + name: 'zone' + output: true + description: | + Location of the node. + - !ruby/object:Api::Type::String + name: readEndpoint + description: | + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + output: true + - !ruby/object:Api::Type::Integer + name: readEndpointPort + description: | + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + output: true + - !ruby/object:Api::Type::Enum + name: readReplicasMode + description: | + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. + values: + - :READ_REPLICAS_DISABLED + - :READ_REPLICAS_ENABLED + - !ruby/object:Api::Type::String + name: secondaryIpRange + description: | + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + - !ruby/object:Api::Type::String + name: customerManagedKey + immutable: true + description: | + Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis + instance. If this is provided, CMEK is enabled. + diff --git a/mmv1/products/redis/api.yaml b/mmv1/products/redis/api.yaml deleted file mode 100644 index 62be091d0ab1..000000000000 --- a/mmv1/products/redis/api.yaml +++ /dev/null @@ -1,455 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Redis -display_name: Memorystore (Redis) -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://redis.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://redis.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Instance' - base_url: projects/{{project}}/locations/{{region}}/instances - create_url: projects/{{project}}/locations/{{region}}/instances?instanceId={{name}} - update_verb: :PATCH - update_mask: true - description: | - A Google Cloud Redis instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/memorystore/docs/redis/' - api: 'https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances' - parameters: - - !ruby/object:Api::Type::String # TODO: resourceref? - name: 'region' - description: | - The name of the Redis region of the instance. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: alternativeLocationId - description: | - Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - input: true - - !ruby/object:Api::Type::Boolean - name: authEnabled - description: | - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - default_value: false - - !ruby/object:Api::Type::String - name: authorizedNetwork - description: | - The full name of the Google Compute Engine network to which the - instance is connected. If left unspecified, the default network - will be used. - input: true - - !ruby/object:Api::Type::Enum - name: connectMode - description: | - The connection mode of the Redis instance. - input: true - values: - - :DIRECT_PEERING - - :PRIVATE_SERVICE_ACCESS - default_value: :DIRECT_PEERING - - !ruby/object:Api::Type::Time - name: createTime - description: | - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - output: true - - !ruby/object:Api::Type::String - name: currentLocationId - description: | - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - output: true - - !ruby/object:Api::Type::String - name: displayName - description: | - An arbitrary and optional user-provided name for the instance. - - !ruby/object:Api::Type::String - name: host - description: | - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: Resource labels to represent user provided metadata. - - !ruby/object:Api::Type::KeyValuePairs - name: 'redisConfigs' - description: | - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs - - !ruby/object:Api::Type::String - name: locationId - description: | - The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - input: true - - !ruby/object:Api::Type::String - name: name - description: | - The ID of the instance or a fully qualified identifier for the instance. - required: true - input: true - - !ruby/object:Api::Type::NestedObject - name: persistenceConfig - description: Persistence configuration for an instance. - properties: - - !ruby/object:Api::Type::Enum - name: 'persistenceMode' - required: true - description: | - Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used. - - - DISABLED: Persistence is disabled for the instance, and any existing snapshots are deleted. - - RDB: RDB based Persistence is enabled. - values: - - :DISABLED - - :RDB - - !ruby/object:Api::Type::Enum - name: 'rdbSnapshotPeriod' - required: false - description: | - Optional. Available snapshot periods for scheduling. - - - ONE_HOUR: Snapshot every 1 hour. - - SIX_HOURS: Snapshot every 6 hours. - - TWELVE_HOURS: Snapshot every 12 hours. - - TWENTY_FOUR_HOURS: Snapshot every 24 hours. - values: - - :ONE_HOUR - - :SIX_HOURS - - :TWELVE_HOURS - - :TWENTY_FOUR_HOURS - - !ruby/object:Api::Type::String - name: 'rdbNextSnapshotTime' - output: true - description: | - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: 'rdbSnapshotStartTime' - description: | - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::NestedObject - name: maintenancePolicy - description: Maintenance policy for an instance. - properties: - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'description' - description: | - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - - !ruby/object:Api::Type::Array - name: 'weeklyMaintenanceWindow' - description: | - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Enum - name: 'day' - required: true - description: | - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday - values: - - :DAY_OF_WEEK_UNSPECIFIED - - :MONDAY - - :TUESDAY - - :WEDNESDAY - - :THURSDAY - - :FRIDAY - - :SATURDAY - - :SUNDAY - - !ruby/object:Api::Type::String - name: 'duration' - output: true - description: | - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::NestedObject - name: 'startTime' - required: true - allow_empty_object: true - send_empty_value: true - description: | - Required. Start time of the window in UTC time. - properties: - - !ruby/object:Api::Type::Integer - name: 'hours' - description: | - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - - !ruby/object:Api::Type::Integer - name: 'minutes' - description: | - Minutes of hour of day. Must be from 0 to 59. - - !ruby/object:Api::Type::Integer - name: 'seconds' - description: | - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - - !ruby/object:Api::Type::Integer - name: 'nanos' - description: | - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - - !ruby/object:Api::Type::NestedObject - name: maintenanceSchedule - description: Upcoming maintenance schedule. - properties: - - !ruby/object:Api::Type::String - name: 'startTime' - output: true - description: | - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'endTime' - output: true - description: | - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'scheduleDeadlineTime' - output: true - description: | - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - - !ruby/object:Api::Type::Integer - name: memorySizeGb - description: Redis memory size in GiB. - required: true - - !ruby/object:Api::Type::Integer - name: port - description: The port number of the exposed Redis endpoint. - output: true - - !ruby/object:Api::Type::String - name: persistenceIamIdentity - description: | - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - output: true - - !ruby/object:Api::Type::String - name: redisVersion - description: | - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - - !ruby/object:Api::Type::String - name: reservedIpRange - description: | - The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - input: true - - !ruby/object:Api::Type::Enum - name: tier - description: | - The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances - values: - - :BASIC - - :STANDARD_HA - default_value: :BASIC - input: true - - !ruby/object:Api::Type::Enum - name: transitEncryptionMode - input: true - description: | - The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication - values: - - :SERVER_AUTHENTICATION - - :DISABLED - default_value: :DISABLED - - !ruby/object:Api::Type::Array - name: 'serverCaCerts' - description: | - List of server CA certificates for the instance. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'serialNumber' - output: true - description: | - Serial number, as extracted from the certificate. - - !ruby/object:Api::Type::String - name: 'cert' - output: true - description: | - The certificate data in PEM format. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The time when the certificate was created. - - !ruby/object:Api::Type::String - name: 'expireTime' - output: true - description: | - The time when the certificate expires. - - !ruby/object:Api::Type::String - name: 'sha1Fingerprint' - output: true - description: | - Sha1 Fingerprint of the certificate. - - !ruby/object:Api::Type::Integer - name: replicaCount - description: | - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - - !ruby/object:Api::Type::Array - name: nodes - description: | - Output only. Info per node. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'id' - output: true - description: | - Node identifying string. e.g. 'node-0', 'node-1' - - !ruby/object:Api::Type::String - name: 'zone' - output: true - description: | - Location of the node. - - !ruby/object:Api::Type::String - name: readEndpoint - description: | - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. - output: true - - !ruby/object:Api::Type::Integer - name: readEndpointPort - description: | - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - output: true - - !ruby/object:Api::Type::Enum - name: readReplicasMode - description: | - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. - values: - - :READ_REPLICAS_DISABLED - - :READ_REPLICAS_ENABLED - - !ruby/object:Api::Type::String - name: secondaryIpRange - description: | - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - - !ruby/object:Api::Type::String - name: customerManagedKey - input: true - description: | - Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis - instance. If this is provided, CMEK is enabled. diff --git a/mmv1/products/redis/product.yaml b/mmv1/products/redis/product.yaml new file mode 100644 index 000000000000..3aa40f3aa7fa --- /dev/null +++ b/mmv1/products/redis/product.yaml @@ -0,0 +1,42 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Redis +display_name: Memorystore (Redis) +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://redis.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://redis.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/redis/terraform.yaml b/mmv1/products/redis/terraform.yaml index 2f9b3d9c72e5..30e2c126fb74 100644 --- a/mmv1/products/redis/terraform.yaml +++ b/mmv1/products/redis/terraform.yaml @@ -46,7 +46,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides instance_name: "ha-memory-cache-persis" network_name: "redis-test-network" test_vars_overrides: - network_name: 'BootstrapSharedTestNetwork(t, "redis-mrr")' + network_name: 'BootstrapSharedTestNetwork(t, "redis-full-persis")' - !ruby/object:Provider::Terraform::Examples name: "redis_instance_private_service" # Temporary for servicenetworking problems diff --git a/mmv1/products/resourcemanager/Folder.yaml b/mmv1/products/resourcemanager/Folder.yaml new file mode 100644 index 000000000000..862226a38057 --- /dev/null +++ b/mmv1/products/resourcemanager/Folder.yaml @@ -0,0 +1,56 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Folder' +base_url: 'folders?parent={{parent}}' +self_link: '{{name}}' +description: A Folder in an Organization's resource hierarchy, used to organize that Organization's resources. +parameters: + - !ruby/object:Api::Type::String + name: parent + immutable: true + required: true + description: | + The Folder’s parent's resource name. Updates to the folder's parent + must be performed via folders.move. + - !ruby/object:Api::Type::String + name: displayName + description: | + The folder’s display name. A folder’s display name must be unique + amongst its siblings, e.g. no two folders with the same parent can + share the same display name. The display name must start and end with + a letter or digit, may contain letters, digits, spaces, hyphens and + underscores and can be no longer than 30 characters. This is captured + by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of the Folder. Its format is folders/{folder_id}, + for example: "folders/1234". + - !ruby/object:Api::Type::Enum + name: 'lifecycleState' + description: | + The lifecycle state of the folder. Updates to the lifecycleState + must be performed via folders.delete and folders.undelete. + output: true + values: + - :LIFECYCLE_STATE_UNSPECIFIED + - :ACTIVE + - :DELETE_REQUESTED + - !ruby/object:Api::Type::Time + name: 'createTime' + description: 'Time of creation' + output: true diff --git a/mmv1/products/resourcemanager/Lien.yaml b/mmv1/products/resourcemanager/Lien.yaml new file mode 100644 index 000000000000..4432418b2af2 --- /dev/null +++ b/mmv1/products/resourcemanager/Lien.yaml @@ -0,0 +1,74 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Lien' +base_url: liens +# This resource has some issues - it returns a list when you query for it. +# You can't use the same URL for GET and DELETE. This here is the URL that +# we use for GET, and the DELETE is in custom code. If this happens a lot, +# we might build a more general solution, but this is the only resource I know +# of where that happens. +self_link: liens?parent={{parent}} +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - liens +identity: + - name +description: A Lien represents an encumbrance on the actions that can be performed on a resource. +immutable: true +parameters: + - !ruby/object:Api::Type::String + name: parent + immutable: true + required: true + description: | + A reference to the resource this Lien is attached to. + The server will validate the parent against those for which Liens are supported. + Since a variety of objects can have Liens against them, you must provide the type + prefix (e.g. "projects/my-project-name"). + - !ruby/object:Api::Type::Array + name: 'restrictions' + description: | + The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete'] + item_type: 'Api::Type::String' + immutable: true + required: true +properties: + - !ruby/object:Api::Type::String + name: name + description: A system-generated unique identifier for this Lien. + output: true + - !ruby/object:Api::Type::String + name: reason + description: | + Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: origin + description: | + A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + immutable: true + required: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: 'Time of creation' + output: true diff --git a/mmv1/products/resourcemanager/Organization.yaml b/mmv1/products/resourcemanager/Organization.yaml new file mode 100644 index 000000000000..22ed87704801 --- /dev/null +++ b/mmv1/products/resourcemanager/Organization.yaml @@ -0,0 +1,57 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Organization' +base_url: 'organizations' +collection_url: organizations:search +description: A Folder in an Organization's resource hierarchy, used to organize that Organization's resources. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of the organization. This is the organization's relative path in the API. + Its format is "organizations/[organizationId]". For example, "organizations/1234". + - !ruby/object:Api::Type::String + name: displayName + output: true + description: | + A human-readable string that refers to the Organization in the GCP Console UI. + This string is set by the server and cannot be changed. The string will be set + to the primary domain (for example, "google.com") of the G Suite customer that + owns the organization. + - !ruby/object:Api::Type::Enum + name: 'lifecycleState' + description: | + The lifecycle state of the folder. Updates to the lifecycleState + must be performed via folders.delete and folders.undelete. + output: true + values: + - :LIFECYCLE_STATE_UNSPECIFIED + - :ACTIVE + - :DELETE_REQUESTED + - !ruby/object:Api::Type::Time + name: 'creationTime' + output: true + description: | + Timestamp when the Organization was created. Assigned by the server. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'owner' + description: The entity that owns the Organization + properties: + - !ruby/object:Api::Type::String + name: 'directoryCustomerId' + description: The G Suite customer id used in the Directory API + diff --git a/mmv1/products/resourcemanager/Project.yaml b/mmv1/products/resourcemanager/Project.yaml new file mode 100644 index 000000000000..51266efee000 --- /dev/null +++ b/mmv1/products/resourcemanager/Project.yaml @@ -0,0 +1,98 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Project' +base_url: projects +self_link: projects/{{id}} +description: | + Represents a GCP Project. A project is a container for ACLs, APIs, App + Engine Apps, VMs, and other Google Cloud Platform resources. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'notinuse' + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'id' + api_name: 'projectId' + description: | + The unique, user-assigned ID of the Project. It must be 6 to 30 + lowercase letters, digits, or hyphens. It must start with a letter. + Trailing hyphens are prohibited. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::Integer + name: 'number' + api_name: 'projectNumber' + description: Number uniquely identifying the project. + output: true + - !ruby/object:Api::Type::Enum + name: 'lifecycleState' + description: The Project lifecycle state. + output: true + values: + - :LIFECYCLE_STATE_UNSPECIFIED + - :ACTIVE + - :DELETE_REQUESTED + - :DELETE_IN_PROGRESS + - !ruby/object:Api::Type::String + name: 'name' + description: | + The user-assigned display name of the Project. It must be 4 to 30 + characters. Allowed characters are: lowercase and uppercase letters, + numbers, hyphen, single-quote, double-quote, space, and exclamation + point. + - !ruby/object:Api::Type::Time + name: 'createTime' + description: 'Time of creation' + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + The labels associated with this Project. + + Label keys must be between 1 and 63 characters long and must conform + to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. + + Label values must be between 0 and 63 characters long and must + conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + + No more than 256 labels can be associated with a given resource. + + Clients should store labels in a representation such as JSON that + does not depend on specific characters being disallowed + - !ruby/object:Api::Type::NestedObject + name: 'parent' + description: A parent organization + properties: + - !ruby/object:Api::Type::String + name: 'type' + description: Must be organization. + - !ruby/object:Api::Type::String + name: 'id' + description: Id of the organization diff --git a/mmv1/products/resourcemanager/api.yaml b/mmv1/products/resourcemanager/api.yaml deleted file mode 100644 index 031ed78429fa..000000000000 --- a/mmv1/products/resourcemanager/api.yaml +++ /dev/null @@ -1,260 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: ResourceManager -display_name: Resource Manager -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudresourcemanager.googleapis.com/v1/ -scopes: - # All access is needed to create projects. - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Resource Manager API - url: https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Project' - base_url: projects - self_link: projects/{{id}} - description: | - Represents a GCP Project. A project is a container for ACLs, APIs, App - Engine Apps, VMs, and other Google Cloud Platform resources. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'notinuse' - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'id' - api_name: 'projectId' - description: | - The unique, user-assigned ID of the Project. It must be 6 to 30 - lowercase letters, digits, or hyphens. It must start with a letter. - Trailing hyphens are prohibited. - required: true - input: true - properties: - - !ruby/object:Api::Type::Integer - name: 'number' - api_name: 'projectNumber' - description: Number uniquely identifying the project. - output: true - - !ruby/object:Api::Type::Enum - name: 'lifecycleState' - description: The Project lifecycle state. - output: true - values: - - :LIFECYCLE_STATE_UNSPECIFIED - - :ACTIVE - - :DELETE_REQUESTED - - :DELETE_IN_PROGRESS - - !ruby/object:Api::Type::String - name: 'name' - description: | - The user-assigned display name of the Project. It must be 4 to 30 - characters. Allowed characters are: lowercase and uppercase letters, - numbers, hyphen, single-quote, double-quote, space, and exclamation - point. - - !ruby/object:Api::Type::Time - name: 'createTime' - description: 'Time of creation' - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - The labels associated with this Project. - - Label keys must be between 1 and 63 characters long and must conform - to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. - - Label values must be between 0 and 63 characters long and must - conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - - No more than 256 labels can be associated with a given resource. - - Clients should store labels in a representation such as JSON that - does not depend on specific characters being disallowed - - !ruby/object:Api::Type::NestedObject - name: 'parent' - description: A parent organization - properties: - - !ruby/object:Api::Type::String - name: 'type' - description: Must be organization. - - !ruby/object:Api::Type::String - name: 'id' - description: Id of the organization - - !ruby/object:Api::Resource - name: 'Lien' - base_url: liens - # This resource has some issues - it returns a list when you query for it. - # You can't use the same URL for GET and DELETE. This here is the URL that - # we use for GET, and the DELETE is in custom code. If this happens a lot, - # we might build a more general solution, but this is the only resource I know - # of where that happens. - self_link: liens?parent={{parent}} - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - liens - identity: - - name - description: A Lien represents an encumbrance on the actions that can be performed on a resource. - input: true - parameters: - - !ruby/object:Api::Type::String - name: parent - input: true - required: true - description: | - A reference to the resource this Lien is attached to. - The server will validate the parent against those for which Liens are supported. - Since a variety of objects can have Liens against them, you must provide the type - prefix (e.g. "projects/my-project-name"). - - !ruby/object:Api::Type::Array - name: 'restrictions' - description: | - The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete'] - item_type: 'Api::Type::String' - input: true - required: true - properties: - - !ruby/object:Api::Type::String - name: name - description: A system-generated unique identifier for this Lien. - output: true - - !ruby/object:Api::Type::String - name: reason - description: | - Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - input: true - required: true - - !ruby/object:Api::Type::String - name: origin - description: | - A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - input: true - required: true - - !ruby/object:Api::Type::Time - name: 'createTime' - description: 'Time of creation' - output: true - - !ruby/object:Api::Resource - name: 'Folder' - base_url: 'folders?parent={{parent}}' - self_link: '{{name}}' - description: A Folder in an Organization's resource hierarchy, used to organize that Organization's resources. - parameters: - - !ruby/object:Api::Type::String - name: parent - input: true - required: true - description: | - The Folder’s parent's resource name. Updates to the folder's parent - must be performed via folders.move. - - !ruby/object:Api::Type::String - name: displayName - description: | - The folder’s display name. A folder’s display name must be unique - amongst its siblings, e.g. no two folders with the same parent can - share the same display name. The display name must start and end with - a letter or digit, may contain letters, digits, spaces, hyphens and - underscores and can be no longer than 30 characters. This is captured - by the regular expression: `[\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?`. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The resource name of the Folder. Its format is folders/{folder_id}, - for example: "folders/1234". - - !ruby/object:Api::Type::Enum - name: 'lifecycleState' - description: | - The lifecycle state of the folder. Updates to the lifecycleState - must be performed via folders.delete and folders.undelete. - output: true - values: - - :LIFECYCLE_STATE_UNSPECIFIED - - :ACTIVE - - :DELETE_REQUESTED - - !ruby/object:Api::Type::Time - name: 'createTime' - description: 'Time of creation' - output: true - - !ruby/object:Api::Resource - name: 'Organization' - base_url: 'organizations' - collection_url: organizations:search - description: A Folder in an Organization's resource hierarchy, used to organize that Organization's resources. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The resource name of the organization. This is the organization's relative path in the API. - Its format is "organizations/[organizationId]". For example, "organizations/1234". - - !ruby/object:Api::Type::String - name: displayName - output: true - description: | - A human-readable string that refers to the Organization in the GCP Console UI. - This string is set by the server and cannot be changed. The string will be set - to the primary domain (for example, "google.com") of the G Suite customer that - owns the organization. - - !ruby/object:Api::Type::Enum - name: 'lifecycleState' - description: | - The lifecycle state of the folder. Updates to the lifecycleState - must be performed via folders.delete and folders.undelete. - output: true - values: - - :LIFECYCLE_STATE_UNSPECIFIED - - :ACTIVE - - :DELETE_REQUESTED - - !ruby/object:Api::Type::Time - name: 'creationTime' - output: true - description: | - Timestamp when the Organization was created. Assigned by the server. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'owner' - description: The entity that owns the Organization - properties: - - !ruby/object:Api::Type::String - name: 'directoryCustomerId' - description: The G Suite customer id used in the Directory API diff --git a/mmv1/products/resourcemanager/product.yaml b/mmv1/products/resourcemanager/product.yaml new file mode 100644 index 000000000000..33569faf075f --- /dev/null +++ b/mmv1/products/resourcemanager/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: ResourceManager +display_name: Resource Manager +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudresourcemanager.googleapis.com/v1/ +scopes: + # All access is needed to create projects. + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Resource Manager API + url: https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/ diff --git a/mmv1/products/runtimeconfig/Config.yaml b/mmv1/products/runtimeconfig/Config.yaml new file mode 100644 index 000000000000..dd24b6c57ff0 --- /dev/null +++ b/mmv1/products/runtimeconfig/Config.yaml @@ -0,0 +1,38 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Config' +base_url: projects/{{project}}/configs +self_link: projects/{{project}}/configs/{{name}} +min_version: beta +description: | + A RuntimeConfig resource is the primary resource in the Cloud RuntimeConfig service. + A RuntimeConfig resource consists of metadata and a hierarchy of variables. +iam_policy: !ruby/object:Api::Resource::IamPolicy + parent_resource_attribute: 'config' + method_name_separator: ':' + exclude: false +parameters: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the runtime config. + required: true + immutable: true + pattern: projects/{{project}}/configs/{{name}} +properties: + - !ruby/object:Api::Type::String + name: 'description' + description: | + The description to associate with the runtime config. diff --git a/mmv1/products/runtimeconfig/Variable.yaml b/mmv1/products/runtimeconfig/Variable.yaml new file mode 100644 index 000000000000..4b96a8a71d4d --- /dev/null +++ b/mmv1/products/runtimeconfig/Variable.yaml @@ -0,0 +1,44 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Variable' +base_url: projects/{{project}}/configs/{{config}}/variables +self_link: projects/{{project}}/configs/{{config}}/variables/{{name}} +min_version: beta +description: | + Describes a single variable within a runtime config resource. +parameters: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the variable resource. + required: true + immutable: true + pattern: projects/{{project}}/configs/{{config}}/variables/{{name}} + - !ruby/object:Api::Type::String + name: 'config' + description: | + The name of the runtime config that this variable belongs to. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'value' + description: | + The binary value of the variable. Either this or `text` can be set. + - !ruby/object:Api::Type::String + name: 'text' + description: | + The string value of the variable. Either this or `value` can be set. + diff --git a/mmv1/products/runtimeconfig/api.yaml b/mmv1/products/runtimeconfig/api.yaml deleted file mode 100644 index 90af40161ad2..000000000000 --- a/mmv1/products/runtimeconfig/api.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: RuntimeConfig -display_name: Runtime Configurator -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://runtimeconfig.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloudruntimeconfig -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Resource Manager API - url: https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Config' - base_url: projects/{{project}}/configs - self_link: projects/{{project}}/configs/{{name}} - min_version: beta - description: | - A RuntimeConfig resource is the primary resource in the Cloud RuntimeConfig service. - A RuntimeConfig resource consists of metadata and a hierarchy of variables. - iam_policy: !ruby/object:Api::Resource::IamPolicy - parent_resource_attribute: 'config' - method_name_separator: ':' - exclude: false - parameters: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the runtime config. - required: true - input: true - pattern: projects/{{project}}/configs/{{name}} - properties: - - !ruby/object:Api::Type::String - name: 'description' - description: | - The description to associate with the runtime config. - - !ruby/object:Api::Resource - name: 'Variable' - base_url: projects/{{project}}/configs/{{config}}/variables - self_link: projects/{{project}}/configs/{{config}}/variables/{{name}} - min_version: beta - description: | - Describes a single variable within a runtime config resource. - parameters: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the variable resource. - required: true - input: true - pattern: projects/{{project}}/configs/{{config}}/variables/{{name}} - - !ruby/object:Api::Type::String - name: 'config' - description: | - The name of the runtime config that this variable belongs to. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'value' - description: | - The binary value of the variable. Either this or `text` can be set. - - !ruby/object:Api::Type::String - name: 'text' - description: | - The string value of the variable. Either this or `value` can be set. diff --git a/mmv1/products/runtimeconfig/product.yaml b/mmv1/products/runtimeconfig/product.yaml new file mode 100644 index 000000000000..91a2a62c6265 --- /dev/null +++ b/mmv1/products/runtimeconfig/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: RuntimeConfig +display_name: Runtime Configurator +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://runtimeconfig.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloudruntimeconfig +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Resource Manager API + url: https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/ diff --git a/mmv1/products/secretmanager/Secret.yaml b/mmv1/products/secretmanager/Secret.yaml new file mode 100644 index 000000000000..fd29ac6fd581 --- /dev/null +++ b/mmv1/products/secretmanager/Secret.yaml @@ -0,0 +1,159 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Secret +self_link: projects/{{project}}/secrets/{{secret_id}} +base_url: projects/{{project}}/secrets +create_url: projects/{{project}}/secrets?secretId={{secret_id}} +update_verb: :PATCH +update_mask: true +iam_policy: !ruby/object:Api::Resource::IamPolicy + parent_resource_attribute: secret_id + method_name_separator: ':' + exclude: false + allowed_iam_role: roles/secretmanager.secretAccessor +references: !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets' +description: | + A Secret is a logical secret whose value and versions can be accessed. +parameters: + - !ruby/object:Api::Type::String + name: secretId + description: | + This must be unique within the project. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of the Secret. Format: + `projects/{{project}}/secrets/{{secret_id}}` + - !ruby/object:Api::Type::String + name: createTime + output: true + description: | + The time at which the Secret was created. + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: | + The labels assigned to this Secret. + + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, + and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} + + Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, + and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} + + No more than 64 labels can be assigned to a given resource. + + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::NestedObject + name: replication + required: true + immutable: true + description: | + The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + - !ruby/object:Api::Type::Boolean + name: automatic + immutable: true + exactly_one_of: + - replication.0.automatic + - replication.0.user_managed + description: | + The Secret will automatically be replicated without any restrictions. + - !ruby/object:Api::Type::NestedObject + name: userManaged + immutable: true + exactly_one_of: + - replication.0.automatic + - replication.0.user_managed + description: | + The Secret will automatically be replicated without any restrictions. + properties: + - !ruby/object:Api::Type::Array + name: replicas + immutable: true + required: true + min_size: 1 + description: | + The list of Replicas for this Secret. Cannot be empty. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: location + required: true + immutable: true + description: | + The canonical IDs of the location to replicate data. For example: "us-east1". + - !ruby/object:Api::Type::NestedObject + name: customerManagedEncryption + immutable: true + description: | + Customer Managed Encryption for the secret. + properties: + - !ruby/object:Api::Type::String + name: kmsKeyName + required: true + immutable: true + description: | + Describes the Cloud KMS encryption key that will be used to protect destination secret. + - !ruby/object:Api::Type::Array + name: topics + description: | + A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: name + required: true + description: | + The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*. + For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic. + - !ruby/object:Api::Type::String + name: expireTime + description: | + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - !ruby/object:Api::Type::String + name: ttl + immutable: true + description: | + The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::NestedObject + name: rotation + required_with: + - topics + description: | + The rotation time and period for a Secret. At `next_rotation_time`, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. `topics` must be set to configure rotation. + properties: + - !ruby/object:Api::Type::String + name: nextRotationTime + description: | + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + required_with: + - rotation.0.rotation_period + - !ruby/object:Api::Type::String + name: rotationPeriod + immutable: true + description: | + The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, `next_rotation_time` must be set. `next_rotation_time` will be advanced by this period when the service automatically sends rotation notifications. diff --git a/mmv1/products/secretmanager/SecretVersion.yaml b/mmv1/products/secretmanager/SecretVersion.yaml new file mode 100644 index 000000000000..0d8eeff0aa9b --- /dev/null +++ b/mmv1/products/secretmanager/SecretVersion.yaml @@ -0,0 +1,69 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: SecretVersion +base_url: '{{name}}' +self_link: '{{name}}' +create_url: '{{secret}}:addVersion' +delete_url: '{{name}}:destroy' +delete_verb: :POST +immutable: true +description: | + A secret version resource. +parameters: + - !ruby/object:Api::Type::ResourceRef + name: secret + url_param_only: true + resource: Secret + imports: name + required: true + description: | + Secret Manager secret resource +properties: + - !ruby/object:Api::Type::Boolean + name: state + output: true + description: | + The current state of the SecretVersion. + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of the SecretVersion. Format: + `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}` + - !ruby/object:Api::Type::String + name: version + output: true + description: | + The version of the Secret. + - !ruby/object:Api::Type::String + name: createTime + output: true + description: | + The time at which the Secret was created. + - !ruby/object:Api::Type::String + name: destroyTime + output: true + description: | + The time at which the Secret was destroyed. Only present if state is DESTROYED. + - !ruby/object:Api::Type::NestedObject + name: payload + description: The secret payload of the SecretVersion. + required: true + properties: + - !ruby/object:Api::Type::String + name: data + required: true + description: The secret data. Must be no larger than 64KiB. + diff --git a/mmv1/products/secretmanager/api.yaml b/mmv1/products/secretmanager/api.yaml deleted file mode 100644 index 66432303012a..000000000000 --- a/mmv1/products/secretmanager/api.yaml +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: SecretManager -display_name: Secret Manager -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://secretmanager.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://secretmanager.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Secret Manager API - url: https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: Secret - self_link: projects/{{project}}/secrets/{{secret_id}} - base_url: projects/{{project}}/secrets - create_url: projects/{{project}}/secrets?secretId={{secret_id}} - update_verb: :PATCH - update_mask: true - iam_policy: !ruby/object:Api::Resource::IamPolicy - parent_resource_attribute: secret_id - method_name_separator: ':' - exclude: false - allowed_iam_role: roles/secretmanager.secretAccessor - references: !ruby/object:Api::Resource::ReferenceLinks - api: 'https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets' - description: | - A Secret is a logical secret whose value and versions can be accessed. - parameters: - - !ruby/object:Api::Type::String - name: secretId - description: | - This must be unique within the project. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The resource name of the Secret. Format: - `projects/{{project}}/secrets/{{secret_id}}` - - !ruby/object:Api::Type::String - name: createTime - output: true - description: | - The time at which the Secret was created. - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: | - The labels assigned to this Secret. - - Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, - and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} - - Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, - and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} - - No more than 64 labels can be assigned to a given resource. - - An object containing a list of "key": value pairs. Example: - { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::NestedObject - name: replication - required: true - input: true - description: | - The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - - !ruby/object:Api::Type::Boolean - name: automatic - input: true - exactly_one_of: - - replication.0.automatic - - replication.0.user_managed - description: | - The Secret will automatically be replicated without any restrictions. - - !ruby/object:Api::Type::NestedObject - name: userManaged - input: true - exactly_one_of: - - replication.0.automatic - - replication.0.user_managed - description: | - The Secret will automatically be replicated without any restrictions. - properties: - - !ruby/object:Api::Type::Array - name: replicas - input: true - required: true - min_size: 1 - description: | - The list of Replicas for this Secret. Cannot be empty. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: location - required: true - input: true - description: | - The canonical IDs of the location to replicate data. For example: "us-east1". - - !ruby/object:Api::Type::NestedObject - name: customerManagedEncryption - input: true - description: | - Customer Managed Encryption for the secret. - properties: - - !ruby/object:Api::Type::String - name: kmsKeyName - required: true - input: true - description: | - Describes the Cloud KMS encryption key that will be used to protect destination secret. - - !ruby/object:Api::Type::Array - name: topics - description: | - A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: name - required: true - description: | - The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*. - For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic. - - !ruby/object:Api::Type::String - name: expireTime - description: | - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - - !ruby/object:Api::Type::String - name: ttl - input: true - description: | - The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::NestedObject - name: rotation - required_with: - - topics - description: | - The rotation time and period for a Secret. At `next_rotation_time`, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. `topics` must be set to configure rotation. - properties: - - !ruby/object:Api::Type::String - name: nextRotationTime - description: | - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - required_with: - - rotation.0.rotation_period - - !ruby/object:Api::Type::String - name: rotationPeriod - input: true - description: | - The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, `next_rotation_time` must be set. `next_rotation_time` will be advanced by this period when the service automatically sends rotation notifications. - - !ruby/object:Api::Resource - name: SecretVersion - base_url: '{{name}}' - self_link: '{{name}}' - create_url: '{{secret}}:addVersion' - delete_url: '{{name}}:destroy' - delete_verb: :POST - input: true - description: | - A secret version resource. - parameters: - - !ruby/object:Api::Type::ResourceRef - name: secret - url_param_only: true - resource: Secret - imports: name - required: true - description: | - Secret Manager secret resource - properties: - - !ruby/object:Api::Type::Boolean - name: state - output: true - description: | - The current state of the SecretVersion. - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The resource name of the SecretVersion. Format: - `projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}` - - !ruby/object:Api::Type::String - name: version - output: true - description: | - The version of the Secret. - - !ruby/object:Api::Type::String - name: createTime - output: true - description: | - The time at which the Secret was created. - - !ruby/object:Api::Type::String - name: destroyTime - output: true - description: | - The time at which the Secret was destroyed. Only present if state is DESTROYED. - - !ruby/object:Api::Type::NestedObject - name: payload - description: The secret payload of the SecretVersion. - required: true - properties: - - !ruby/object:Api::Type::String - name: data - required: true - description: The secret data. Must be no larger than 64KiB. diff --git a/mmv1/products/secretmanager/product.yaml b/mmv1/products/secretmanager/product.yaml new file mode 100644 index 000000000000..a94a4f7e74cc --- /dev/null +++ b/mmv1/products/secretmanager/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: SecretManager +display_name: Secret Manager +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://secretmanager.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://secretmanager.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Secret Manager API + url: https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/ diff --git a/mmv1/products/secretmanager/terraform.yaml b/mmv1/products/secretmanager/terraform.yaml index 46ef32a4def2..dd3cdc9a6d7c 100644 --- a/mmv1/products/secretmanager/terraform.yaml +++ b/mmv1/products/secretmanager/terraform.yaml @@ -52,7 +52,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides state: !ruby/object:Overrides::Terraform::PropertyOverride name: "enabled" output: false - input: false + immutable: false default_value: true custom_expand: templates/terraform/custom_expand/secret_version_enable.go.erb custom_flatten: templates/terraform/custom_flatten/secret_version_enable.go.erb diff --git a/mmv1/products/securitycenter/MuteConfig.yaml b/mmv1/products/securitycenter/MuteConfig.yaml new file mode 100644 index 000000000000..2a3b7483131f --- /dev/null +++ b/mmv1/products/securitycenter/MuteConfig.yaml @@ -0,0 +1,86 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource + name: 'MuteConfig' + base_url: '{{parent}}/muteConfigs' + self_link: '{{name}}' + create_url: '{{parent}}/muteConfigs?muteConfigId={{mute_config_id}}' + update_verb: :PATCH + update_mask: true + description: | + Mute Findings is a volume management feature in Security Command Center + that lets you manually or programmatically hide irrelevant findings, + and create filters to automatically silence existing and future + findings based on criteria you specify. + references: !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.muteConfigs' + parameters: + - !ruby/object:Api::Type::String + name: muteConfigId + required: true + immutable: true + url_param_only: true + description: | + Unique identifier provided by the client within the parent scope. + - !ruby/object:Api::Type::String + name: parent + required: true + immutable: true + url_param_only: true + description: | + Resource name of the new mute configs's parent. Its format is + "organizations/[organization_id]", "folders/[folder_id]", or + "projects/[project_id]". + properties: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + Name of the mute config. Its format is + organizations/{organization}/muteConfigs/{configId}, + folders/{folder}/muteConfigs/{configId}, + or projects/{project}/muteConfigs/{configId} + - !ruby/object:Api::Type::String + name: 'description' + description: A description of the mute config. + - !ruby/object:Api::Type::String + name: 'filter' + description: | + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + required: true + - !ruby/object:Api::Type::String + name: 'createTime' + description: | + The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + output: true + - !ruby/object:Api::Type::String + name: 'updateTime' + description: | + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + output: true + - !ruby/object:Api::Type::String + name: 'mostRecentEditor' + description: | + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + output: true + diff --git a/mmv1/products/securitycenter/NotificationConfig.yaml b/mmv1/products/securitycenter/NotificationConfig.yaml new file mode 100644 index 000000000000..e6988462a8a5 --- /dev/null +++ b/mmv1/products/securitycenter/NotificationConfig.yaml @@ -0,0 +1,107 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'NotificationConfig' +base_url: organizations/{{organization}}/notificationConfigs +self_link: '{{name}}' +create_url: organizations/{{organization}}/notificationConfigs?configId={{config_id}} +update_verb: :PATCH +update_mask: true +description: | + A Cloud Security Command Center (Cloud SCC) notification configs. A + notification config is a Cloud SCC resource that contains the + configuration to send notifications for create/update events of + findings, assets and etc. + ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/security-command-center/docs' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.notificationConfigs' +parameters: + - !ruby/object:Api::Type::String + name: organization + required: true + immutable: true + url_param_only: true + description: | + The organization whose Cloud Security Command Center the Notification + Config lives in. + - !ruby/object:Api::Type::String + name: configId + required: true + immutable: true + url_param_only: true + description: | + This must be unique within the organization. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of this notification config, in the format + `organizations/{{organization}}/notificationConfigs/{{config_id}}`. + - !ruby/object:Api::Type::String + name: description + description: | + The description of the notification config (max of 1024 characters). + - !ruby/object:Api::Type::String + name: pubsubTopic + required: true + description: | + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + - !ruby/object:Api::Type::String + name: serviceAccount + output: true + description: | + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + - !ruby/object:Api::Type::NestedObject + name: streamingConfig + required: true + description: | + The config for triggering streaming-based notifications. + properties: + - !ruby/object:Api::Type::String + name: filter + required: true + description: | + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. diff --git a/mmv1/products/securitycenter/Source.yaml b/mmv1/products/securitycenter/Source.yaml new file mode 100644 index 000000000000..3b2c5a1794a0 --- /dev/null +++ b/mmv1/products/securitycenter/Source.yaml @@ -0,0 +1,64 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Source' +base_url: organizations/{{organization}}/sources +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +description: | + A Cloud Security Command Center's (Cloud SCC) finding source. A finding + source is an entity or a mechanism that can produce a finding. A source is + like a container of findings that come from the same scanner, logger, + monitor, etc. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/security-command-center/docs' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.sources' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: 'source' + base_url: organizations/{{organization}}/sources/{{source}} + import_format: ["organizations/{{organization}}/sources/{{source}}", "{{source}}"] +parameters: + - !ruby/object:Api::Type::String + name: organization + required: true + immutable: true + url_param_only: true + description: | + The organization whose Cloud Security Command Center the Source + lives in. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of this source, in the format + `organizations/{{organization}}/sources/{{source}}`. + - !ruby/object:Api::Type::String + name: description + description: | + The description of the source (max of 1024 characters). + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. diff --git a/mmv1/products/securitycenter/api.yaml b/mmv1/products/securitycenter/api.yaml deleted file mode 100644 index 5b3913f9b572..000000000000 --- a/mmv1/products/securitycenter/api.yaml +++ /dev/null @@ -1,240 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: SecurityCenter -display_name: Security Command Center (SCC) -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://securitycenter.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: - - !ruby/object:Api::Resource - name: 'Source' - base_url: organizations/{{organization}}/sources - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - description: | - A Cloud Security Command Center's (Cloud SCC) finding source. A finding - source is an entity or a mechanism that can produce a finding. A source is - like a container of findings that come from the same scanner, logger, - monitor, etc. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/security-command-center/docs' - api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.sources' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: 'source' - base_url: organizations/{{organization}}/sources/{{source}} - import_format: ["organizations/{{organization}}/sources/{{source}}", "{{source}}"] - parameters: - - !ruby/object:Api::Type::String - name: organization - required: true - input: true - url_param_only: true - description: | - The organization whose Cloud Security Command Center the Source - lives in. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The resource name of this source, in the format - `organizations/{{organization}}/sources/{{source}}`. - - !ruby/object:Api::Type::String - name: description - description: | - The description of the source (max of 1024 characters). - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - The source’s display name. A source’s display name must be unique - amongst its siblings, for example, two sources with the same parent - can't share the same display name. The display name must start and end - with a letter or digit, may contain letters, digits, spaces, hyphens, - and underscores, and can be no longer than 32 characters. - - !ruby/object:Api::Resource - name: 'NotificationConfig' - base_url: organizations/{{organization}}/notificationConfigs - self_link: '{{name}}' - create_url: organizations/{{organization}}/notificationConfigs?configId={{config_id}} - update_verb: :PATCH - update_mask: true - description: | - A Cloud Security Command Center (Cloud SCC) notification configs. A - notification config is a Cloud SCC resource that contains the - configuration to send notifications for create/update events of - findings, assets and etc. - ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled - in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). - Without doing so, you may run into errors during resource creation. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/security-command-center/docs' - api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.notificationConfigs' - parameters: - - !ruby/object:Api::Type::String - name: organization - required: true - input: true - url_param_only: true - description: | - The organization whose Cloud Security Command Center the Notification - Config lives in. - - !ruby/object:Api::Type::String - name: configId - required: true - input: true - url_param_only: true - description: | - This must be unique within the organization. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - The resource name of this notification config, in the format - `organizations/{{organization}}/notificationConfigs/{{config_id}}`. - - !ruby/object:Api::Type::String - name: description - description: | - The description of the notification config (max of 1024 characters). - - !ruby/object:Api::Type::String - name: pubsubTopic - required: true - description: | - The Pub/Sub topic to send notifications to. Its format is - "projects/[project_id]/topics/[topic]". - - !ruby/object:Api::Type::String - name: serviceAccount - output: true - description: | - The service account that needs "pubsub.topics.publish" permission to - publish to the Pub/Sub topic. - - !ruby/object:Api::Type::NestedObject - name: streamingConfig - required: true - description: | - The config for triggering streaming-based notifications. - properties: - - !ruby/object:Api::Type::String - name: filter - required: true - description: | - Expression that defines the filter to apply across create/update - events of assets or findings as specified by the event type. The - expression is a list of zero or more restrictions combined via - logical operators AND and OR. Parentheses are supported, and OR - has higher precedence than AND. - - Restrictions have the form and may have - a - character in front of them to indicate negation. The fields - map to those defined in the corresponding resource. - - The supported operators are: - - * = for all value types. - * >, <, >=, <= for integer values. - * :, meaning substring matching, for strings. - - The supported value types are: - - * string literals in quotes. - * integer literals without quotes. - * boolean literals true and false without quotes. - - See - [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) - for information on how to write a filter. - - !ruby/object:Api::Resource - name: 'MuteConfig' - base_url: '{{parent}}/muteConfigs' - self_link: '{{name}}' - create_url: '{{parent}}/muteConfigs?muteConfigId={{mute_config_id}}' - update_verb: :PATCH - update_mask: true - description: | - Mute Findings is a volume management feature in Security Command Center - that lets you manually or programmatically hide irrelevant findings, - and create filters to automatically silence existing and future - findings based on criteria you specify. - references: !ruby/object:Api::Resource::ReferenceLinks - api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.muteConfigs' - parameters: - - !ruby/object:Api::Type::String - name: muteConfigId - required: true - input: true - url_param_only: true - description: | - Unique identifier provided by the client within the parent scope. - - !ruby/object:Api::Type::String - name: parent - required: true - input: true - url_param_only: true - description: | - Resource name of the new mute configs's parent. Its format is - "organizations/[organization_id]", "folders/[folder_id]", or - "projects/[project_id]". - properties: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - Name of the mute config. Its format is - organizations/{organization}/muteConfigs/{configId}, - folders/{folder}/muteConfigs/{configId}, - or projects/{project}/muteConfigs/{configId} - - !ruby/object:Api::Type::String - name: 'description' - description: A description of the mute config. - - !ruby/object:Api::Type::String - name: 'filter' - description: | - An expression that defines the filter to apply across create/update - events of findings. While creating a filter string, be mindful of - the scope in which the mute configuration is being created. E.g., - If a filter contains project = X but is created under the - project = Y scope, it might not match any findings. - required: true - - !ruby/object:Api::Type::String - name: 'createTime' - description: | - The time at which the mute config was created. This field is set by - the server and will be ignored if provided on config creation. - output: true - - !ruby/object:Api::Type::String - name: 'updateTime' - description: | - Output only. The most recent time at which the mute config was - updated. This field is set by the server and will be ignored if - provided on config creation or update. - output: true - - !ruby/object:Api::Type::String - name: 'mostRecentEditor' - description: | - Email address of the user who last edited the mute config. This - field is set by the server and will be ignored if provided on - config creation or update. - output: true diff --git a/mmv1/products/securitycenter/product.yaml b/mmv1/products/securitycenter/product.yaml new file mode 100644 index 000000000000..bb8d808dacf0 --- /dev/null +++ b/mmv1/products/securitycenter/product.yaml @@ -0,0 +1,22 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: SecurityCenter +display_name: Security Command Center (SCC) +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://securitycenter.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/securityscanner/ScanConfig.yaml b/mmv1/products/securityscanner/ScanConfig.yaml new file mode 100644 index 000000000000..3ea58d5717a0 --- /dev/null +++ b/mmv1/products/securityscanner/ScanConfig.yaml @@ -0,0 +1,151 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: ScanConfig +base_url: projects/{{project}}/scanConfigs +self_link: "{{name}}" +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Using Cloud Security Scanner': 'https://cloud.google.com/security-scanner/docs/scanning' + api: 'https://cloud.google.com/security-scanner/docs/reference/rest/v1beta/projects.scanConfigs' +description: | + A ScanConfig resource contains the configurations to launch a scan. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + A server defined name for this index. Format: + `projects/{{project}}/scanConfigs/{{server_generated_id}}` + - !ruby/object:Api::Type::String + name: displayName + required: true + description: | + The user provider display name of the ScanConfig. + - !ruby/object:Api::Type::Integer + name: maxQps + description: | + The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. + Defaults to 15. + default_value: 15 + - !ruby/object:Api::Type::Array + name: startingUrls + description: | + The starting URLs from which the scanner finds site pages. + required: true + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: authentication + description: | + The authentication configuration. + If specified, service will use the authentication configuration during scanning. + properties: + - !ruby/object:Api::Type::NestedObject + name: googleAccount + at_least_one_of: + - authentication.0.google_account + - authentication.0.custom_account + description: | + Describes authentication configuration that uses a Google account. + properties: + - !ruby/object:Api::Type::String + name: username + required: true + description: | + The user name of the Google account. + - !ruby/object:Api::Type::String + name: password + immutable: true + required: true + description: | + The password of the Google account. The credential is stored encrypted + in GCP. + - !ruby/object:Api::Type::NestedObject + name: customAccount + at_least_one_of: + - authentication.0.google_account + - authentication.0.custom_account + description: | + Describes authentication configuration that uses a custom account. + properties: + - !ruby/object:Api::Type::String + name: username + required: true + description: | + The user name of the custom account. + - !ruby/object:Api::Type::String + name: password + immutable: true + required: true + description: | + The password of the custom account. The credential is stored encrypted + in GCP. + - !ruby/object:Api::Type::String + name: loginUrl + required: true + description: | + The login form URL of the website. + - !ruby/object:Api::Type::Enum + name: userAgent + description: Type of the user agents used for scanning + default_value: :CHROME_LINUX + values: + - :USER_AGENT_UNSPECIFIED + - :CHROME_LINUX + - :CHROME_ANDROID + - :SAFARI_IPHONE + - !ruby/object:Api::Type::Array + name: blacklistPatterns + description: | + The blacklist URL patterns as described in + https://cloud.google.com/security-scanner/docs/excluded-urls + item_type: Api::Type::String + - !ruby/object:Api::Type::NestedObject + name: schedule + description: | + The schedule of the ScanConfig + properties: + - !ruby/object:Api::Type::Time + name: scheduleTime + description: | + A timestamp indicates when the next run will be scheduled. The value is refreshed + by the server after each run. If unspecified, it will default to current server time, + which means the scan will be scheduled to start immediately. + - !ruby/object:Api::Type::Integer + name: intervalDurationDays + required: true + description: | + The duration of time between executions in days + - !ruby/object:Api::Type::Array + name: targetPlatforms + description: | + Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. + item_type: !ruby/object:Api::Type::Enum + name: undefined + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + values: + - :APP_ENGINE + - :COMPUTE + - !ruby/object:Api::Type::Enum + name: exportToSecurityCommandCenter + description: | + Controls export of scan configurations and results to Cloud Security Command Center. + default_value: :ENABLED + values: + - :ENABLED + - :DISABLED diff --git a/mmv1/products/securityscanner/api.yaml b/mmv1/products/securityscanner/api.yaml deleted file mode 100644 index a4cb1a634b9d..000000000000 --- a/mmv1/products/securityscanner/api.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- !ruby/object:Api::Product -name: SecurityScanner -display_name: Cloud Security Scanner -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://websecurityscanner.googleapis.com/v1beta/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Web Security Scanner API - url: https://console.cloud.google.com/apis/library/websecurityscanner.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: ScanConfig - base_url: projects/{{project}}/scanConfigs - self_link: "{{name}}" - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Using Cloud Security Scanner': 'https://cloud.google.com/security-scanner/docs/scanning' - api: 'https://cloud.google.com/security-scanner/docs/reference/rest/v1beta/projects.scanConfigs' - description: | - A ScanConfig resource contains the configurations to launch a scan. - properties: - - !ruby/object:Api::Type::String - name: name - output: true - description: | - A server defined name for this index. Format: - `projects/{{project}}/scanConfigs/{{server_generated_id}}` - - !ruby/object:Api::Type::String - name: displayName - required: true - description: | - The user provider display name of the ScanConfig. - - !ruby/object:Api::Type::Integer - name: maxQps - description: | - The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. - Defaults to 15. - default_value: 15 - - !ruby/object:Api::Type::Array - name: startingUrls - description: | - The starting URLs from which the scanner finds site pages. - required: true - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: authentication - description: | - The authentication configuration. - If specified, service will use the authentication configuration during scanning. - properties: - - !ruby/object:Api::Type::NestedObject - name: googleAccount - at_least_one_of: - - authentication.0.google_account - - authentication.0.custom_account - description: | - Describes authentication configuration that uses a Google account. - properties: - - !ruby/object:Api::Type::String - name: username - required: true - description: | - The user name of the Google account. - - !ruby/object:Api::Type::String - name: password - input: true - required: true - description: | - The password of the Google account. The credential is stored encrypted - in GCP. - - !ruby/object:Api::Type::NestedObject - name: customAccount - at_least_one_of: - - authentication.0.google_account - - authentication.0.custom_account - description: | - Describes authentication configuration that uses a custom account. - properties: - - !ruby/object:Api::Type::String - name: username - required: true - description: | - The user name of the custom account. - - !ruby/object:Api::Type::String - name: password - input: true - required: true - description: | - The password of the custom account. The credential is stored encrypted - in GCP. - - !ruby/object:Api::Type::String - name: loginUrl - required: true - description: | - The login form URL of the website. - - !ruby/object:Api::Type::Enum - name: userAgent - description: Type of the user agents used for scanning - default_value: :CHROME_LINUX - values: - - :USER_AGENT_UNSPECIFIED - - :CHROME_LINUX - - :CHROME_ANDROID - - :SAFARI_IPHONE - - !ruby/object:Api::Type::Array - name: blacklistPatterns - description: | - The blacklist URL patterns as described in - https://cloud.google.com/security-scanner/docs/excluded-urls - item_type: Api::Type::String - - !ruby/object:Api::Type::NestedObject - name: schedule - description: | - The schedule of the ScanConfig - properties: - - !ruby/object:Api::Type::Time - name: scheduleTime - description: | - A timestamp indicates when the next run will be scheduled. The value is refreshed - by the server after each run. If unspecified, it will default to current server time, - which means the scan will be scheduled to start immediately. - - !ruby/object:Api::Type::Integer - name: intervalDurationDays - required: true - description: | - The duration of time between executions in days - - !ruby/object:Api::Type::Array - name: targetPlatforms - description: | - Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. - item_type: !ruby/object:Api::Type::Enum - name: undefined - description: | - This field only has a name and description because of MM - limitations. It should not appear in downstreams. - values: - - :APP_ENGINE - - :COMPUTE - - !ruby/object:Api::Type::Enum - name: exportToSecurityCommandCenter - description: | - Controls export of scan configurations and results to Cloud Security Command Center. - default_value: :ENABLED - values: - - :ENABLED - - :DISABLED \ No newline at end of file diff --git a/mmv1/products/securityscanner/product.yaml b/mmv1/products/securityscanner/product.yaml new file mode 100644 index 000000000000..928368b06b9f --- /dev/null +++ b/mmv1/products/securityscanner/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- !ruby/object:Api::Product +name: SecurityScanner +display_name: Cloud Security Scanner +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://websecurityscanner.googleapis.com/v1beta/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Web Security Scanner API + url: https://console.cloud.google.com/apis/library/websecurityscanner.googleapis.com/ diff --git a/mmv1/products/servicedirectory/Endpoint.yaml b/mmv1/products/servicedirectory/Endpoint.yaml new file mode 100644 index 000000000000..001a1c314c65 --- /dev/null +++ b/mmv1/products/servicedirectory/Endpoint.yaml @@ -0,0 +1,73 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Endpoint' +base_url: '{{name}}' +create_url: '{{service}}/endpoints?endpointId={{endpoint_id}}' +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configuring an endpoint': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_an_endpoint' + api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services.endpoints' +min_version: beta +description: | + An individual endpoint that provides a service. +parameters: + - !ruby/object:Api::Type::String + name: 'service' + immutable: true + description: | + The resource name of the service that this endpoint provides. + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: endpointId + description: | + The Resource ID must be 1-63 characters long, including digits, + lowercase letters or the hyphen character. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the endpoint in the format + `projects/*/locations/*/namespaces/*/services/*/endpoints/*`. + output: true + - !ruby/object:Api::Type::String + name: 'address' + description: | + IPv4 or IPv6 address of the endpoint. + - !ruby/object:Api::Type::Integer + name: 'port' + description: | + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + Metadata for the endpoint. This data can be consumed + by service clients. The entire metadata dictionary may contain + up to 512 characters, spread across all key-value pairs. + Metadata that goes beyond any these limits will be rejected. + - !ruby/object:Api::Type::String + name: 'network' + immutable: true + description: | + The URL to the network, such as projects/PROJECT_NUMBER/locations/global/networks/NETWORK_NAME. + + diff --git a/mmv1/products/servicedirectory/Namespace.yaml b/mmv1/products/servicedirectory/Namespace.yaml new file mode 100644 index 000000000000..dd1b93703ede --- /dev/null +++ b/mmv1/products/servicedirectory/Namespace.yaml @@ -0,0 +1,65 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Namespace' +base_url: '{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/namespaces?namespaceId={{namespace_id}}' +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configuring a namespace': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_a_namespace' + api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces' +iam_policy: !ruby/object:Api::Resource::IamPolicy + skip_import_test: true + exclude: false + parent_resource_attribute: 'name' + method_name_separator: ':' + fetch_iam_policy_verb: :POST + set_iam_policy_verb: :POST +min_version: beta +description: | + A container for `services`. Namespaces allow administrators to group services + together and define permissions for a collection of services. +parameters: + - !ruby/object:Api::Type::String + name: 'location' + description: | + The location for the Namespace. + A full list of valid locations can be found by running + `gcloud beta service-directory locations list`. + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: namespaceId + description: | + The Resource ID must be 1-63 characters long, including digits, + lowercase letters or the hyphen character. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the namespace + in the format `projects/*/locations/*/namespaces/*`. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels associated with this Namespace. No more than 64 user + labels can be associated with a given resource. Label keys and values can + be no longer than 63 characters. diff --git a/mmv1/products/servicedirectory/Service.yaml b/mmv1/products/servicedirectory/Service.yaml new file mode 100644 index 000000000000..a20cc4f2af3c --- /dev/null +++ b/mmv1/products/servicedirectory/Service.yaml @@ -0,0 +1,63 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Service' +base_url: '{{name}}' +create_url: '{{namespace}}/services?serviceId={{service_id}}' +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configuring a service': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_a_service' + api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services' +iam_policy: !ruby/object:Api::Resource::IamPolicy + skip_import_test: true + exclude: false + parent_resource_attribute: 'name' + method_name_separator: ':' + fetch_iam_policy_verb: :POST + set_iam_policy_verb: :POST +min_version: beta +description: | + An individual service. A service contains a name and optional metadata. +parameters: + - !ruby/object:Api::Type::String + name: 'namespace' + description: | + The resource name of the namespace this service will belong to. + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: serviceId + description: | + The Resource ID must be 1-63 characters long, including digits, + lowercase letters or the hyphen character. + required: true + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The resource name for the service in the + format `projects/*/locations/*/namespaces/*/services/*`. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'metadata' + description: | + Metadata for the service. This data can be consumed + by service clients. The entire metadata dictionary may contain + up to 2000 characters, spread across all key-value pairs. + Metadata that goes beyond any these limits will be rejected. diff --git a/mmv1/products/servicedirectory/api.yaml b/mmv1/products/servicedirectory/api.yaml deleted file mode 100644 index a95cff35f444..000000000000 --- a/mmv1/products/servicedirectory/api.yaml +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: ServiceDirectory -display_name: Service Directory -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://servicedirectory.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Service Directory API - url: https://console.cloud.google.com/apis/library/servicedirectory.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Namespace' - base_url: '{{name}}' - create_url: 'projects/{{project}}/locations/{{location}}/namespaces?namespaceId={{namespace_id}}' - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configuring a namespace': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_a_namespace' - api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces' - iam_policy: !ruby/object:Api::Resource::IamPolicy - skip_import_test: true - exclude: false - parent_resource_attribute: 'name' - method_name_separator: ':' - fetch_iam_policy_verb: :POST - set_iam_policy_verb: :POST - min_version: beta - description: | - A container for `services`. Namespaces allow administrators to group services - together and define permissions for a collection of services. - parameters: - - !ruby/object:Api::Type::String - name: 'location' - description: | - The location for the Namespace. - A full list of valid locations can be found by running - `gcloud beta service-directory locations list`. - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: namespaceId - description: | - The Resource ID must be 1-63 characters long, including digits, - lowercase letters or the hyphen character. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the namespace - in the format `projects/*/locations/*/namespaces/*`. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Resource labels associated with this Namespace. No more than 64 user - labels can be associated with a given resource. Label keys and values can - be no longer than 63 characters. - - !ruby/object:Api::Resource - name: 'Service' - base_url: '{{name}}' - create_url: '{{namespace}}/services?serviceId={{service_id}}' - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configuring a service': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_a_service' - api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services' - iam_policy: !ruby/object:Api::Resource::IamPolicy - skip_import_test: true - exclude: false - parent_resource_attribute: 'name' - method_name_separator: ':' - fetch_iam_policy_verb: :POST - set_iam_policy_verb: :POST - min_version: beta - description: | - An individual service. A service contains a name and optional metadata. - parameters: - - !ruby/object:Api::Type::String - name: 'namespace' - description: | - The resource name of the namespace this service will belong to. - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: serviceId - description: | - The Resource ID must be 1-63 characters long, including digits, - lowercase letters or the hyphen character. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the service in the - format `projects/*/locations/*/namespaces/*/services/*`. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - Metadata for the service. This data can be consumed - by service clients. The entire metadata dictionary may contain - up to 2000 characters, spread across all key-value pairs. - Metadata that goes beyond any these limits will be rejected. - - !ruby/object:Api::Resource - name: 'Endpoint' - base_url: '{{name}}' - create_url: '{{service}}/endpoints?endpointId={{endpoint_id}}' - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configuring an endpoint': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_an_endpoint' - api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services.endpoints' - min_version: beta - description: | - An individual endpoint that provides a service. - parameters: - - !ruby/object:Api::Type::String - name: 'service' - input: true - description: | - The resource name of the service that this endpoint provides. - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: endpointId - description: | - The Resource ID must be 1-63 characters long, including digits, - lowercase letters or the hyphen character. - required: true - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The resource name for the endpoint in the format - `projects/*/locations/*/namespaces/*/services/*/endpoints/*`. - output: true - - !ruby/object:Api::Type::String - name: 'address' - description: | - IPv4 or IPv6 address of the endpoint. - - !ruby/object:Api::Type::Integer - name: 'port' - description: | - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - - !ruby/object:Api::Type::KeyValuePairs - name: 'metadata' - description: | - Metadata for the endpoint. This data can be consumed - by service clients. The entire metadata dictionary may contain - up to 512 characters, spread across all key-value pairs. - Metadata that goes beyond any these limits will be rejected. - - !ruby/object:Api::Type::String - name: 'network' - input: true - description: | - The URL to the network, such as projects/PROJECT_NUMBER/locations/global/networks/NETWORK_NAME. - diff --git a/mmv1/products/servicedirectory/product.yaml b/mmv1/products/servicedirectory/product.yaml new file mode 100644 index 000000000000..2fc20e6f77fd --- /dev/null +++ b/mmv1/products/servicedirectory/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: ServiceDirectory +display_name: Service Directory +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://servicedirectory.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Service Directory API + url: https://console.cloud.google.com/apis/library/servicedirectory.googleapis.com/ diff --git a/mmv1/products/servicemanagement/Service.yaml b/mmv1/products/servicemanagement/Service.yaml new file mode 100644 index 000000000000..daa41ace7571 --- /dev/null +++ b/mmv1/products/servicemanagement/Service.yaml @@ -0,0 +1,24 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Service' +base_url: services +self_link: services/{{service_name}} +description: | + A service that is managed by Google Service Management +properties: + - !ruby/object:Api::Type::String + name: 'serviceName' + description: The name of the service. + required: true diff --git a/mmv1/products/servicemanagement/ServiceConsumers.yaml b/mmv1/products/servicemanagement/ServiceConsumers.yaml new file mode 100644 index 000000000000..b119cefb8bd4 --- /dev/null +++ b/mmv1/products/servicemanagement/ServiceConsumers.yaml @@ -0,0 +1,29 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ServiceConsumers' +base_url: services/{{service_name}}/consumers/{{consumer_project}} +self_link: services/{{service_name}}/consumers/{{consumer_project}} +description: | + A service that is managed by Google Service Management +properties: + - !ruby/object:Api::Type::String + name: 'serviceName' + description: The name of the service. + required: true + - !ruby/object:Api::Type::String + name: 'consumerProject' + description: The service consumer project ID which you are granting permission to + required: true + diff --git a/mmv1/products/servicemanagement/api.yaml b/mmv1/products/servicemanagement/product.yaml similarity index 51% rename from mmv1/products/servicemanagement/api.yaml rename to mmv1/products/servicemanagement/product.yaml index 8f918def5f97..6e093744ff5e 100644 --- a/mmv1/products/servicemanagement/api.yaml +++ b/mmv1/products/servicemanagement/product.yaml @@ -24,30 +24,3 @@ apis_required: - !ruby/object:Api::Product::ApiReference name: Service Management API url: https://console.cloud.google.com/apis/library/servicemanagement.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Service' - base_url: services - self_link: services/{{service_name}} - description: | - A service that is managed by Google Service Management - properties: - - !ruby/object:Api::Type::String - name: 'serviceName' - description: The name of the service. - required: true - - !ruby/object:Api::Resource - name: 'ServiceConsumers' - base_url: services/{{service_name}}/consumers/{{consumer_project}} - self_link: services/{{service_name}}/consumers/{{consumer_project}} - description: | - A service that is managed by Google Service Management - properties: - - !ruby/object:Api::Type::String - name: 'serviceName' - description: The name of the service. - required: true - - !ruby/object:Api::Type::String - name: 'consumerProject' - description: The service consumer project ID which you are granting permission to - required: true diff --git a/mmv1/products/serviceusage/AdminQuotaOverride.yaml b/mmv1/products/serviceusage/AdminQuotaOverride.yaml new file mode 100644 index 000000000000..1306524807d0 --- /dev/null +++ b/mmv1/products/serviceusage/AdminQuotaOverride.yaml @@ -0,0 +1,102 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: AdminQuotaOverride +min_version: beta +base_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides +self_link: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/ +create_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/{{name}}?force={{force}} +update_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/{{name}} +update_verb: :PATCH +delete_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/{{name}}?force={{force}} +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Service Quota': 'https://cloud.google.com/service-usage/docs/manage-quota' + 'REST API documentation': 'https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.adminOverrides' +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - overrides +identity: + - name +description: | + Creates an admin override. An admin override is applied by an administrator of a parent + folder or parent organization of the consumer receiving the override. An admin override is + intended to limit the amount of quota the consumer can use out of the total quota pool + allocated to all children of the folder or organization. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The server-generated name of the quota override. + - !ruby/object:Api::Type::Boolean + name: 'force' + url_param_only: true + default_value: false + description: | + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If `force` is `true`, that safety check is ignored. + - !ruby/object:Api::Type::String + name: 'service' + required: true + url_param_only: true + immutable: true + description: | + The service that the metrics belong to, e.g. `compute.googleapis.com`. + - !ruby/object:Api::Type::String + name: 'metric' + required: true + url_param_only: true + immutable: true + description: | + The metric that should be limited, e.g. `compute.googleapis.com/cpus`. + - !ruby/object:Api::Type::String + name: 'limit' + required: true + url_param_only: true + immutable: true + description: | + The limit on the metric, e.g. `/project/region`. + + ~> Make sure that `limit` is in a format that doesn't start with `1/` or contain curly braces. + E.g. use `/project/user` instead of `1/{project}/{user}`. +properties: + - !ruby/object:Api::Type::String + name: 'overrideValue' + required: true + description: | + The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). + - !ruby/object:Api::Type::KeyValuePairs + name: 'dimensions' + immutable: true + description: | + If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. + diff --git a/mmv1/products/serviceusage/ConsumerQuotaOverride.yaml b/mmv1/products/serviceusage/ConsumerQuotaOverride.yaml new file mode 100644 index 000000000000..573b6a0f0dc8 --- /dev/null +++ b/mmv1/products/serviceusage/ConsumerQuotaOverride.yaml @@ -0,0 +1,101 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: ConsumerQuotaOverride +min_version: beta +base_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides +self_link: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/ +create_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}} +update_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}} +update_verb: :PATCH +delete_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}} +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Service Quota': 'https://cloud.google.com/service-usage/docs/manage-quota ' + 'REST API documentation': 'https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.consumerOverrides' +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: + - overrides +identity: + - name +description: | + A consumer override is applied to the consumer on its own authority to limit its own quota usage. + Consumer overrides cannot be used to grant more quota than would be allowed by admin overrides, + producer overrides, or the default limit of the service. +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The server-generated name of the quota override. + - !ruby/object:Api::Type::Boolean + name: 'force' + url_param_only: true + default_value: false + description: | + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If `force` is `true`, that safety check is ignored. + - !ruby/object:Api::Type::String + name: 'service' + required: true + url_param_only: true + immutable: true + description: | + The service that the metrics belong to, e.g. `compute.googleapis.com`. + - !ruby/object:Api::Type::String + name: 'metric' + required: true + url_param_only: true + immutable: true + description: | + The metric that should be limited, e.g. `compute.googleapis.com/cpus`. + - !ruby/object:Api::Type::String + name: 'limit' + required: true + url_param_only: true + immutable: true + description: | + The limit on the metric, e.g. `/project/region`. + + ~> Make sure that `limit` is in a format that doesn't start with `1/` or contain curly braces. + E.g. use `/project/user` instead of `1/{project}/{user}`. +properties: + - !ruby/object:Api::Type::String + name: 'overrideValue' + required: true + description: | + The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). + - !ruby/object:Api::Type::KeyValuePairs + name: 'dimensions' + immutable: true + description: | + If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. + diff --git a/mmv1/products/serviceusage/api.yaml b/mmv1/products/serviceusage/api.yaml deleted file mode 100644 index 82d7a7f98965..000000000000 --- a/mmv1/products/serviceusage/api.yaml +++ /dev/null @@ -1,284 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- !ruby/object:Api::Product -name: ServiceUsage -display_name: Service Usage -operation_retry: templates/terraform/operation_retry/service_usage.go -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://serviceusage.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://serviceusage.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Service Usage API - url: https://console.cloud.google.com/apis/library/serviceusage.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: AdminQuotaOverride - min_version: beta - base_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides - self_link: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/ - create_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/{{name}}?force={{force}} - update_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/{{name}} - update_verb: :PATCH - delete_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/adminOverrides/{{name}}?force={{force}} - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Getting Started': 'https://cloud.google.com/service-usage/docs/manage-quota#create_consumer_quota_override' - 'REST API documentation': 'https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.adminOverrides' - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - overrides - identity: - - name - description: | - Creates an admin override. An admin override is applied by an administrator of a parent - folder or parent organization of the consumer receiving the override. An admin override is - intended to limit the amount of quota the consumer can use out of the total quota pool - allocated to all children of the folder or organization. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The server-generated name of the quota override. - - !ruby/object:Api::Type::Boolean - name: 'force' - url_param_only: true - default_value: false - description: | - If the new quota would decrease the existing quota by more than 10%, the request is rejected. - If `force` is `true`, that safety check is ignored. - - !ruby/object:Api::Type::String - name: 'service' - required: true - url_param_only: true - input: true - description: | - The service that the metrics belong to, e.g. `compute.googleapis.com`. - - !ruby/object:Api::Type::String - name: 'metric' - required: true - url_param_only: true - input: true - description: | - The metric that should be limited, e.g. `compute.googleapis.com/cpus`. - - !ruby/object:Api::Type::String - name: 'limit' - required: true - url_param_only: true - input: true - description: | - The limit on the metric, e.g. `/project/region`. - - ~> Make sure that `limit` is in a format that doesn't start with `1/` or contain curly braces. - E.g. use `/project/user` instead of `1/{project}/{user}`. - properties: - - !ruby/object:Api::Type::String - name: 'overrideValue' - required: true - description: | - The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). - - !ruby/object:Api::Type::KeyValuePairs - name: 'dimensions' - input: true - description: | - If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. - - - !ruby/object:Api::Resource - name: ConsumerQuotaOverride - min_version: beta - base_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides - self_link: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/ - create_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}} - update_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}} - update_verb: :PATCH - delete_url: projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}} - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Getting Started': 'https://cloud.google.com/service-usage/docs/getting-started' - 'REST API documentation': 'https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.consumerOverrides' - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: - - overrides - identity: - - name - description: | - A consumer override is applied to the consumer on its own authority to limit its own quota usage. - Consumer overrides cannot be used to grant more quota than would be allowed by admin overrides, - producer overrides, or the default limit of the service. - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'name' - output: true - description: | - The server-generated name of the quota override. - - !ruby/object:Api::Type::Boolean - name: 'force' - url_param_only: true - default_value: false - description: | - If the new quota would decrease the existing quota by more than 10%, the request is rejected. - If `force` is `true`, that safety check is ignored. - - !ruby/object:Api::Type::String - name: 'service' - required: true - url_param_only: true - input: true - description: | - The service that the metrics belong to, e.g. `compute.googleapis.com`. - - !ruby/object:Api::Type::String - name: 'metric' - required: true - url_param_only: true - input: true - description: | - The metric that should be limited, e.g. `compute.googleapis.com/cpus`. - - !ruby/object:Api::Type::String - name: 'limit' - required: true - url_param_only: true - input: true - description: | - The limit on the metric, e.g. `/project/region`. - - ~> Make sure that `limit` is in a format that doesn't start with `1/` or contain curly braces. - E.g. use `/project/user` instead of `1/{project}/{user}`. - properties: - - !ruby/object:Api::Type::String - name: 'overrideValue' - required: true - description: | - The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). - - !ruby/object:Api::Type::KeyValuePairs - name: 'dimensions' - input: true - description: | - If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. - - - !ruby/object:Api::Resource - name: Service - base_url: projects/{{project}}/services - self_link: projects/{{project}}/services/{{name}} - create_url: projects/{{project}}/services/{{name}}:enable - delete_url: projects/{{project}}/services/{{name}}:disable - delete_verb: :POST - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Getting Started': 'https://cloud.google.com/service-usage/docs/getting-started' - description: | - A service that is available for use - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - description: | - The resource name of the service - pattern: projects/{{project}}/services/{{name}} - url_param_only: true - - !ruby/object:Api::Type::String - name: parent - description: | - The name of the parent of this service. For example 'projects/123' - output: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: Whether or not the service has been enabled for use by the consumer. - values: - - STATE_UNSPECIFIED - - DISABLED - - ENABLED - output: true - - !ruby/object:Api::Type::Boolean - name: 'disableDependentServices' - description: | - Indicates if dependent services should also be disabled. Can only be turned on if service - is disabled. - - !ruby/object:Api::Type::NestedObject - name: config - description: The service configuration of the available service. - output: true - properties: - - !ruby/object:Api::Type::String - name: name - description: The DNS address at which this service is available. - - !ruby/object:Api::Type::String - name: title - description: The product title for this service - - !ruby/object:Api::Type::Array - name: apis - description: The list of API interfaces exported by this service. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Name of the API - - !ruby/object:Api::Type::String - name: 'version' - description: The version of the API diff --git a/mmv1/products/serviceusage/product.yaml b/mmv1/products/serviceusage/product.yaml new file mode 100644 index 000000000000..36672796aab6 --- /dev/null +++ b/mmv1/products/serviceusage/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- !ruby/object:Api::Product +name: ServiceUsage +display_name: Service Usage +operation_retry: templates/terraform/operation_retry/service_usage.go +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://serviceusage.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://serviceusage.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Service Usage API + url: https://console.cloud.google.com/apis/library/serviceusage.googleapis.com/ diff --git a/mmv1/products/serviceusage/terraform.yaml b/mmv1/products/serviceusage/terraform.yaml index 3ed29561a0e8..f1a7bef2a2ae 100644 --- a/mmv1/products/serviceusage/terraform.yaml +++ b/mmv1/products/serviceusage/terraform.yaml @@ -71,5 +71,3 @@ overrides: !ruby/object:Overrides::ResourceOverrides custom_flatten: 'templates/terraform/custom_flatten/consumer_quote_override_override_value.go.erb' custom_code: !ruby/object:Provider::Terraform::CustomCode test_check_destroy: templates/terraform/custom_check_destroy/consumer_quota_override.go.erb - Service: !ruby/object:Overrides::Terraform::ResourceOverride - exclude: true diff --git a/mmv1/products/sourcerepo/Repository.yaml b/mmv1/products/sourcerepo/Repository.yaml new file mode 100644 index 000000000000..cb9afa49ff8f --- /dev/null +++ b/mmv1/products/sourcerepo/Repository.yaml @@ -0,0 +1,75 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Repository' +base_url: projects/{{project}}/repos +self_link: 'projects/{{project}}/repos/{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/source-repositories/' + api: 'https://cloud.google.com/source-repositories/docs/reference/rest/v1/projects.repos' +collection_url_key: 'repos' +description: | + A repository (or repo) is a Git repository storing versioned source content. +properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + Resource name of the repository, of the form projects/{{project}}/repos/{{repo}}. + The repo name may contain slashes. eg, projects/myproject/repos/name/with/slash + pattern: 'projects/{{project}}/repos/{{name}}' + - !ruby/object:Api::Type::String + name: 'url' + output: true + description: | + URL to clone the repository from Google Cloud Source Repositories. + - !ruby/object:Api::Type::Integer + name: 'size' + output: true + description: | + The disk usage of the repo, in bytes. + - !ruby/object:Api::Type::Map + name: 'pubsubConfigs' + description: | + How this repository publishes a change in the repository through Cloud Pub/Sub. + Keyed by the topic names. + key_name: topic + key_description: | + A topic of Cloud Pub/Sub. Values are of the form projects//topics/. + The project needs to be the same project as this config is in. + value_type: !ruby/object:Api::Type::NestedObject + name: pubsubConfig + properties: + - !ruby/object:Api::Type::Enum + name: 'messageFormat' + description: | + The format of the Cloud Pub/Sub messages. + - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. + - JSON: The message payload is a JSON string of SourceRepoEvent. + values: + - :PROTOBUF + - :JSON + required: true + - !ruby/object:Api::Type::String + name: 'serviceAccountEmail' + description: | + Email address of the service account used for publishing Cloud Pub/Sub messages. + This service account needs to be in the same project as the PubsubConfig. When added, + the caller needs to have iam.serviceAccounts.actAs permission on this service account. + If unspecified, it defaults to the compute engine default service account. + diff --git a/mmv1/products/sourcerepo/api.yaml b/mmv1/products/sourcerepo/api.yaml deleted file mode 100644 index af4dd6c3e664..000000000000 --- a/mmv1/products/sourcerepo/api.yaml +++ /dev/null @@ -1,88 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: SourceRepo -display_name: Cloud Source Repositories -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://sourcerepo.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Source Repositories API - url: https://console.cloud.google.com/apis/library/sourcerepo.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Repository' - base_url: projects/{{project}}/repos - self_link: 'projects/{{project}}/repos/{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/source-repositories/' - api: 'https://cloud.google.com/source-repositories/docs/reference/rest/v1/projects.repos' - collection_url_key: 'repos' - description: | - A repository (or repo) is a Git repository storing versioned source content. - properties: - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - Resource name of the repository, of the form projects/{{project}}/repos/{{repo}}. - The repo name may contain slashes. eg, projects/myproject/repos/name/with/slash - pattern: 'projects/{{project}}/repos/{{name}}' - - !ruby/object:Api::Type::String - name: 'url' - output: true - description: | - URL to clone the repository from Google Cloud Source Repositories. - - !ruby/object:Api::Type::Integer - name: 'size' - output: true - description: | - The disk usage of the repo, in bytes. - - !ruby/object:Api::Type::Map - name: 'pubsubConfigs' - description: | - How this repository publishes a change in the repository through Cloud Pub/Sub. - Keyed by the topic names. - key_name: topic - key_description: | - A topic of Cloud Pub/Sub. Values are of the form projects//topics/. - The project needs to be the same project as this config is in. - value_type: !ruby/object:Api::Type::NestedObject - name: pubsubConfig - properties: - - !ruby/object:Api::Type::Enum - name: 'messageFormat' - description: | - The format of the Cloud Pub/Sub messages. - - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. - - JSON: The message payload is a JSON string of SourceRepoEvent. - values: - - :PROTOBUF - - :JSON - required: true - - !ruby/object:Api::Type::String - name: 'serviceAccountEmail' - description: | - Email address of the service account used for publishing Cloud Pub/Sub messages. - This service account needs to be in the same project as the PubsubConfig. When added, - the caller needs to have iam.serviceAccounts.actAs permission on this service account. - If unspecified, it defaults to the compute engine default service account. diff --git a/mmv1/products/sourcerepo/product.yaml b/mmv1/products/sourcerepo/product.yaml new file mode 100644 index 000000000000..f091aa508b88 --- /dev/null +++ b/mmv1/products/sourcerepo/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: SourceRepo +display_name: Cloud Source Repositories +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://sourcerepo.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Source Repositories API + url: https://console.cloud.google.com/apis/library/sourcerepo.googleapis.com/ diff --git a/mmv1/products/spanner/Database.yaml b/mmv1/products/spanner/Database.yaml new file mode 100644 index 000000000000..7766b26b99b6 --- /dev/null +++ b/mmv1/products/spanner/Database.yaml @@ -0,0 +1,108 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Database' +base_url: projects/{{project}}/instances/{{instance}}/databases +immutable: true +description: | + A Cloud Spanner Database which is hosted on a Spanner instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/spanner/' + api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances.databases' +async: !ruby/object:Api::OpAsync + actions: ['create','update','delete'] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'instance' + resource: 'Instance' + imports: 'name' + description: 'The instance to create the database on.' + required: true +properties: + # This resource returns only one attribute ("name") from which we parse + # "instance", "name", and "project". You will need custom code handling + # to deal with this resource. + - !ruby/object:Api::Type::String + name: 'name' + description: | + A unique identifier for the database, which cannot be changed after + the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9]. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'versionRetentionPeriod' + update_url: projects/{{project}}/instances/{{instance}}/databases/{{name}}/ddl + update_verb: :PATCH + description: | + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to `ddl` that + update the database's version_retention_period. + - !ruby/object:Api::Type::Array + item_type: Api::Type::String + name: 'extraStatements' + update_url: projects/{{project}}/instances/{{instance}}/databases/{{name}}/ddl + update_verb: :PATCH + description: | + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + - !ruby/object:Api::Type::Enum + name: 'state' + description: An explanation of the status of the database. + output: true + # This attribute is not useful - we include it in Terraform for historical + # reasons, but you should most likely not use it. + exclude: true + values: + - :READY + - :CREATING + - !ruby/object:Api::Type::NestedObject + name: 'encryptionConfig' + description: | + Encryption configuration for the database + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + required: true + description: | + Fully qualified name of the KMS key to use to encrypt this database. This key must exist + in the same location as the Spanner Database. + - !ruby/object:Api::Type::Enum + name: 'databaseDialect' + description: | + The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. + values: + - :GOOGLE_STANDARD_SQL + - :POSTGRESQL diff --git a/mmv1/products/spanner/Instance.yaml b/mmv1/products/spanner/Instance.yaml new file mode 100644 index 000000000000..8d09f224ca51 --- /dev/null +++ b/mmv1/products/spanner/Instance.yaml @@ -0,0 +1,102 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +base_url: projects/{{project}}/instances +update_verb: :PATCH +description: | + An isolated set of Cloud Spanner resources on which databases can be + hosted. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/spanner/' + api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances' +async: !ruby/object:Api::OpAsync + actions: ['create', 'update'] + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + A unique identifier for the instance, which cannot be changed after + the instance is created. The name must be between 6 and 30 characters + in length. + immutable: true + required: true + - !ruby/object:Api::Type::ResourceRef + name: 'config' + resource: 'InstanceConfig' + imports: 'name' + description: | + The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form `regional-europe-west1` , `us-central` etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + immutable: true + required: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + required: true + - !ruby/object:Api::Type::Integer + name: 'nodeCount' + description: | + The number of nodes allocated to this instance. Exactly one of either node_count or processing_units + must be present in terraform. + exactly_one_of: + - num_nodes + - processing_units + - !ruby/object:Api::Type::Integer + name: 'processingUnits' + description: | + The number of processing units allocated to this instance. Exactly one of processing_units + or node_count must be present in terraform. + exactly_one_of: + - num_nodes + - processing_units + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + Instance status: `CREATING` or `READY`. + output: true + # This attribute is not useful - we include it in Terraform for historical + # reasons, but you should most likely not use it. + exclude: true + values: + - :READY + - :CREATING diff --git a/mmv1/products/spanner/InstanceConfig.yaml b/mmv1/products/spanner/InstanceConfig.yaml new file mode 100644 index 000000000000..967b0ea20a64 --- /dev/null +++ b/mmv1/products/spanner/InstanceConfig.yaml @@ -0,0 +1,31 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'InstanceConfig' +base_url: 'projects/{{project}}/instanceConfigs' +description: | + A possible configuration for a Cloud Spanner instance. Configurations + define the geographic placement of nodes and their replication. +readonly: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + A unique identifier for the instance configuration. Values are of the + form projects//instanceConfigs/[a-z][-a-z0-9]* + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + The name of this instance configuration as it appears in UIs. + output: true diff --git a/mmv1/products/spanner/api.yaml b/mmv1/products/spanner/api.yaml deleted file mode 100644 index 2198d9d137f2..000000000000 --- a/mmv1/products/spanner/api.yaml +++ /dev/null @@ -1,229 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Spanner -display_name: Cloud Spanner -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://spanner.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/spanner.admin -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud Spanner API - url: https://console.cloud.google.com/apis/library/spanner.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'InstanceConfig' - base_url: 'projects/{{project}}/instanceConfigs' - description: | - A possible configuration for a Cloud Spanner instance. Configurations - define the geographic placement of nodes and their replication. - readonly: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - A unique identifier for the instance configuration. Values are of the - form projects//instanceConfigs/[a-z][-a-z0-9]* - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The name of this instance configuration as it appears in UIs. - output: true - - !ruby/object:Api::Resource - name: 'Instance' - base_url: projects/{{project}}/instances - update_verb: :PATCH - description: | - An isolated set of Cloud Spanner resources on which databases can be - hosted. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/spanner/' - api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances' - async: !ruby/object:Api::OpAsync - actions: ['create', 'update'] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - A unique identifier for the instance, which cannot be changed after - the instance is created. The name must be between 6 and 30 characters - in length. - input: true - required: true - - !ruby/object:Api::Type::ResourceRef - name: 'config' - resource: 'InstanceConfig' - imports: 'name' - description: | - The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form `regional-europe-west1` , `us-central` etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). - input: true - required: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: | - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. - required: true - - !ruby/object:Api::Type::Integer - name: 'nodeCount' - description: | - The number of nodes allocated to this instance. Exactly one of either node_count or processing_units - must be present in terraform. - exactly_one_of: - - num_nodes - - processing_units - - !ruby/object:Api::Type::Integer - name: 'processingUnits' - description: | - The number of processing units allocated to this instance. Exactly one of processing_units - or node_count must be present in terraform. - exactly_one_of: - - num_nodes - - processing_units - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - An object containing a list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - Instance status: `CREATING` or `READY`. - output: true - # This attribute is not useful - we include it in Terraform for historical - # reasons, but you should most likely not use it. - exclude: true - values: - - :READY - - :CREATING - - !ruby/object:Api::Resource - name: 'Database' - base_url: projects/{{project}}/instances/{{instance}}/databases - input: true - description: | - A Cloud Spanner Database which is hosted on a Spanner instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/spanner/' - api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances.databases' - async: !ruby/object:Api::OpAsync - actions: ['create','update','delete'] - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'instance' - resource: 'Instance' - imports: 'name' - description: 'The instance to create the database on.' - required: true - properties: - # This resource returns only one attribute ("name") from which we parse - # "instance", "name", and "project". You will need custom code handling - # to deal with this resource. - - !ruby/object:Api::Type::String - name: 'name' - description: | - A unique identifier for the database, which cannot be changed after - the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9]. - input: true - required: true - - !ruby/object:Api::Type::String - name: 'versionRetentionPeriod' - update_url: projects/{{project}}/instances/{{instance}}/databases/{{name}}/ddl - update_verb: :PATCH - description: | - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to `ddl` that - update the database's version_retention_period. - - !ruby/object:Api::Type::Array - item_type: Api::Type::String - name: 'extraStatements' - update_url: projects/{{project}}/instances/{{instance}}/databases/{{name}}/ddl - update_verb: :PATCH - description: | - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - - !ruby/object:Api::Type::Enum - name: 'state' - description: An explanation of the status of the database. - output: true - # This attribute is not useful - we include it in Terraform for historical - # reasons, but you should most likely not use it. - exclude: true - values: - - :READY - - :CREATING - - !ruby/object:Api::Type::NestedObject - name: 'encryptionConfig' - description: | - Encryption configuration for the database - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - required: true - description: | - Fully qualified name of the KMS key to use to encrypt this database. This key must exist - in the same location as the Spanner Database. - - !ruby/object:Api::Type::Enum - name: 'databaseDialect' - description: | - The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. - values: - - :GOOGLE_STANDARD_SQL - - :POSTGRESQL \ No newline at end of file diff --git a/mmv1/products/spanner/product.yaml b/mmv1/products/spanner/product.yaml new file mode 100644 index 000000000000..87e0f1204e19 --- /dev/null +++ b/mmv1/products/spanner/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Spanner +display_name: Cloud Spanner +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://spanner.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/spanner.admin +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Spanner API + url: https://console.cloud.google.com/apis/library/spanner.googleapis.com/ diff --git a/mmv1/products/sql/Database.yaml b/mmv1/products/sql/Database.yaml new file mode 100644 index 000000000000..4ee791f85428 --- /dev/null +++ b/mmv1/products/sql/Database.yaml @@ -0,0 +1,54 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Database' +kind: 'sql#database' +base_url: projects/{{project}}/instances/{{instance}}/databases +has_self_link: true +collection_url_key: 'items' +description: | + Represents a SQL database inside the Cloud SQL instance, hosted in + Google's cloud. +parameters: + - !ruby/object:Api::Type::String + name: 'instance' + description: | + The name of the Cloud SQL instance. This does not include the project + ID. + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'charset' + description: | + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of `UTF8` at creation time. + - !ruby/object:Api::Type::String + name: 'collation' + description: | + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of `en_US.UTF8` at creation time. + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + description: | + The name of the database in the Cloud SQL instance. + This does not include the project ID or instance name. diff --git a/mmv1/products/sql/Flag.yaml b/mmv1/products/sql/Flag.yaml new file mode 100644 index 000000000000..008089348cca --- /dev/null +++ b/mmv1/products/sql/Flag.yaml @@ -0,0 +1,61 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Flag' +kind: 'sql#flag' +description: + 'Represents a flag that can be configured for a Cloud SQL instance.' +base_url: flags +self_link: flags +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: ['items'] +readonly: true +properties: + - !ruby/object:Api::Type::Array + name: 'allowedStringValues' + item_type: Api::Type::String + description: + 'For STRING flags, List of strings that the value can be set to.' + output: true + - !ruby/object:Api::Type::Array + name: 'appliesTo' + item_type: Api::Type::String + description: 'The database versions this flag is supported for.' + output: true + - !ruby/object:Api::Type::Integer + name: 'maxValue' + description: 'For INTEGER flags, the maximum allowed value.' + output: true + - !ruby/object:Api::Type::Integer + name: 'minValue' + description: 'For INTEGER flags, the minimum allowed value.' + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + This is the name of the flag. Flag names always use underscores, not + hyphens, e.g. max_allowed_packet + - !ruby/object:Api::Type::Boolean + name: 'requiresRestart' + description: | + Indicates whether changing this flag will trigger a database restart. + Only applicable to Second Generation instances. + output: true + - !ruby/object:Api::Type::String + name: 'type' + description: | + The type of the flag. Flags are typed to being BOOLEAN, STRING, + INTEGER or NONE. NONE is used for flags which do not take a value, + such as skip_grant_tables. + output: true diff --git a/mmv1/products/sql/Instance.yaml b/mmv1/products/sql/Instance.yaml new file mode 100644 index 000000000000..1a12ffdfe783 --- /dev/null +++ b/mmv1/products/sql/Instance.yaml @@ -0,0 +1,432 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Instance' +kind: 'sql#instance' +base_url: projects/{{project}}/instances +description: | + Represents a Cloud SQL instance. Cloud SQL instances are SQL databases + hosted in Google's cloud. The Instances resource provides methods for + common configuration and management tasks. +collection_url_key: 'items' +properties: + - !ruby/object:Api::Type::Enum + name: 'backendType' + description: | + * FIRST_GEN: First Generation instance. MySQL only. + * SECOND_GEN: Second Generation instance or PostgreSQL instance. + * EXTERNAL: A database server that is not managed by Google. + values: + - :FIRST_GEN + - :SECOND_GEN + - :EXTERNAL + - !ruby/object:Api::Type::String + name: 'connectionName' + description: | + Connection name of the Cloud SQL instance used in connection strings. + # currentDiskSize (long) [DEPRECATED] + # | - !ruby/object:Api::Type::Long + # | name: 'currentDiskSize' + # | description: | + # | The current disk usage of the instance in bytes. This property has + # | been deprecated. Users should use the + # | "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud + # | Monitoring API instead. Please see + # | https://groups.google.com/d/msg/google-cloud-sql-announce/ + # | I_7-F9EBhT0/BtvFtdFeAgAJ for details. + - !ruby/object:Api::Type::Enum + name: 'databaseVersion' + description: | + The database engine type and version. For First Generation instances, + can be MYSQL_5_5, or MYSQL_5_6. For Second Generation instances, can + be MYSQL_5_6 or MYSQL_5_7. Defaults to MYSQL_5_6. + PostgreSQL instances: POSTGRES_9_6 + + The databaseVersion property can not be changed after instance + creation. + values: + - :MYSQL_5_5 + - :MYSQL_5_6 + - :MYSQL_5_7 + - :POSTGRES_9_6 + - !ruby/object:Api::Type::NestedObject + name: 'failoverReplica' + description: | + The name and status of the failover replica. This property is + applicable only to Second Generation instances. + properties: + - !ruby/object:Api::Type::Boolean + name: 'available' + description: | + The availability status of the failover replica. A false status + indicates that the failover replica is out of sync. The master + can only failover to the failover replica when the status is true. + output: true + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the failover replica. If specified at instance + creation, a failover replica is created for the instance. The name + doesn't include the project ID. This property is applicable only + to Second Generation instances. + - !ruby/object:Api::Type::Enum + name: 'instanceType' + description: | + The instance type. This can be one of the following. + * CLOUD_SQL_INSTANCE: A Cloud SQL instance that is not replicating + from a master. + * ON_PREMISES_INSTANCE: An instance running on the customer's + premises. + * READ_REPLICA_INSTANCE: A Cloud SQL instance configured as a + read-replica. + values: + - :CLOUD_SQL_INSTANCE + - :ON_PREMISES_INSTANCE + - :READ_REPLICA_INSTANCE + - !ruby/object:Api::Type::Array + name: 'ipAddresses' + description: 'The assigned IP addresses for the instance.' + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipAddress' + description: 'The IP address assigned.' + - !ruby/object:Api::Type::Time + name: 'timeToRetire' + description: | + The due time for this IP to be retired in RFC 3339 format, for + example 2012-11-15T16:19:00.094Z. This field is only available + when the IP is scheduled to be retired. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + The type of this IP address. A PRIMARY address is an address + that can accept incoming connections. An OUTGOING address is the + source address of connections originating from the instance, if + supported. + values: + - :PRIMARY + - :OUTGOING + - !ruby/object:Api::Type::String + name: 'ipv6Address' + description: | + The IPv6 address assigned to the instance. This property is applicable + only to First Generation instances. + - !ruby/object:Api::Type::String + name: 'masterInstanceName' + description: | + The name of the instance which will act as master in the replication + setup. + - !ruby/object:Api::Type::Integer + name: 'maxDiskSize' + description: 'The maximum disk size of the instance in bytes.' + - !ruby/object:Api::Type::String + name: 'name' + description: | + Name of the Cloud SQL instance. This does not include the project + ID. + required: true + # TODO(alexstephen): Investigate if worth to make this depend on compute's + # region as a resource reference. (low priority, non launch blocker) + - !ruby/object:Api::Type::String + name: 'region' + description: | + The geographical region. Defaults to us-central or us-central1 + depending on the instance type (First Generation or Second + Generation/PostgreSQL). + - !ruby/object:Api::Type::NestedObject + name: 'replicaConfiguration' + description: | + Configuration specific to failover replicas and read replicas. + properties: + - !ruby/object:Api::Type::Boolean + name: 'failoverTarget' + description: | + Specifies if the replica is the failover target. If the field is + set to true the replica will be designated as a failover replica. + In case the master instance fails, the replica instance will be + promoted as the new master instance. + + Only one replica can be specified as failover target, and the + replica has to be in different zone with the master instance. + # TODO(nelsonjr): Is this needed or output only? + # | - !ruby/object:Api::Type::Constant + # | name: 'kind' + # | description: | + # | This is always sql#replicaConfiguration. + # | value: 'sql#replicaConfiguration' + - !ruby/object:Api::Type::NestedObject + name: 'mysqlReplicaConfiguration' + description: | + MySQL specific configuration when replicating from a MySQL + on-premises master. Replication configuration information such as + the username, password, certificates, and keys are not stored in + the instance metadata. The configuration information is used + only to set up the replication connection and is stored by MySQL + in a file named master.info in the data directory. + properties: + - !ruby/object:Api::Type::String + name: 'caCertificate' + description: | + PEM representation of the trusted CA's x509 certificate. + - !ruby/object:Api::Type::String + name: 'clientCertificate' + description: | + PEM representation of the replica's x509 certificate + - !ruby/object:Api::Type::String + name: 'clientKey' + description: | + PEM representation of the replica's private key. The + corresponding public key is encoded in the client's certificate. + - !ruby/object:Api::Type::Integer + name: 'connectRetryInterval' + description: | + Seconds to wait between connect retries. MySQL's default is 60 + seconds. + - !ruby/object:Api::Type::String + name: 'dumpFilePath' + description: | + Path to a SQL dump file in Google Cloud Storage from which the + replica instance is to be created. The URI is in the form + gs://bucketName/fileName. Compressed gzip files (.gz) are + also supported. Dumps should have the binlog coordinates from + which replication should begin. This can be accomplished by + setting --master-data to 1 when using mysqldump. + # TODO(nelsonjr): Is this needed or output only? + # | - !ruby/object:Api::Type::Constant + # | name: 'kind' + # | description: 'This is always sql#mysqlReplicaConfiguration.' + # | value: 'sql#mysqlReplicaConfiguration' + - !ruby/object:Api::Type::Integer + name: 'masterHeartbeatPeriod' + description: | + Interval in milliseconds between replication heartbeats. + - !ruby/object:Api::Type::String + name: 'password' + description: | + The password for the replication connection. + - !ruby/object:Api::Type::String + name: 'sslCipher' + description: | + A list of permissible ciphers to use for SSL encryption. + - !ruby/object:Api::Type::String + name: 'username' + description: | + The username for the replication connection. + - !ruby/object:Api::Type::Boolean + name: 'verifyServerCertificate' + description: | + Whether or not to check the master's Common Name value in the + certificate that it sends during the SSL handshake. + - !ruby/object:Api::Type::Array + name: 'replicaNames' + description: | + The replicas of the instance. + item_type: Api::Type::String + # TODO(nelsonjr): Parameter is unclear. Review this property when + # http://b/62686412 is addressed. + # | - !ruby/object:Api::Type::NestedObject + # | name: 'serverCaCert' + # | description: 'SSL configuration.' + - !ruby/object:Api::Type::String + name: 'serviceAccountEmailAddress' + description: | + The service account email address assigned to the instance. This + property is applicable only to Second Generation instances. + # TODO(nelsonjr): Add other settings properties + - !ruby/object:Api::Type::NestedObject + name: 'settings' + description: 'The user settings.' + properties: + - !ruby/object:Api::Type::Array + name: 'databaseFlags' + description: The database flags passed to the instance at startup + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the flag. These flags are passed at instance + startup, so include both server options and system + variables for MySQL. Flags should be specified with + underscores, not hyphens. + - !ruby/object:Api::Type::String + name: 'value' + description: | + The value of the flag. Booleans should be set to on for + true and off for false. This field must be omitted if the + flag doesn't take a value. + #- !ruby/object:Api::Type::Constant + # name: 'kind' + # value: 'sql#settings' + - !ruby/object:Api::Type::NestedObject + name: 'ipConfiguration' + description: | + The settings for IP Management. This allows to enable or disable + the instance IP and manage which external networks can connect to + the instance. The IPv4 address cannot be disabled for Second + Generation instances. + properties: + - !ruby/object:Api::Type::Boolean + name: 'ipv4Enabled' + description: | + Whether the instance should be assigned an IP address or not. + - !ruby/object:Api::Type::Array + name: 'authorizedNetworks' + description: | + The list of external networks that are allowed to connect to + the instance using the IP. In CIDR notation, also known as + 'slash' notation (e.g. 192.168.100.0/24). + item_type: !ruby/object:Api::Type::NestedObject + properties: + #- !ruby/object:Api::Type::Constant + # name: 'kind' + # value: 'sql#aclEntry' + - !ruby/object:Api::Type::Time + name: 'expirationTime' + description: | + The time when this access control entry expires in RFC + 3339 format, for example 2012-11-15T16:19:00.094Z. + - !ruby/object:Api::Type::String + name: 'name' + description: 'An optional label to identify this entry.' + - !ruby/object:Api::Type::String + name: 'value' + description: | + The whitelisted value for the access control list. For + example, to grant access to a client from an external IP + (IPv4 or IPv6) address or subnet, use that address or + subnet here. + - !ruby/object:Api::Type::Boolean + name: 'requireSsl' + description: | + Whether the mysqld should default to 'REQUIRE X509' for + users connecting over IP. + - !ruby/object:Api::Type::String + name: 'tier' + description: | + The tier or machine type for this instance, for + example db-n1-standard-1. For MySQL instances, this field + determines whether the instance is Second Generation (recommended) + or First Generation. + - !ruby/object:Api::Type::Enum + name: 'availabilityType' + description: | + The availabilityType define if your postgres instance is run zonal + or regional. + values: + - :ZONAL + - :REGIONAL + - !ruby/object:Api::Type::NestedObject + name: 'backupConfiguration' + description: | + The daily backup configuration for the instance. + properties: + #- !ruby/object:Api::Type::Constant + # name: 'kind' + # value: 'sql#backupConfiguration' + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + Enable Autobackup for your instance. + - !ruby/object:Api::Type::Boolean + name: 'binaryLogEnabled' + description: | + Whether binary log is enabled. If backup configuration + is disabled, binary log must be disabled as well. MySQL only. + - !ruby/object:Api::Type::String + name: 'startTime' + description: | + Define the backup start time in UTC (HH:MM) + - !ruby/object:Api::Type::Integer + name: 'settingsVersion' + output: true + description: | + The version of instance settings. This is a required field for + update method to make sure concurrent updates are handled properly. + During update, use the most recent settingsVersion value for this + instance and do not try to update this value. + - !ruby/object:Api::Type::KeyValuePairs + name: 'userLabels' + description: | + User-provided labels, represented as a dictionary where each label is a single key value pair. + - !ruby/object:Api::Type::Boolean + name: 'deletionProtectionEnabled' + description: | + Configuration to protect against accidental instance deletion. + - !ruby/object:Api::Type::String + name: 'gceZone' + output: true + description: | + The Compute Engine zone that the instance is currently serving from. This value could be + different from the zone that was specified when the instance was created if the instance + has failed over to its secondary zone. + - !ruby/object:Api::Type::Enum + name: 'state' + output: true + description: | + The current serving state of the database instance. + values: + - :SQL_INSTANCE_STATE_UNSPECIFIED + - :RUNNABLE + - :SUSPENDED + - :PENDING_DELETE + - :PENDING_CREATE + - :MAINTENANCE + - :FAILED + - !ruby/object:Api::Type::NestedObject + name: 'diskEncryptionConfiguration' + description: 'Disk encryption settings' + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + The KMS key used to encrypt the Cloud SQL instance + - !ruby/object:Api::Type::NestedObject + name: 'diskEncryptionStatus' + description: 'Disk encryption status' + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyVersionName' + description: | + The KMS key version used to encrypt the Cloud SQL instance + - !ruby/object:Api::Type::NestedObject + name: 'serverCaCert' + description: 'SSL configuration' + output: true + properties: + - !ruby/object:Api::Type::String + name: 'cert' + description: 'PEM representation of the X.509 certificate.' + - !ruby/object:Api::Type::String + name: 'certSerialNumber' + description: 'Serial number, as extracted from the certificate.' + - !ruby/object:Api::Type::String + name: 'commonName' + description: 'User supplied name. Constrained to [a-zA-Z.-_ ]+.' + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time when the certificate was created in RFC 3339 format, for + example 2012-11-15T16:19:00.094Z. + - !ruby/object:Api::Type::Time + name: 'expirationTime' + description: | + The time when the certificate expires in RFC 3339 format, for example + 2012-11-15T16:19:00.094Z. + - !ruby/object:Api::Type::String + name: 'sha1Fingerprint' + description: | + SHA-1 fingerprint of the certificate. diff --git a/mmv1/products/sql/SourceRepresentationInstance.yaml b/mmv1/products/sql/SourceRepresentationInstance.yaml new file mode 100644 index 000000000000..6c184e378b52 --- /dev/null +++ b/mmv1/products/sql/SourceRepresentationInstance.yaml @@ -0,0 +1,88 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SourceRepresentationInstance' +kind: 'sql#instance' +description: | + A source representation instance is a Cloud SQL instance that represents + the source database server to the Cloud SQL replica. It is visible in the + Cloud Console and appears the same as a regular Cloud SQL instance, but it + contains no data, requires no configuration or maintenance, and does not + affect billing. You cannot update the source representation instance. +base_url: projects/{{project}}/instances +immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The name of the source representation instance. Use any valid Cloud SQL instance name. + required: true + - !ruby/object:Api::Type::String + name: 'region' + description: | + The region where you want your Cloud SQL replicas to reside. + required: true + - !ruby/object:Api::Type::Enum + name: 'databaseVersion' + description: | + The MySQL version running on your source database server. + required: true + values: + - :MYSQL_5_5 + - :MYSQL_5_6 + - :MYSQL_5_7 + - :MYSQL_8_0 + - !ruby/object:Api::Type::NestedObject + name: 'onPremisesConfiguration' + description: | + Configuration specific to on-premises instances. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'host' + description: | + The externally accessible IPv4 address for the source database server. + required: true + - !ruby/object:Api::Type::Integer + name: 'port' + default_value: 3306 + description: | + The externally accessible port for the source database server. + Defaults to 3306. + - !ruby/object:Api::Type::String + name: 'username' + description: | + The replication user account on the external server. + - !ruby/object:Api::Type::String + name: 'password' + description: | + The password for the replication user account. + - !ruby/object:Api::Type::String + name: 'dumpFilePath' + description: | + A file in the bucket that contains the data from the external server. + - !ruby/object:Api::Type::String + name: 'caCertificate' + description: | + The CA certificate on the external server. Include only if SSL/TLS is used on the external server. + - !ruby/object:Api::Type::String + name: 'clientCertificate' + description: | + The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server. + - !ruby/object:Api::Type::String + name: 'clientKey' + description: | + The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server. + + diff --git a/mmv1/products/sql/SslCert.yaml b/mmv1/products/sql/SslCert.yaml new file mode 100644 index 000000000000..104504309761 --- /dev/null +++ b/mmv1/products/sql/SslCert.yaml @@ -0,0 +1,59 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SslCert' +kind: 'sql#sslCert' +base_url: projects/{{project}}/instances/{{instance}}/sslCerts +self_link: 'projects/{{project}}/instances/{{instance}}/sslCerts/{{sha1_fingerprint}}' +readonly: true # we're not enforcing state as it is all server-side driven. +description: | + Represents an SSL certificate created for a Cloud SQL instance. To use the + SSL certificate you must have the SSL Client Certificate and the + associated SSL Client Key. The Client Key can be downloaded only when the + SSL certificate is created with the insert method. +identity: + - sha1Fingerprint +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'instance' + description: | + The name of the Cloud SQL instance. This does not include the project + ID. + resource: 'Instance' + imports: 'name' + required: true + - !ruby/object:Api::Type::String + name: 'sha1Fingerprint' + description: 'The SHA-1 of the certificate.' + required: true +properties: + - !ruby/object:Api::Type::String + name: 'cert' + description: 'PEM representation of the X.509 certificate.' + - !ruby/object:Api::Type::String + name: 'certSerialNumber' + description: 'Serial number, as extracted from the certificate.' + - !ruby/object:Api::Type::String + name: 'commonName' + description: 'User supplied name. Constrained to [a-zA-Z.-_ ]+.' + - !ruby/object:Api::Type::Time + name: 'createTime' + description: | + The time when the certificate was created in RFC 3339 format, for + example 2012-11-15T16:19:00.094Z. + - !ruby/object:Api::Type::Time + name: 'expirationTime' + description: | + The time when the certificate expires in RFC 3339 format, for example + 2012-11-15T16:19:00.094Z. diff --git a/mmv1/products/sql/Tier.yaml b/mmv1/products/sql/Tier.yaml new file mode 100644 index 000000000000..1c7c17a5c63c --- /dev/null +++ b/mmv1/products/sql/Tier.yaml @@ -0,0 +1,50 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Tier' +kind: 'sql#tier' +description: | + The Tiers resource represents a service configuration that can be used to + define a Cloud SQL instance. Each tier has an associated RAM, maximum + storage, and list of regions in which the tier can be used. Available + tiers vary depending on whether you use PostgreSQL, MySQL Second + Generation, or MySQL First Generation instances. +base_url: projects/{{project}}/tiers +self_link: projects/{{project}}/tiers +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: ['items'] +identity: + - tier +readonly: true +parameters: + - !ruby/object:Api::Type::String + name: 'tier' + description: | + An identifier for the service tier or machine type, for example, + db-n1-standard-1. For related information. + required: true +properties: + - !ruby/object:Api::Type::Integer + name: 'DiskQuota' + description: 'The maximum disk size of this tier in bytes.' + output: true + - !ruby/object:Api::Type::Integer + name: 'RAM' + description: 'The maximum RAM usage of this tier in bytes.' + output: true + - !ruby/object:Api::Type::Array + name: 'region' + item_type: Api::Type::String + description: 'The applicable regions for this tier.' + output: true diff --git a/mmv1/products/sql/User.yaml b/mmv1/products/sql/User.yaml new file mode 100644 index 000000000000..dfbfa271ff9c --- /dev/null +++ b/mmv1/products/sql/User.yaml @@ -0,0 +1,52 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'User' +kind: 'sql#user' +base_url: projects/{{project}}/instances/{{instance}}/users +self_link: 'projects/{{project}}/instances/{{instance}}/users?name={{name}}&host={{host}}' +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: ['items'] +collection_url_key: 'items' +identity: + - name + - host +description: | + The Users resource represents a database user in a Cloud SQL instance. +parameters: + - !ruby/object:Api::Type::ResourceRef + name: 'instance' + description: | + The name of the Cloud SQL instance. This does not include the project + ID. + resource: 'Instance' + imports: 'name' + required: true + - !ruby/object:Api::Type::String + name: 'password' + description: 'The password for the user.' + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'host' + description: | + The host name from which the user can connect. For insert operations, + host defaults to an empty string. For update operations, host is + specified as part of the request URL. The host name cannot be updated + after insertion. + required: true + - !ruby/object:Api::Type::String + name: 'name' + description: 'The name of the user in the Cloud SQL instance.' + required: true diff --git a/mmv1/products/sql/api.yaml b/mmv1/products/sql/api.yaml deleted file mode 100644 index 0f1b4a0034b3..000000000000 --- a/mmv1/products/sql/api.yaml +++ /dev/null @@ -1,760 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: SQL -display_name: Cloud SQL -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://sqladmin.googleapis.com/sql/v1beta4/ -scopes: - - https://www.googleapis.com/auth/sqlservice.admin -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Cloud SQL Admin API - url: https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - kind: 'sql#operation' - path: 'name' - base_url: 'projects/{{project}}/operations/{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'targetLink' - status: !ruby/object:Api::OpAsync::Status - path: 'status' - complete: 'DONE' - allowed: - - 'PENDING' - - 'RUNNING' - - 'DONE' - error: !ruby/object:Api::OpAsync::Error - path: 'error/errors' - message: 'message' -objects: - # 'BackupRun' is not idempotent and will not be covered. - # | - !ruby/object:Api::Resource - # | name: 'BackupRun' - # | kind: 'sql#backupRun' - # | base_url: projects/{{project}}/instances/{{instance}}/backupRuns - - !ruby/object:Api::Resource - name: 'Instance' - kind: 'sql#instance' - base_url: projects/{{project}}/instances - description: | - Represents a Cloud SQL instance. Cloud SQL instances are SQL databases - hosted in Google's cloud. The Instances resource provides methods for - common configuration and management tasks. - collection_url_key: 'items' - properties: - - !ruby/object:Api::Type::Enum - name: 'backendType' - description: | - * FIRST_GEN: First Generation instance. MySQL only. - * SECOND_GEN: Second Generation instance or PostgreSQL instance. - * EXTERNAL: A database server that is not managed by Google. - values: - - :FIRST_GEN - - :SECOND_GEN - - :EXTERNAL - - !ruby/object:Api::Type::String - name: 'connectionName' - description: | - Connection name of the Cloud SQL instance used in connection strings. - # currentDiskSize (long) [DEPRECATED] - # | - !ruby/object:Api::Type::Long - # | name: 'currentDiskSize' - # | description: | - # | The current disk usage of the instance in bytes. This property has - # | been deprecated. Users should use the - # | "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud - # | Monitoring API instead. Please see - # | https://groups.google.com/d/msg/google-cloud-sql-announce/ - # | I_7-F9EBhT0/BtvFtdFeAgAJ for details. - - !ruby/object:Api::Type::Enum - name: 'databaseVersion' - description: | - The database engine type and version. For First Generation instances, - can be MYSQL_5_5, or MYSQL_5_6. For Second Generation instances, can - be MYSQL_5_6 or MYSQL_5_7. Defaults to MYSQL_5_6. - PostgreSQL instances: POSTGRES_9_6 - - The databaseVersion property can not be changed after instance - creation. - values: - - :MYSQL_5_5 - - :MYSQL_5_6 - - :MYSQL_5_7 - - :POSTGRES_9_6 - - !ruby/object:Api::Type::NestedObject - name: 'failoverReplica' - description: | - The name and status of the failover replica. This property is - applicable only to Second Generation instances. - properties: - - !ruby/object:Api::Type::Boolean - name: 'available' - description: | - The availability status of the failover replica. A false status - indicates that the failover replica is out of sync. The master - can only failover to the failover replica when the status is true. - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the failover replica. If specified at instance - creation, a failover replica is created for the instance. The name - doesn't include the project ID. This property is applicable only - to Second Generation instances. - - !ruby/object:Api::Type::Enum - name: 'instanceType' - description: | - The instance type. This can be one of the following. - * CLOUD_SQL_INSTANCE: A Cloud SQL instance that is not replicating - from a master. - * ON_PREMISES_INSTANCE: An instance running on the customer's - premises. - * READ_REPLICA_INSTANCE: A Cloud SQL instance configured as a - read-replica. - values: - - :CLOUD_SQL_INSTANCE - - :ON_PREMISES_INSTANCE - - :READ_REPLICA_INSTANCE - - !ruby/object:Api::Type::Array - name: 'ipAddresses' - description: 'The assigned IP addresses for the instance.' - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipAddress' - description: 'The IP address assigned.' - - !ruby/object:Api::Type::Time - name: 'timeToRetire' - description: | - The due time for this IP to be retired in RFC 3339 format, for - example 2012-11-15T16:19:00.094Z. This field is only available - when the IP is scheduled to be retired. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - The type of this IP address. A PRIMARY address is an address - that can accept incoming connections. An OUTGOING address is the - source address of connections originating from the instance, if - supported. - values: - - :PRIMARY - - :OUTGOING - - !ruby/object:Api::Type::String - name: 'ipv6Address' - description: | - The IPv6 address assigned to the instance. This property is applicable - only to First Generation instances. - - !ruby/object:Api::Type::String - name: 'masterInstanceName' - description: | - The name of the instance which will act as master in the replication - setup. - - !ruby/object:Api::Type::Integer - name: 'maxDiskSize' - description: 'The maximum disk size of the instance in bytes.' - - !ruby/object:Api::Type::String - name: 'name' - description: | - Name of the Cloud SQL instance. This does not include the project - ID. - required: true - # TODO(alexstephen): Investigate if worth to make this depend on compute's - # region as a resource reference. (low priority, non launch blocker) - - !ruby/object:Api::Type::String - name: 'region' - description: | - The geographical region. Defaults to us-central or us-central1 - depending on the instance type (First Generation or Second - Generation/PostgreSQL). - - !ruby/object:Api::Type::NestedObject - name: 'replicaConfiguration' - description: | - Configuration specific to failover replicas and read replicas. - properties: - - !ruby/object:Api::Type::Boolean - name: 'failoverTarget' - description: | - Specifies if the replica is the failover target. If the field is - set to true the replica will be designated as a failover replica. - In case the master instance fails, the replica instance will be - promoted as the new master instance. - - Only one replica can be specified as failover target, and the - replica has to be in different zone with the master instance. - # TODO(nelsonjr): Is this needed or output only? - # | - !ruby/object:Api::Type::Constant - # | name: 'kind' - # | description: | - # | This is always sql#replicaConfiguration. - # | value: 'sql#replicaConfiguration' - - !ruby/object:Api::Type::NestedObject - name: 'mysqlReplicaConfiguration' - description: | - MySQL specific configuration when replicating from a MySQL - on-premises master. Replication configuration information such as - the username, password, certificates, and keys are not stored in - the instance metadata. The configuration information is used - only to set up the replication connection and is stored by MySQL - in a file named master.info in the data directory. - properties: - - !ruby/object:Api::Type::String - name: 'caCertificate' - description: | - PEM representation of the trusted CA's x509 certificate. - - !ruby/object:Api::Type::String - name: 'clientCertificate' - description: | - PEM representation of the replica's x509 certificate - - !ruby/object:Api::Type::String - name: 'clientKey' - description: | - PEM representation of the replica's private key. The - corresponding public key is encoded in the client's certificate. - - !ruby/object:Api::Type::Integer - name: 'connectRetryInterval' - description: | - Seconds to wait between connect retries. MySQL's default is 60 - seconds. - - !ruby/object:Api::Type::String - name: 'dumpFilePath' - description: | - Path to a SQL dump file in Google Cloud Storage from which the - replica instance is to be created. The URI is in the form - gs://bucketName/fileName. Compressed gzip files (.gz) are - also supported. Dumps should have the binlog coordinates from - which replication should begin. This can be accomplished by - setting --master-data to 1 when using mysqldump. - # TODO(nelsonjr): Is this needed or output only? - # | - !ruby/object:Api::Type::Constant - # | name: 'kind' - # | description: 'This is always sql#mysqlReplicaConfiguration.' - # | value: 'sql#mysqlReplicaConfiguration' - - !ruby/object:Api::Type::Integer - name: 'masterHeartbeatPeriod' - description: | - Interval in milliseconds between replication heartbeats. - - !ruby/object:Api::Type::String - name: 'password' - description: | - The password for the replication connection. - - !ruby/object:Api::Type::String - name: 'sslCipher' - description: | - A list of permissible ciphers to use for SSL encryption. - - !ruby/object:Api::Type::String - name: 'username' - description: | - The username for the replication connection. - - !ruby/object:Api::Type::Boolean - name: 'verifyServerCertificate' - description: | - Whether or not to check the master's Common Name value in the - certificate that it sends during the SSL handshake. - - !ruby/object:Api::Type::Array - name: 'replicaNames' - description: | - The replicas of the instance. - item_type: Api::Type::String - # TODO(nelsonjr): Parameter is unclear. Review this property when - # http://b/62686412 is addressed. - # | - !ruby/object:Api::Type::NestedObject - # | name: 'serverCaCert' - # | description: 'SSL configuration.' - - !ruby/object:Api::Type::String - name: 'serviceAccountEmailAddress' - description: | - The service account email address assigned to the instance. This - property is applicable only to Second Generation instances. - # TODO(nelsonjr): Add other settings properties - - !ruby/object:Api::Type::NestedObject - name: 'settings' - description: 'The user settings.' - properties: - - !ruby/object:Api::Type::Array - name: 'databaseFlags' - description: The database flags passed to the instance at startup - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the flag. These flags are passed at instance - startup, so include both server options and system - variables for MySQL. Flags should be specified with - underscores, not hyphens. - - !ruby/object:Api::Type::String - name: 'value' - description: | - The value of the flag. Booleans should be set to on for - true and off for false. This field must be omitted if the - flag doesn't take a value. - #- !ruby/object:Api::Type::Constant - # name: 'kind' - # value: 'sql#settings' - - !ruby/object:Api::Type::NestedObject - name: 'ipConfiguration' - description: | - The settings for IP Management. This allows to enable or disable - the instance IP and manage which external networks can connect to - the instance. The IPv4 address cannot be disabled for Second - Generation instances. - properties: - - !ruby/object:Api::Type::Boolean - name: 'ipv4Enabled' - description: | - Whether the instance should be assigned an IP address or not. - - !ruby/object:Api::Type::Array - name: 'authorizedNetworks' - description: | - The list of external networks that are allowed to connect to - the instance using the IP. In CIDR notation, also known as - 'slash' notation (e.g. 192.168.100.0/24). - item_type: !ruby/object:Api::Type::NestedObject - properties: - #- !ruby/object:Api::Type::Constant - # name: 'kind' - # value: 'sql#aclEntry' - - !ruby/object:Api::Type::Time - name: 'expirationTime' - description: | - The time when this access control entry expires in RFC - 3339 format, for example 2012-11-15T16:19:00.094Z. - - !ruby/object:Api::Type::String - name: 'name' - description: 'An optional label to identify this entry.' - - !ruby/object:Api::Type::String - name: 'value' - description: | - The whitelisted value for the access control list. For - example, to grant access to a client from an external IP - (IPv4 or IPv6) address or subnet, use that address or - subnet here. - - !ruby/object:Api::Type::Boolean - name: 'requireSsl' - description: | - Whether the mysqld should default to 'REQUIRE X509' for - users connecting over IP. - - !ruby/object:Api::Type::String - name: 'tier' - description: | - The tier or machine type for this instance, for - example db-n1-standard-1. For MySQL instances, this field - determines whether the instance is Second Generation (recommended) - or First Generation. - - !ruby/object:Api::Type::Enum - name: 'availabilityType' - description: | - The availabilityType define if your postgres instance is run zonal - or regional. - values: - - :ZONAL - - :REGIONAL - - !ruby/object:Api::Type::NestedObject - name: 'backupConfiguration' - description: | - The daily backup configuration for the instance. - properties: - #- !ruby/object:Api::Type::Constant - # name: 'kind' - # value: 'sql#backupConfiguration' - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - Enable Autobackup for your instance. - - !ruby/object:Api::Type::Boolean - name: 'binaryLogEnabled' - description: | - Whether binary log is enabled. If backup configuration - is disabled, binary log must be disabled as well. MySQL only. - - !ruby/object:Api::Type::String - name: 'startTime' - description: | - Define the backup start time in UTC (HH:MM) - - !ruby/object:Api::Type::Integer - name: 'settingsVersion' - output: true - description: | - The version of instance settings. This is a required field for - update method to make sure concurrent updates are handled properly. - During update, use the most recent settingsVersion value for this - instance and do not try to update this value. - - !ruby/object:Api::Type::KeyValuePairs - name: 'userLabels' - description: | - User-provided labels, represented as a dictionary where each label is a single key value pair. - - !ruby/object:Api::Type::Boolean - name: 'deletionProtectionEnabled' - description: | - Configuration to protect against accidental instance deletion. - - !ruby/object:Api::Type::String - name: 'gceZone' - output: true - description: | - The Compute Engine zone that the instance is currently serving from. This value could be - different from the zone that was specified when the instance was created if the instance - has failed over to its secondary zone. - - !ruby/object:Api::Type::Enum - name: 'state' - output: true - description: | - The current serving state of the database instance. - values: - - :SQL_INSTANCE_STATE_UNSPECIFIED - - :RUNNABLE - - :SUSPENDED - - :PENDING_DELETE - - :PENDING_CREATE - - :MAINTENANCE - - :FAILED - - !ruby/object:Api::Type::NestedObject - name: 'diskEncryptionConfiguration' - description: 'Disk encryption settings' - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - description: | - The KMS key used to encrypt the Cloud SQL instance - - !ruby/object:Api::Type::NestedObject - name: 'diskEncryptionStatus' - description: 'Disk encryption status' - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyVersionName' - description: | - The KMS key version used to encrypt the Cloud SQL instance - - !ruby/object:Api::Type::NestedObject - name: 'serverCaCert' - description: 'SSL configuration' - output: true - properties: - - !ruby/object:Api::Type::String - name: 'cert' - description: 'PEM representation of the X.509 certificate.' - - !ruby/object:Api::Type::String - name: 'certSerialNumber' - description: 'Serial number, as extracted from the certificate.' - - !ruby/object:Api::Type::String - name: 'commonName' - description: 'User supplied name. Constrained to [a-zA-Z.-_ ]+.' - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time when the certificate was created in RFC 3339 format, for - example 2012-11-15T16:19:00.094Z. - - !ruby/object:Api::Type::Time - name: 'expirationTime' - description: | - The time when the certificate expires in RFC 3339 format, for example - 2012-11-15T16:19:00.094Z. - - !ruby/object:Api::Type::String - name: 'sha1Fingerprint' - description: | - SHA-1 fingerprint of the certificate. - - !ruby/object:Api::Resource - name: 'Database' - kind: 'sql#database' - base_url: projects/{{project}}/instances/{{instance}}/databases - has_self_link: true - collection_url_key: 'items' - description: | - Represents a SQL database inside the Cloud SQL instance, hosted in - Google's cloud. - parameters: - - !ruby/object:Api::Type::String - name: 'instance' - description: | - The name of the Cloud SQL instance. This does not include the project - ID. - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'charset' - description: | - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of `UTF8` at creation time. - - !ruby/object:Api::Type::String - name: 'collation' - description: | - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of `en_US.UTF8` at creation time. - - !ruby/object:Api::Type::String - name: 'name' - required: true - input: true - description: | - The name of the database in the Cloud SQL instance. - This does not include the project ID or instance name. - - !ruby/object:Api::Resource - name: 'User' - kind: 'sql#user' - base_url: projects/{{project}}/instances/{{instance}}/users - self_link: 'projects/{{project}}/instances/{{instance}}/users?name={{name}}&host={{host}}' - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: ['items'] - collection_url_key: 'items' - identity: - - name - - host - description: | - The Users resource represents a database user in a Cloud SQL instance. - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'instance' - description: | - The name of the Cloud SQL instance. This does not include the project - ID. - resource: 'Instance' - imports: 'name' - required: true - - !ruby/object:Api::Type::String - name: 'password' - description: 'The password for the user.' - input: true - properties: - - !ruby/object:Api::Type::String - name: 'host' - description: | - The host name from which the user can connect. For insert operations, - host defaults to an empty string. For update operations, host is - specified as part of the request URL. The host name cannot be updated - after insertion. - required: true - - !ruby/object:Api::Type::String - name: 'name' - description: 'The name of the user in the Cloud SQL instance.' - required: true - - !ruby/object:Api::Resource - name: 'SslCert' - kind: 'sql#sslCert' - base_url: projects/{{project}}/instances/{{instance}}/sslCerts - self_link: 'projects/{{project}}/instances/{{instance}}/sslCerts/{{sha1_fingerprint}}' - readonly: true # we're not enforcing state as it is all server-side driven. - description: | - Represents an SSL certificate created for a Cloud SQL instance. To use the - SSL certificate you must have the SSL Client Certificate and the - associated SSL Client Key. The Client Key can be downloaded only when the - SSL certificate is created with the insert method. - identity: - - sha1Fingerprint - parameters: - - !ruby/object:Api::Type::ResourceRef - name: 'instance' - description: | - The name of the Cloud SQL instance. This does not include the project - ID. - resource: 'Instance' - imports: 'name' - required: true - - !ruby/object:Api::Type::String - name: 'sha1Fingerprint' - description: 'The SHA-1 of the certificate.' - required: true - properties: - - !ruby/object:Api::Type::String - name: 'cert' - description: 'PEM representation of the X.509 certificate.' - - !ruby/object:Api::Type::String - name: 'certSerialNumber' - description: 'Serial number, as extracted from the certificate.' - - !ruby/object:Api::Type::String - name: 'commonName' - description: 'User supplied name. Constrained to [a-zA-Z.-_ ]+.' - - !ruby/object:Api::Type::Time - name: 'createTime' - description: | - The time when the certificate was created in RFC 3339 format, for - example 2012-11-15T16:19:00.094Z. - - !ruby/object:Api::Type::Time - name: 'expirationTime' - description: | - The time when the certificate expires in RFC 3339 format, for example - 2012-11-15T16:19:00.094Z. - - !ruby/object:Api::Resource - name: 'Flag' - kind: 'sql#flag' - description: - 'Represents a flag that can be configured for a Cloud SQL instance.' - base_url: flags - self_link: flags - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: ['items'] - readonly: true - properties: - - !ruby/object:Api::Type::Array - name: 'allowedStringValues' - item_type: Api::Type::String - description: - 'For STRING flags, List of strings that the value can be set to.' - output: true - - !ruby/object:Api::Type::Array - name: 'appliesTo' - item_type: Api::Type::String - description: 'The database versions this flag is supported for.' - output: true - - !ruby/object:Api::Type::Integer - name: 'maxValue' - description: 'For INTEGER flags, the maximum allowed value.' - output: true - - !ruby/object:Api::Type::Integer - name: 'minValue' - description: 'For INTEGER flags, the minimum allowed value.' - output: true - - !ruby/object:Api::Type::String - name: 'name' - description: | - This is the name of the flag. Flag names always use underscores, not - hyphens, e.g. max_allowed_packet - - !ruby/object:Api::Type::Boolean - name: 'requiresRestart' - description: | - Indicates whether changing this flag will trigger a database restart. - Only applicable to Second Generation instances. - output: true - - !ruby/object:Api::Type::String - name: 'type' - description: | - The type of the flag. Flags are typed to being BOOLEAN, STRING, - INTEGER or NONE. NONE is used for flags which do not take a value, - such as skip_grant_tables. - output: true - - !ruby/object:Api::Resource - name: 'Tier' - kind: 'sql#tier' - description: | - The Tiers resource represents a service configuration that can be used to - define a Cloud SQL instance. Each tier has an associated RAM, maximum - storage, and list of regions in which the tier can be used. Available - tiers vary depending on whether you use PostgreSQL, MySQL Second - Generation, or MySQL First Generation instances. - base_url: projects/{{project}}/tiers - self_link: projects/{{project}}/tiers - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: ['items'] - identity: - - tier - readonly: true - parameters: - - !ruby/object:Api::Type::String - name: 'tier' - description: | - An identifier for the service tier or machine type, for example, - db-n1-standard-1. For related information. - required: true - properties: - - !ruby/object:Api::Type::Integer - name: 'DiskQuota' - description: 'The maximum disk size of this tier in bytes.' - output: true - - !ruby/object:Api::Type::Integer - name: 'RAM' - description: 'The maximum RAM usage of this tier in bytes.' - output: true - - !ruby/object:Api::Type::Array - name: 'region' - item_type: Api::Type::String - description: 'The applicable regions for this tier.' - output: true - - !ruby/object:Api::Resource - name: 'SourceRepresentationInstance' - kind: 'sql#instance' - description: | - A source representation instance is a Cloud SQL instance that represents - the source database server to the Cloud SQL replica. It is visible in the - Cloud Console and appears the same as a regular Cloud SQL instance, but it - contains no data, requires no configuration or maintenance, and does not - affect billing. You cannot update the source representation instance. - base_url: projects/{{project}}/instances - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The name of the source representation instance. Use any valid Cloud SQL instance name. - required: true - - !ruby/object:Api::Type::String - name: 'region' - description: | - The region where you want your Cloud SQL replicas to reside. - required: true - - !ruby/object:Api::Type::Enum - name: 'databaseVersion' - description: | - The MySQL version running on your source database server. - required: true - values: - - :MYSQL_5_5 - - :MYSQL_5_6 - - :MYSQL_5_7 - - :MYSQL_8_0 - - !ruby/object:Api::Type::NestedObject - name: 'onPremisesConfiguration' - description: | - Configuration specific to on-premises instances. - required: true - properties: - - !ruby/object:Api::Type::String - name: 'host' - description: | - The externally accessible IPv4 address for the source database server. - required: true - - !ruby/object:Api::Type::Integer - name: 'port' - default_value: 3306 - description: | - The externally accessible port for the source database server. - Defaults to 3306. - - !ruby/object:Api::Type::String - name: 'username' - description: | - The replication user account on the external server. - - !ruby/object:Api::Type::String - name: 'password' - description: | - The password for the replication user account. - - !ruby/object:Api::Type::String - name: 'dumpFilePath' - description: | - A file in the bucket that contains the data from the external server. - - !ruby/object:Api::Type::String - name: 'caCertificate' - description: | - The CA certificate on the external server. Include only if SSL/TLS is used on the external server. - - !ruby/object:Api::Type::String - name: 'clientCertificate' - description: | - The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server. - - !ruby/object:Api::Type::String - name: 'clientKey' - description: | - The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server. - - # 'Operation' is not idempotent and will not be covered. - # (it is used internally to assert the state of operations being performed) - # | - !ruby/object:Api::Resource - # | name: 'Operation' - # | kind: 'sql#operation' - # | base_url: projects/{{project}}/operations diff --git a/mmv1/products/sql/product.yaml b/mmv1/products/sql/product.yaml new file mode 100644 index 000000000000..fd6b2b3e3a4b --- /dev/null +++ b/mmv1/products/sql/product.yaml @@ -0,0 +1,55 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: SQL +display_name: Cloud SQL +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://sqladmin.googleapis.com/sql/v1beta4/ +scopes: + - https://www.googleapis.com/auth/sqlservice.admin +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud SQL Admin API + url: https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'sql#operation' + path: 'name' + base_url: 'projects/{{project}}/operations/{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'targetLink' + status: !ruby/object:Api::OpAsync::Status + path: 'status' + complete: 'DONE' + allowed: + - 'PENDING' + - 'RUNNING' + - 'DONE' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' + # 'BackupRun' is not idempotent and will not be covered. + # | - !ruby/object:Api::Resource + # | name: 'BackupRun' + # | kind: 'sql#backupRun' + # | base_url: projects/{{project}}/instances/{{instance}}/backupRuns + # 'Operation' is not idempotent and will not be covered. + # (it is used internally to assert the state of operations being performed) + # | - !ruby/object:Api::Resource + # | name: 'Operation' + # | kind: 'sql#operation' + # | base_url: projects/{{project}}/operations diff --git a/mmv1/products/storage/Bucket.yaml b/mmv1/products/storage/Bucket.yaml new file mode 100644 index 000000000000..5cab634ea27d --- /dev/null +++ b/mmv1/products/storage/Bucket.yaml @@ -0,0 +1,488 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Bucket' +kind: 'storage#bucket' +base_url: b?project={{project}} +self_link: b/{{name}}?projection=full +collection_url_key: items +description: | + The Buckets resource represents a bucket in Google Cloud Storage. There is + a single global namespace shared by all buckets. For more information, see + Bucket Name Requirements. + + Buckets contain objects which can be accessed by their own methods. In + addition to the acl property, buckets contain bucketAccessControls, for + use in fine-grained manipulation of an existing bucket's access controls. + + A bucket is always owned by the project team owners group. +iam_policy: !ruby/object:Api::Resource::IamPolicy + exclude_validator: true + allowed_iam_role: 'roles/storage.objectViewer' + admin_iam_role: 'roles/storage.admin' + parent_resource_attribute: 'bucket' + base_url: 'b/{{name}}' + import_format: ['b/{{name}}', '{{name}}'] + iam_conditions_request_type: :QUERY_PARAM + fetch_iam_policy_method: 'iam' + set_iam_policy_method: 'iam' + set_iam_policy_verb: :PUT + wrapped_policy_obj: false + custom_diff_suppress: 'templates/terraform/iam/storage_bucket_diff_suppress.go.erb' +properties: + - !ruby/object:Api::Type::Array + name: 'acl' + item_type: Api::Type::String + description: 'Access controls on the bucket.' + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'bucket' + resource: 'Bucket' + imports: 'name' + description: 'The name of the bucket.' + required: true + - !ruby/object:Api::Type::String + name: 'domain' + description: 'The domain associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'email' + description: 'The email address associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'entity' + description: | + The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + required: true + - !ruby/object:Api::Type::String + name: 'entityId' + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + - !ruby/object:Api::Type::String + name: 'id' + description: 'The ID of the access-control entry.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'projectTeam' + description: 'The project team associated with the entity' + properties: + - !ruby/object:Api::Type::String + name: 'projectNumber' + description: 'The project team associated with the entity' + - !ruby/object:Api::Type::Enum + name: 'team' + description: 'The team.' + values: + - :editors + - :owners + - :viewers + - !ruby/object:Api::Type::Enum + name: 'role' + description: 'The access permission for the entity.' + values: + - :OWNER + - :READER + - :WRITER + - !ruby/object:Api::Type::Array + name: 'cors' + description: | + The bucket's Cross-Origin Resource Sharing (CORS) configuration. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: 'maxAgeSeconds' + description: | + The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + - !ruby/object:Api::Type::Array + name: 'method' + description: | + The list of HTTP methods on which to include CORS response + headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the + list of methods, and means "any method". + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'origin' + description: | + The list of Origins eligible to receive CORS response headers. + Note: "*" is permitted in the list of origins, and means "any + Origin". + item_type: Api::Type::String + - !ruby/object:Api::Type::Array + name: 'responseHeader' + description: | + The list of HTTP headers other than the simple response headers + to give permission for the user-agent to share across domains. + item_type: Api::Type::String + - !ruby/object:Api::Type::Boolean + name: 'defaultEventBasedHold' + description: | + Whether or not to automatically apply an eventBasedHold to new objects + added to the bucket. + - !ruby/object:Api::Type::Array + name: 'defaultObjectAcl' + description: | + Default access controls to apply to new objects when no ACL is + provided. + immutable: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::ResourceRef + name: 'bucket' + resource: 'Bucket' + imports: 'name' + description: 'The name of the bucket.' + required: true + - !ruby/object:Api::Type::String + name: 'domain' + description: 'The domain associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'email' + description: 'The email address associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'entity' + required: true + description: | + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + - !ruby/object:Api::Type::String + name: 'entityId' + output: true + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + - !ruby/object:Api::Type::Integer + name: 'generation' + description: 'The content generation of the object, if applied to an object.' + output: true + - !ruby/object:Api::Type::String + name: 'id' + description: 'The ID of the access-control entry.' + output: true + - !ruby/object:Api::Type::String + name: 'object' + description: 'The name of the object, if applied to an object.' + required: false + - !ruby/object:Api::Type::NestedObject + name: 'projectTeam' + description: 'The project team associated with the entity' + output: true + properties: + - !ruby/object:Api::Type::String + name: 'projectNumber' + description: 'The project team associated with the entity' + - !ruby/object:Api::Type::Enum + name: 'team' + description: 'The team.' + values: + - :editors + - :owners + - :viewers + - !ruby/object:Api::Type::Enum + name: 'role' + description: 'The access permission for the entity.' + required: true + values: + - :OWNER + - :READER + # | 'etag' is not applicable for state convergence. + - !ruby/object:Api::Type::String + name: 'id' + description: | + The ID of the bucket. For buckets, the id and name properities are the + same. + output: true + - !ruby/object:Api::Type::NestedObject + name: 'lifecycle' + description: | + The bucket's lifecycle configuration. + + See https://developers.google.com/storage/docs/lifecycle for more + information. + properties: + - !ruby/object:Api::Type::Array + name: 'rule' + description: | + A lifecycle management rule, which is made of an action to take + and the condition(s) under which the action will be taken. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::NestedObject + name: 'action' + description: 'The action to take.' + properties: + - !ruby/object:Api::Type::String + name: 'storageClass' + description: | + Target storage class. Required iff the type of the + action is SetStorageClass. + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + Type of the action. Currently, only Delete and + SetStorageClass are supported. + values: + - 'Delete' + - 'SetStorageClass' + - !ruby/object:Api::Type::NestedObject + name: 'condition' + description: | + The condition(s) under which the action will be taken. + properties: + - !ruby/object:Api::Type::Integer + name: 'ageDays' + api_name: 'age' + description: | + Age of an object (in days). This condition is satisfied + when an object reaches the specified age. + - !ruby/object:Api::Type::Time + name: 'createdBefore' + description: | + A date in RFC 3339 format with only the date part (for + instance, "2013-01-15"). This condition is satisfied + when an object is created before midnight of the + specified date in UTC. + - !ruby/object:Api::Type::Time + name: 'customTimeBefore' + description: | + A date in the RFC 3339 format YYYY-MM-DD. This condition + is satisfied when the customTime metadata for the object + is set to an earlier date than the date used in + this lifecycle condition. + - !ruby/object:Api::Type::Integer + name: 'daysSinceCustomTime' + description: | + Days since the date set in the customTime metadata for the + object. This condition is satisfied when the current date + and time is at least the specified number of days after + the customTime. + - !ruby/object:Api::Type::Integer + name: 'daysSinceNoncurrentTime' + description: | + Relevant only for versioned objects. This condition is + satisfied when an object has been noncurrent for more than + the specified number of days. + - !ruby/object:Api::Type::Boolean + name: 'isLive' + description: | + Relevant only for versioned objects. If the value is + true, this condition matches live objects; if the value + is false, it matches archived objects. + - !ruby/object:Api::Type::Array + name: 'matchesStorageClass' + description: | + Objects having any of the storage classes specified by + this condition will be matched. Values include + MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, + STANDARD, and DURABLE_REDUCED_AVAILABILITY. + item_type: Api::Type::String + - !ruby/object:Api::Type::Time + name: 'noncurrentTimeBefore' + description: | + Relevant only for versioned objects. A date in the + RFC 3339 format YYYY-MM-DD. This condition is satisfied + for objects that became noncurrent on a date prior to the + one specified in this condition. + - !ruby/object:Api::Type::Integer + name: 'numNewerVersions' + description: | + Relevant only for versioned objects. If the value is N, + this condition is satisfied when there are at least N + versions (including the live version) newer than this + version of the object. + - !ruby/object:Api::Type::String + name: 'location' + description: | + The location of the bucket. Object data for objects in the bucket + resides in physical storage within this region. Defaults to US. See + the developer's guide for the authoritative list. + - !ruby/object:Api::Type::NestedObject + name: 'logging' + description: | + The bucket's logging configuration, which defines the destination + bucket and optional name prefix for the current bucket's logs. + properties: + - !ruby/object:Api::Type::String + name: 'logBucket' + description: | + The destination bucket where the current bucket's logs should be + placed. + - !ruby/object:Api::Type::String + name: 'logObjectPrefix' + description: 'A prefix for log object names.' + - !ruby/object:Api::Type::Integer + name: 'metageneration' + description: 'The metadata generation of this bucket.' + - !ruby/object:Api::Type::String + name: 'name' + description: 'The name of the bucket' + - !ruby/object:Api::Type::NestedObject + name: 'owner' + description: | + The owner of the bucket. This is always the project team's owner + group. + properties: + - !ruby/object:Api::Type::String + name: 'entity' + description: 'The entity, in the form project-owner-projectId.' + - !ruby/object:Api::Type::String + name: 'entityId' + description: 'The ID for the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'projectNumber' + description: 'The project number of the project the bucket belongs to.' + output: true + - !ruby/object:Api::Type::Enum + name: 'storageClass' + description: | + The bucket's default storage class, used whenever no storageClass is + specified for a newly-created object. This defines how objects in the + bucket are stored and determines the SLA and the cost of storage. + Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, + COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is + not specified when the bucket is created, it will default to + STANDARD. For more information, see storage classes. + values: + - :MULTI_REGIONAL + - :REGIONAL + - :STANDARD + - :NEARLINE + - :COLDLINE + - :ARCHIVE + - :DURABLE_REDUCED_AVAILABILITY + - !ruby/object:Api::Type::Time + name: 'timeCreated' + description: 'The creation time of the bucket in RFC 3339 format.' + output: true + - !ruby/object:Api::Type::Time + name: 'updated' + description: 'The modification time of the bucket in RFC 3339 format.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'versioning' + description: "The bucket's versioning configuration." + properties: + - !ruby/object:Api::Type::Boolean + name: 'enabled' + description: | + While set to true, versioning is fully enabled for this bucket. + - !ruby/object:Api::Type::NestedObject + name: 'website' + description: | + The bucket's website configuration, controlling how the service + behaves when accessing bucket contents as a web site. See the Static + Website Examples for more information. + properties: + - !ruby/object:Api::Type::String + name: 'mainPageSuffix' + description: | + If the requested object path is missing, the service will ensure + the path has a trailing '/', append this suffix, and attempt to + retrieve the resulting object. This allows the creation of + index.html objects to represent directory pages. + - !ruby/object:Api::Type::String + name: 'notFoundPage' + description: | + If the requested object path is missing, and any mainPageSuffix + object is missing, if applicable, the service will return the + named object from this bucket as the content for a 404 Not Found + result. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels applied to this bucket. A list of key->value pairs. + - !ruby/object:Api::Type::NestedObject + name: 'encryption' + description: | + Encryption configuration for the bucket + properties: + - !ruby/object:Api::Type::String + name: 'defaultKmsKeyName' + description: | + A Cloud KMS key that will be used to encrypt objects inserted into this bucket, + if no encryption method is specified. + - !ruby/object:Api::Type::NestedObject + name: 'retentionPolicy' + description: | + Retention policy for the bucket + properties: + - !ruby/object:Api::Type::Time + name: 'effectiveTime' + description: | + The time from which the retention policy was effective + - !ruby/object:Api::Type::Boolean + name: 'isLocked' + description: | + If the retention policy is locked. If true, the retention policy cannot be removed and the period cannot + be reduced. + - !ruby/object:Api::Type::Integer + name: 'retentionPeriod' + description: | + The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, + overwritten, or made noncurrent. +parameters: + - !ruby/object:Api::Type::String + name: 'project' + description: 'A valid API project identifier.' + immutable: true + - !ruby/object:Api::Type::Enum + name: 'predefinedDefaultObjectAcl' + description: | + Apply a predefined set of default object access controls to this + bucket. + + Acceptable values are: + - "authenticatedRead": Object owner gets OWNER access, and + allAuthenticatedUsers get READER access. + - "bucketOwnerFullControl": Object owner gets OWNER access, and + project team owners get OWNER access. + - "bucketOwnerRead": Object owner gets OWNER access, and project + team owners get READER access. + - "private": Object owner gets OWNER access. + - "projectPrivate": Object owner gets OWNER access, and project team + members get access according to their roles. + - "publicRead": Object owner gets OWNER access, and allUsers get + READER access. + values: + - :authenticatedRead + - :bucketOwnerFullControl + - :bucketOwnerRead + - :private + - :projectPrivate + - :publicRead + immutable: true diff --git a/mmv1/products/storage/BucketAccessControl.yaml b/mmv1/products/storage/BucketAccessControl.yaml new file mode 100644 index 000000000000..b77d565549f1 --- /dev/null +++ b/mmv1/products/storage/BucketAccessControl.yaml @@ -0,0 +1,106 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'BucketAccessControl' +kind: 'storage#bucketAccessControl' +base_url: b/{{bucket}}/acl +self_link: b/{{bucket}}/acl/{{entity}} +collection_url_key: items +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/lists' + api: 'https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls' +description: | + The BucketAccessControls resource represents the Access Control Lists + (ACLs) for buckets within Google Cloud Storage. ACLs let you specify who + has access to your data and to what extent. + + There are three roles that can be assigned to an entity: + + READERs can get the bucket, though no acl property will be returned, and + list the bucket's objects. WRITERs are READERs, and they can insert + objects into the bucket and delete the bucket's objects. OWNERs are + WRITERs, and they can get the acl property of a bucket, update a bucket, + and call all BucketAccessControls methods on the bucket. For more + information, see Access Control, with the caveat that this API uses + READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL. +identity: + - entity +properties: + - !ruby/object:Api::Type::ResourceRef + name: 'bucket' + resource: 'Bucket' + imports: 'name' + description: 'The name of the bucket.' + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'domain' + description: 'The domain associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'email' + description: 'The email address associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'entity' + description: | + The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + required: true + immutable: true + - !ruby/object:Api::Type::String + name: 'entityId' + description: 'The ID for the entity' + output: true + # | 'etag' is not applicable for state convergence. + - !ruby/object:Api::Type::String + name: 'id' + description: 'The ID of the access-control entry.' + output: true + - !ruby/object:Api::Type::NestedObject + name: 'projectTeam' + description: 'The project team associated with the entity' + output: true + properties: + - !ruby/object:Api::Type::String + name: 'projectNumber' + description: 'The project team associated with the entity' + - !ruby/object:Api::Type::Enum + name: 'team' + description: 'The team.' + values: + - :editors + - :owners + - :viewers + - !ruby/object:Api::Type::Enum + name: 'role' + description: 'The access permission for the entity.' + values: + - :OWNER + - :READER + - :WRITER diff --git a/mmv1/products/storage/DefaultObjectACL.yaml b/mmv1/products/storage/DefaultObjectACL.yaml new file mode 100644 index 000000000000..7235c3022d31 --- /dev/null +++ b/mmv1/products/storage/DefaultObjectACL.yaml @@ -0,0 +1,103 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'DefaultObjectACL' +kind: 'storage#objectAccessControl' +base_url: b/{{bucket}}/defaultObjectAcl +self_link: b/{{bucket}}/defaultObjectAcl/{{entity}} +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists' + api: 'https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls' +description: | + The DefaultObjectAccessControls resources represent the Access Control + Lists (ACLs) applied to a new object within a Google Cloud Storage bucket + when no ACL was provided for that object. ACLs let you specify who has + access to your bucket contents and to what extent. + + There are two roles that can be assigned to an entity: + + READERs can get an object, though the acl property will not be revealed. + OWNERs are READERs, and they can get the acl property, update an object, + and call all objectAccessControls methods on the object. The owner of an + object is always an OWNER. + For more information, see Access Control, with the caveat that this API + uses READER and OWNER instead of READ and FULL_CONTROL. +properties: + - !ruby/object:Api::Type::ResourceRef + name: 'bucket' + resource: 'Bucket' + imports: 'name' + description: 'The name of the bucket.' + required: true + - !ruby/object:Api::Type::String + name: 'domain' + description: 'The domain associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'email' + description: 'The email address associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'entity' + required: true + description: | + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + - !ruby/object:Api::Type::String + name: 'entityId' + output: true + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + - !ruby/object:Api::Type::Integer + name: 'generation' + description: 'The content generation of the object, if applied to an object.' + output: true + - !ruby/object:Api::Type::String + name: 'id' + description: 'The ID of the access-control entry.' + output: true + - !ruby/object:Api::Type::String + name: 'object' + description: 'The name of the object, if applied to an object.' + required: false + - !ruby/object:Api::Type::NestedObject + name: 'projectTeam' + description: 'The project team associated with the entity' + output: true + properties: + - !ruby/object:Api::Type::String + name: 'projectNumber' + description: 'The project team associated with the entity' + - !ruby/object:Api::Type::Enum + name: 'team' + description: 'The team.' + values: + - :editors + - :owners + - :viewers + - !ruby/object:Api::Type::Enum + name: 'role' + description: 'The access permission for the entity.' + required: true + values: + - :OWNER + - :READER diff --git a/mmv1/products/storage/HmacKey.yaml b/mmv1/products/storage/HmacKey.yaml new file mode 100644 index 000000000000..8772f953390a --- /dev/null +++ b/mmv1/products/storage/HmacKey.yaml @@ -0,0 +1,74 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'HmacKey' +kind: 'storage#hmacKey' +base_url: projects/{{project}}/hmacKeys +create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{serviceAccountEmail}} +self_link: projects/{{project}}/hmacKeys/{{accessId}} +# technically updatable, but implemented as custom update for new fingerprint support +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys' + api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys' +description: | + The hmacKeys resource represents an HMAC key within Cloud Storage. The resource + consists of a secret and HMAC key metadata. HMAC keys can be used as credentials + for service accounts. +properties: + - !ruby/object:Api::Type::String + name: 'serviceAccountEmail' + description: | + The email address of the key's associated service account. + required: true + - !ruby/object:Api::Type::Enum + name: 'state' + description: | + The state of the key. Can be set to one of ACTIVE, INACTIVE. + default_value: :ACTIVE + values: + - :ACTIVE + - :INACTIVE + # - :DELETED (not directly settable) + update_verb: :PUT + update_url: projects/{{project}}/hmacKeys/{{accessId}} + update_id: 'state' + fingerprint_name: 'etag' + - !ruby/object:Api::Type::String + name: 'secret' + output: true + description: | + HMAC secret key material. + - !ruby/object:Api::Type::String + name: 'accessId' + output: true + description: | + The access ID of the HMAC Key. + - !ruby/object:Api::Type::String + name: 'id' + output: true + description: | + The ID of the HMAC key, including the Project ID and the Access ID. + - !ruby/object:Api::Type::Time + name: 'timeCreated' + output: true + description: | + 'The creation time of the HMAC key in RFC 3339 format. ' + - !ruby/object:Api::Type::Time + name: 'updated' + output: true + description: | + 'The last modification time of the HMAC key metadata in RFC 3339 format.' + diff --git a/mmv1/products/storage/Object.yaml b/mmv1/products/storage/Object.yaml new file mode 100644 index 000000000000..4c2b4d8ed7f2 --- /dev/null +++ b/mmv1/products/storage/Object.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Object' +base_url: b/{{bucket}}/o +self_link: b/{{bucket}}/o/{{object}} +collection_url_key: items +description: | + Information about an object stored in a GCS bucket +properties: + - !ruby/object:Api::Type::String + name: 'bucket' + description: 'The name of the bucket.' + required: true + - !ruby/object:Api::Type::String + name: 'object' + description: 'The name of the object.' + required: true + - !ruby/object:Api::Type::String + name: 'contentType' + description: | + The Content-Type of the object data. + + See https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types + for more information on possible Content-Types + - !ruby/object:Api::Type::String + name: 'crc32c' + description: 'CRC32c checksum.' + - !ruby/object:Api::Type::String + name: 'etag' + description: 'The object entity tag.' + - !ruby/object:Api::Type::Integer + name: 'generation' + description: 'The content generation of this object. Used for object versioning.' + - !ruby/object:Api::Type::String + name: 'id' + description: 'The ID of the object, including the bucket name, object name, and generation number.' + - !ruby/object:Api::Type::String + name: 'md5Hash' + description: 'MD5 hash of the data; encoded using base64.' + - !ruby/object:Api::Type::String + name: 'mediaLink' + description: 'Media download link.' + - !ruby/object:Api::Type::Integer + name: 'metageneration' + description: | + The version of the metadata for this object at this generation. Used for preconditions and for + detecting changes in metadata. A metageneration number is only meaningful in the context of a + particular generation of a particular object. + - !ruby/object:Api::Type::String + name: 'name' + description: 'The name of the object.' + - !ruby/object:Api::Type::Integer + name: 'size' + description: 'Content-Length of the data in bytes.' + - !ruby/object:Api::Type::String + name: 'storageClass' + description: 'Storage class of the object.' + - !ruby/object:Api::Type::Time + name: 'timeCreated' + description: 'The time this object was created.' + - !ruby/object:Api::Type::Time + name: 'timeDeleted' + description: | + The time this object was deleted. Returned if and only if this version of the object is no longer + a live version, but remains in the bucket as a noncurrent version. + - !ruby/object:Api::Type::Time + name: timeStorageClassUpdated + description: The time at which the object's storage class was last changed. + - !ruby/object:Api::Type::Time + name: timeUpdated + api_name: updated + description: The modification time of the object metadata. diff --git a/mmv1/products/storage/ObjectAccessControl.yaml b/mmv1/products/storage/ObjectAccessControl.yaml new file mode 100644 index 000000000000..3152d747182b --- /dev/null +++ b/mmv1/products/storage/ObjectAccessControl.yaml @@ -0,0 +1,102 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'ObjectAccessControl' +kind: 'storage#objectAccessControl' +base_url: b/{{bucket}}/o/{{%object}}/acl +self_link: b/{{bucket}}/o/{{%object}}/acl/{{entity}} +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists' + api: 'https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls' +description: | + The ObjectAccessControls resources represent the Access Control Lists + (ACLs) for objects within Google Cloud Storage. ACLs let you specify + who has access to your data and to what extent. + + There are two roles that can be assigned to an entity: + + READERs can get an object, though the acl property will not be revealed. + OWNERs are READERs, and they can get the acl property, update an object, + and call all objectAccessControls methods on the object. The owner of an + object is always an OWNER. + For more information, see Access Control, with the caveat that this API + uses READER and OWNER instead of READ and FULL_CONTROL. +properties: + - !ruby/object:Api::Type::ResourceRef + name: 'bucket' + resource: 'Bucket' + imports: 'name' + description: 'The name of the bucket.' + required: true + - !ruby/object:Api::Type::String + name: 'domain' + description: 'The domain associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'email' + description: 'The email address associated with the entity.' + output: true + - !ruby/object:Api::Type::String + name: 'entity' + required: true + description: | + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + - !ruby/object:Api::Type::String + name: 'entityId' + output: true + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + - !ruby/object:Api::Type::Integer + name: 'generation' + description: 'The content generation of the object, if applied to an object.' + output: true + - !ruby/object:Api::Type::String + name: 'id' + description: 'The ID of the access-control entry.' + output: true + - !ruby/object:Api::Type::String + name: 'object' + description: 'The name of the object, if applied to an object.' + required: true + - !ruby/object:Api::Type::NestedObject + name: 'projectTeam' + description: 'The project team associated with the entity' + output: true + properties: + - !ruby/object:Api::Type::String + name: 'projectNumber' + description: 'The project team associated with the entity' + - !ruby/object:Api::Type::Enum + name: 'team' + description: 'The team.' + values: + - :editors + - :owners + - :viewers + - !ruby/object:Api::Type::Enum + name: 'role' + description: 'The access permission for the entity.' + required: true + values: + - :OWNER + - :READER diff --git a/mmv1/products/storage/api.yaml b/mmv1/products/storage/api.yaml deleted file mode 100644 index 4c700066e73d..000000000000 --- a/mmv1/products/storage/api.yaml +++ /dev/null @@ -1,905 +0,0 @@ -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Storage -display_name: Cloud Storage -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://storage.googleapis.com/storage/v1/ -scopes: - - https://www.googleapis.com/auth/devstorage.full_control -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Google Cloud Storage - url: https://console.cloud.google.com/apis/library/storage-component.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Bucket' - kind: 'storage#bucket' - base_url: b?project={{project}} - self_link: b/{{name}}?projection=full - collection_url_key: items - description: | - The Buckets resource represents a bucket in Google Cloud Storage. There is - a single global namespace shared by all buckets. For more information, see - Bucket Name Requirements. - - Buckets contain objects which can be accessed by their own methods. In - addition to the acl property, buckets contain bucketAccessControls, for - use in fine-grained manipulation of an existing bucket's access controls. - - A bucket is always owned by the project team owners group. - iam_policy: !ruby/object:Api::Resource::IamPolicy - exclude_validator: true - allowed_iam_role: 'roles/storage.objectViewer' - admin_iam_role: 'roles/storage.admin' - parent_resource_attribute: 'bucket' - base_url: 'b/{{name}}' - import_format: ['b/{{name}}', '{{name}}'] - iam_conditions_request_type: :QUERY_PARAM - fetch_iam_policy_method: 'iam' - set_iam_policy_method: 'iam' - set_iam_policy_verb: :PUT - wrapped_policy_obj: false - custom_diff_suppress: 'templates/terraform/iam/storage_bucket_diff_suppress.go.erb' - properties: - - !ruby/object:Api::Type::Array - name: 'acl' - item_type: Api::Type::String - description: 'Access controls on the bucket.' - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'bucket' - resource: 'Bucket' - imports: 'name' - description: 'The name of the bucket.' - required: true - - !ruby/object:Api::Type::String - name: 'domain' - description: 'The domain associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'email' - description: 'The email address associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'entity' - description: | - The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. - required: true - - !ruby/object:Api::Type::String - name: 'entityId' - description: 'The ID for the entity' - # | 'etag' is not applicable for state convergence. - - !ruby/object:Api::Type::String - name: 'id' - description: 'The ID of the access-control entry.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'projectTeam' - description: 'The project team associated with the entity' - properties: - - !ruby/object:Api::Type::String - name: 'projectNumber' - description: 'The project team associated with the entity' - - !ruby/object:Api::Type::Enum - name: 'team' - description: 'The team.' - values: - - :editors - - :owners - - :viewers - - !ruby/object:Api::Type::Enum - name: 'role' - description: 'The access permission for the entity.' - values: - - :OWNER - - :READER - - :WRITER - - !ruby/object:Api::Type::Array - name: 'cors' - description: | - The bucket's Cross-Origin Resource Sharing (CORS) configuration. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: 'maxAgeSeconds' - description: | - The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - - !ruby/object:Api::Type::Array - name: 'method' - description: | - The list of HTTP methods on which to include CORS response - headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the - list of methods, and means "any method". - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'origin' - description: | - The list of Origins eligible to receive CORS response headers. - Note: "*" is permitted in the list of origins, and means "any - Origin". - item_type: Api::Type::String - - !ruby/object:Api::Type::Array - name: 'responseHeader' - description: | - The list of HTTP headers other than the simple response headers - to give permission for the user-agent to share across domains. - item_type: Api::Type::String - - !ruby/object:Api::Type::Boolean - name: 'defaultEventBasedHold' - description: | - Whether or not to automatically apply an eventBasedHold to new objects - added to the bucket. - - !ruby/object:Api::Type::Array - name: 'defaultObjectAcl' - description: | - Default access controls to apply to new objects when no ACL is - provided. - input: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'bucket' - resource: 'Bucket' - imports: 'name' - description: 'The name of the bucket.' - required: true - - !ruby/object:Api::Type::String - name: 'domain' - description: 'The domain associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'email' - description: 'The email address associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'entity' - required: true - description: | - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers - - !ruby/object:Api::Type::String - name: 'entityId' - output: true - description: 'The ID for the entity' - # | 'etag' is not applicable for state convergence. - - !ruby/object:Api::Type::Integer - name: 'generation' - description: 'The content generation of the object, if applied to an object.' - output: true - - !ruby/object:Api::Type::String - name: 'id' - description: 'The ID of the access-control entry.' - output: true - - !ruby/object:Api::Type::String - name: 'object' - description: 'The name of the object, if applied to an object.' - required: false - - !ruby/object:Api::Type::NestedObject - name: 'projectTeam' - description: 'The project team associated with the entity' - output: true - properties: - - !ruby/object:Api::Type::String - name: 'projectNumber' - description: 'The project team associated with the entity' - - !ruby/object:Api::Type::Enum - name: 'team' - description: 'The team.' - values: - - :editors - - :owners - - :viewers - - !ruby/object:Api::Type::Enum - name: 'role' - description: 'The access permission for the entity.' - required: true - values: - - :OWNER - - :READER - # | 'etag' is not applicable for state convergence. - - !ruby/object:Api::Type::String - name: 'id' - description: | - The ID of the bucket. For buckets, the id and name properities are the - same. - output: true - - !ruby/object:Api::Type::NestedObject - name: 'lifecycle' - description: | - The bucket's lifecycle configuration. - - See https://developers.google.com/storage/docs/lifecycle for more - information. - properties: - - !ruby/object:Api::Type::Array - name: 'rule' - description: | - A lifecycle management rule, which is made of an action to take - and the condition(s) under which the action will be taken. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::NestedObject - name: 'action' - description: 'The action to take.' - properties: - - !ruby/object:Api::Type::String - name: 'storageClass' - description: | - Target storage class. Required iff the type of the - action is SetStorageClass. - - !ruby/object:Api::Type::Enum - name: 'type' - description: | - Type of the action. Currently, only Delete and - SetStorageClass are supported. - values: - - 'Delete' - - 'SetStorageClass' - - !ruby/object:Api::Type::NestedObject - name: 'condition' - description: | - The condition(s) under which the action will be taken. - properties: - - !ruby/object:Api::Type::Integer - name: 'ageDays' - api_name: 'age' - description: | - Age of an object (in days). This condition is satisfied - when an object reaches the specified age. - - !ruby/object:Api::Type::Time - name: 'createdBefore' - description: | - A date in RFC 3339 format with only the date part (for - instance, "2013-01-15"). This condition is satisfied - when an object is created before midnight of the - specified date in UTC. - - !ruby/object:Api::Type::Time - name: 'customTimeBefore' - description: | - A date in the RFC 3339 format YYYY-MM-DD. This condition - is satisfied when the customTime metadata for the object - is set to an earlier date than the date used in - this lifecycle condition. - - !ruby/object:Api::Type::Integer - name: 'daysSinceCustomTime' - description: | - Days since the date set in the customTime metadata for the - object. This condition is satisfied when the current date - and time is at least the specified number of days after - the customTime. - - !ruby/object:Api::Type::Integer - name: 'daysSinceNoncurrentTime' - description: | - Relevant only for versioned objects. This condition is - satisfied when an object has been noncurrent for more than - the specified number of days. - - !ruby/object:Api::Type::Boolean - name: 'isLive' - description: | - Relevant only for versioned objects. If the value is - true, this condition matches live objects; if the value - is false, it matches archived objects. - - !ruby/object:Api::Type::Array - name: 'matchesStorageClass' - description: | - Objects having any of the storage classes specified by - this condition will be matched. Values include - MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, - STANDARD, and DURABLE_REDUCED_AVAILABILITY. - item_type: Api::Type::String - - !ruby/object:Api::Type::Time - name: 'noncurrentTimeBefore' - description: | - Relevant only for versioned objects. A date in the - RFC 3339 format YYYY-MM-DD. This condition is satisfied - for objects that became noncurrent on a date prior to the - one specified in this condition. - - !ruby/object:Api::Type::Integer - name: 'numNewerVersions' - description: | - Relevant only for versioned objects. If the value is N, - this condition is satisfied when there are at least N - versions (including the live version) newer than this - version of the object. - - !ruby/object:Api::Type::String - name: 'location' - description: | - The location of the bucket. Object data for objects in the bucket - resides in physical storage within this region. Defaults to US. See - the developer's guide for the authoritative list. - - !ruby/object:Api::Type::NestedObject - name: 'logging' - description: | - The bucket's logging configuration, which defines the destination - bucket and optional name prefix for the current bucket's logs. - properties: - - !ruby/object:Api::Type::String - name: 'logBucket' - description: | - The destination bucket where the current bucket's logs should be - placed. - - !ruby/object:Api::Type::String - name: 'logObjectPrefix' - description: 'A prefix for log object names.' - - !ruby/object:Api::Type::Integer - name: 'metageneration' - description: 'The metadata generation of this bucket.' - - !ruby/object:Api::Type::String - name: 'name' - description: 'The name of the bucket' - - !ruby/object:Api::Type::NestedObject - name: 'owner' - description: | - The owner of the bucket. This is always the project team's owner - group. - properties: - - !ruby/object:Api::Type::String - name: 'entity' - description: 'The entity, in the form project-owner-projectId.' - - !ruby/object:Api::Type::String - name: 'entityId' - description: 'The ID for the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'projectNumber' - description: 'The project number of the project the bucket belongs to.' - output: true - - !ruby/object:Api::Type::Enum - name: 'storageClass' - description: | - The bucket's default storage class, used whenever no storageClass is - specified for a newly-created object. This defines how objects in the - bucket are stored and determines the SLA and the cost of storage. - Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, - COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is - not specified when the bucket is created, it will default to - STANDARD. For more information, see storage classes. - values: - - :MULTI_REGIONAL - - :REGIONAL - - :STANDARD - - :NEARLINE - - :COLDLINE - - :ARCHIVE - - :DURABLE_REDUCED_AVAILABILITY - - !ruby/object:Api::Type::Time - name: 'timeCreated' - description: 'The creation time of the bucket in RFC 3339 format.' - output: true - - !ruby/object:Api::Type::Time - name: 'updated' - description: 'The modification time of the bucket in RFC 3339 format.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'versioning' - description: "The bucket's versioning configuration." - properties: - - !ruby/object:Api::Type::Boolean - name: 'enabled' - description: | - While set to true, versioning is fully enabled for this bucket. - - !ruby/object:Api::Type::NestedObject - name: 'website' - description: | - The bucket's website configuration, controlling how the service - behaves when accessing bucket contents as a web site. See the Static - Website Examples for more information. - properties: - - !ruby/object:Api::Type::String - name: 'mainPageSuffix' - description: | - If the requested object path is missing, the service will ensure - the path has a trailing '/', append this suffix, and attempt to - retrieve the resulting object. This allows the creation of - index.html objects to represent directory pages. - - !ruby/object:Api::Type::String - name: 'notFoundPage' - description: | - If the requested object path is missing, and any mainPageSuffix - object is missing, if applicable, the service will return the - named object from this bucket as the content for a 404 Not Found - result. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - Labels applied to this bucket. A list of key->value pairs. - - !ruby/object:Api::Type::NestedObject - name: 'encryption' - description: | - Encryption configuration for the bucket - properties: - - !ruby/object:Api::Type::String - name: 'defaultKmsKeyName' - description: | - A Cloud KMS key that will be used to encrypt objects inserted into this bucket, - if no encryption method is specified. - - !ruby/object:Api::Type::NestedObject - name: 'retentionPolicy' - description: | - Retention policy for the bucket - properties: - - !ruby/object:Api::Type::Time - name: 'effectiveTime' - description: | - The time from which the retention policy was effective - - !ruby/object:Api::Type::Boolean - name: 'isLocked' - description: | - If the retention policy is locked. If true, the retention policy cannot be removed and the period cannot - be reduced. - - !ruby/object:Api::Type::Integer - name: 'retentionPeriod' - description: | - The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, - overwritten, or made noncurrent. - parameters: - - !ruby/object:Api::Type::String - name: 'project' - description: 'A valid API project identifier.' - input: true - - !ruby/object:Api::Type::Enum - name: 'predefinedDefaultObjectAcl' - description: | - Apply a predefined set of default object access controls to this - bucket. - - Acceptable values are: - - "authenticatedRead": Object owner gets OWNER access, and - allAuthenticatedUsers get READER access. - - "bucketOwnerFullControl": Object owner gets OWNER access, and - project team owners get OWNER access. - - "bucketOwnerRead": Object owner gets OWNER access, and project - team owners get READER access. - - "private": Object owner gets OWNER access. - - "projectPrivate": Object owner gets OWNER access, and project team - members get access according to their roles. - - "publicRead": Object owner gets OWNER access, and allUsers get - READER access. - values: - - :authenticatedRead - - :bucketOwnerFullControl - - :bucketOwnerRead - - :private - - :projectPrivate - - :publicRead - input: true - - !ruby/object:Api::Resource - name: 'BucketAccessControl' - kind: 'storage#bucketAccessControl' - base_url: b/{{bucket}}/acl - self_link: b/{{bucket}}/acl/{{entity}} - collection_url_key: items - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/lists' - api: 'https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls' - description: | - The BucketAccessControls resource represents the Access Control Lists - (ACLs) for buckets within Google Cloud Storage. ACLs let you specify who - has access to your data and to what extent. - - There are three roles that can be assigned to an entity: - - READERs can get the bucket, though no acl property will be returned, and - list the bucket's objects. WRITERs are READERs, and they can insert - objects into the bucket and delete the bucket's objects. OWNERs are - WRITERs, and they can get the acl property of a bucket, update a bucket, - and call all BucketAccessControls methods on the bucket. For more - information, see Access Control, with the caveat that this API uses - READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL. - identity: - - entity - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'bucket' - resource: 'Bucket' - imports: 'name' - description: 'The name of the bucket.' - required: true - input: true - - !ruby/object:Api::Type::String - name: 'domain' - description: 'The domain associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'email' - description: 'The email address associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'entity' - description: | - The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. - required: true - input: true - - !ruby/object:Api::Type::String - name: 'entityId' - description: 'The ID for the entity' - output: true - # | 'etag' is not applicable for state convergence. - - !ruby/object:Api::Type::String - name: 'id' - description: 'The ID of the access-control entry.' - output: true - - !ruby/object:Api::Type::NestedObject - name: 'projectTeam' - description: 'The project team associated with the entity' - output: true - properties: - - !ruby/object:Api::Type::String - name: 'projectNumber' - description: 'The project team associated with the entity' - - !ruby/object:Api::Type::Enum - name: 'team' - description: 'The team.' - values: - - :editors - - :owners - - :viewers - - !ruby/object:Api::Type::Enum - name: 'role' - description: 'The access permission for the entity.' - values: - - :OWNER - - :READER - - :WRITER - - !ruby/object:Api::Resource - name: 'ObjectAccessControl' - kind: 'storage#objectAccessControl' - base_url: b/{{bucket}}/o/{{%object}}/acl - self_link: b/{{bucket}}/o/{{%object}}/acl/{{entity}} - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists' - api: 'https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls' - description: | - The ObjectAccessControls resources represent the Access Control Lists - (ACLs) for objects within Google Cloud Storage. ACLs let you specify - who has access to your data and to what extent. - - There are two roles that can be assigned to an entity: - - READERs can get an object, though the acl property will not be revealed. - OWNERs are READERs, and they can get the acl property, update an object, - and call all objectAccessControls methods on the object. The owner of an - object is always an OWNER. - For more information, see Access Control, with the caveat that this API - uses READER and OWNER instead of READ and FULL_CONTROL. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'bucket' - resource: 'Bucket' - imports: 'name' - description: 'The name of the bucket.' - required: true - - !ruby/object:Api::Type::String - name: 'domain' - description: 'The domain associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'email' - description: 'The email address associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'entity' - required: true - description: | - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers - - !ruby/object:Api::Type::String - name: 'entityId' - output: true - description: 'The ID for the entity' - # | 'etag' is not applicable for state convergence. - - !ruby/object:Api::Type::Integer - name: 'generation' - description: 'The content generation of the object, if applied to an object.' - output: true - - !ruby/object:Api::Type::String - name: 'id' - description: 'The ID of the access-control entry.' - output: true - - !ruby/object:Api::Type::String - name: 'object' - description: 'The name of the object, if applied to an object.' - required: true - - !ruby/object:Api::Type::NestedObject - name: 'projectTeam' - description: 'The project team associated with the entity' - output: true - properties: - - !ruby/object:Api::Type::String - name: 'projectNumber' - description: 'The project team associated with the entity' - - !ruby/object:Api::Type::Enum - name: 'team' - description: 'The team.' - values: - - :editors - - :owners - - :viewers - - !ruby/object:Api::Type::Enum - name: 'role' - description: 'The access permission for the entity.' - required: true - values: - - :OWNER - - :READER - - !ruby/object:Api::Resource - name: 'DefaultObjectACL' - kind: 'storage#objectAccessControl' - base_url: b/{{bucket}}/defaultObjectAcl - self_link: b/{{bucket}}/defaultObjectAcl/{{entity}} - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists' - api: 'https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls' - description: | - The DefaultObjectAccessControls resources represent the Access Control - Lists (ACLs) applied to a new object within a Google Cloud Storage bucket - when no ACL was provided for that object. ACLs let you specify who has - access to your bucket contents and to what extent. - - There are two roles that can be assigned to an entity: - - READERs can get an object, though the acl property will not be revealed. - OWNERs are READERs, and they can get the acl property, update an object, - and call all objectAccessControls methods on the object. The owner of an - object is always an OWNER. - For more information, see Access Control, with the caveat that this API - uses READER and OWNER instead of READ and FULL_CONTROL. - properties: - - !ruby/object:Api::Type::ResourceRef - name: 'bucket' - resource: 'Bucket' - imports: 'name' - description: 'The name of the bucket.' - required: true - - !ruby/object:Api::Type::String - name: 'domain' - description: 'The domain associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'email' - description: 'The email address associated with the entity.' - output: true - - !ruby/object:Api::Type::String - name: 'entity' - required: true - description: | - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers - - !ruby/object:Api::Type::String - name: 'entityId' - output: true - description: 'The ID for the entity' - # | 'etag' is not applicable for state convergence. - - !ruby/object:Api::Type::Integer - name: 'generation' - description: 'The content generation of the object, if applied to an object.' - output: true - - !ruby/object:Api::Type::String - name: 'id' - description: 'The ID of the access-control entry.' - output: true - - !ruby/object:Api::Type::String - name: 'object' - description: 'The name of the object, if applied to an object.' - required: false - - !ruby/object:Api::Type::NestedObject - name: 'projectTeam' - description: 'The project team associated with the entity' - output: true - properties: - - !ruby/object:Api::Type::String - name: 'projectNumber' - description: 'The project team associated with the entity' - - !ruby/object:Api::Type::Enum - name: 'team' - description: 'The team.' - values: - - :editors - - :owners - - :viewers - - !ruby/object:Api::Type::Enum - name: 'role' - description: 'The access permission for the entity.' - required: true - values: - - :OWNER - - :READER - - !ruby/object:Api::Resource - name: 'Object' - base_url: b/{{bucket}}/o - self_link: b/{{bucket}}/o/{{object}} - collection_url_key: items - description: | - Information about an object stored in a GCS bucket - properties: - - !ruby/object:Api::Type::String - name: 'bucket' - description: 'The name of the bucket.' - required: true - - !ruby/object:Api::Type::String - name: 'object' - description: 'The name of the object.' - required: true - - !ruby/object:Api::Type::String - name: 'contentType' - description: | - The Content-Type of the object data. - - See https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types - for more information on possible Content-Types - - !ruby/object:Api::Type::String - name: 'crc32c' - description: 'CRC32c checksum.' - - !ruby/object:Api::Type::String - name: 'etag' - description: 'The object entity tag.' - - !ruby/object:Api::Type::Integer - name: 'generation' - description: 'The content generation of this object. Used for object versioning.' - - !ruby/object:Api::Type::String - name: 'id' - description: 'The ID of the object, including the bucket name, object name, and generation number.' - - !ruby/object:Api::Type::String - name: 'md5Hash' - description: 'MD5 hash of the data; encoded using base64.' - - !ruby/object:Api::Type::String - name: 'mediaLink' - description: 'Media download link.' - - !ruby/object:Api::Type::Integer - name: 'metageneration' - description: | - The version of the metadata for this object at this generation. Used for preconditions and for - detecting changes in metadata. A metageneration number is only meaningful in the context of a - particular generation of a particular object. - - !ruby/object:Api::Type::String - name: 'name' - description: 'The name of the object.' - - !ruby/object:Api::Type::Integer - name: 'size' - description: 'Content-Length of the data in bytes.' - - !ruby/object:Api::Type::String - name: 'storageClass' - description: 'Storage class of the object.' - - !ruby/object:Api::Type::Time - name: 'timeCreated' - description: 'The time this object was created.' - - !ruby/object:Api::Type::Time - name: 'timeDeleted' - description: | - The time this object was deleted. Returned if and only if this version of the object is no longer - a live version, but remains in the bucket as a noncurrent version. - - !ruby/object:Api::Type::Time - name: timeStorageClassUpdated - description: The time at which the object's storage class was last changed. - - !ruby/object:Api::Type::Time - name: timeUpdated - api_name: updated - description: The modification time of the object metadata. - - !ruby/object:Api::Resource - name: 'HmacKey' - kind: 'storage#hmacKey' - base_url: projects/{{project}}/hmacKeys - create_url: projects/{{project}}/hmacKeys?serviceAccountEmail={{serviceAccountEmail}} - self_link: projects/{{project}}/hmacKeys/{{accessId}} - # technically updatable, but implemented as custom update for new fingerprint support - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys' - api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys' - description: | - The hmacKeys resource represents an HMAC key within Cloud Storage. The resource - consists of a secret and HMAC key metadata. HMAC keys can be used as credentials - for service accounts. - properties: - - !ruby/object:Api::Type::String - name: 'serviceAccountEmail' - description: | - The email address of the key's associated service account. - required: true - - !ruby/object:Api::Type::Enum - name: 'state' - description: | - The state of the key. Can be set to one of ACTIVE, INACTIVE. - default_value: :ACTIVE - values: - - :ACTIVE - - :INACTIVE - # - :DELETED (not directly settable) - update_verb: :PUT - update_url: projects/{{project}}/hmacKeys/{{accessId}} - update_id: 'state' - fingerprint_name: 'etag' - - !ruby/object:Api::Type::String - name: 'secret' - output: true - description: | - HMAC secret key material. - - !ruby/object:Api::Type::String - name: 'accessId' - output: true - description: | - The access ID of the HMAC Key. - - !ruby/object:Api::Type::String - name: 'id' - output: true - description: | - The ID of the HMAC key, including the Project ID and the Access ID. - - !ruby/object:Api::Type::Time - name: 'timeCreated' - output: true - description: | - 'The creation time of the HMAC key in RFC 3339 format. ' - - !ruby/object:Api::Type::Time - name: 'updated' - output: true - description: | - 'The last modification time of the HMAC key metadata in RFC 3339 format.' diff --git a/mmv1/products/storage/product.yaml b/mmv1/products/storage/product.yaml new file mode 100644 index 000000000000..4d380b12ef79 --- /dev/null +++ b/mmv1/products/storage/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Storage +display_name: Cloud Storage +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://storage.googleapis.com/storage/v1/ +scopes: + - https://www.googleapis.com/auth/devstorage.full_control +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Google Cloud Storage + url: https://console.cloud.google.com/apis/library/storage-component.googleapis.com/ diff --git a/mmv1/products/storagetransfer/AgentPool.yaml b/mmv1/products/storagetransfer/AgentPool.yaml new file mode 100644 index 000000000000..d564f6c4be04 --- /dev/null +++ b/mmv1/products/storagetransfer/AgentPool.yaml @@ -0,0 +1,63 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'AgentPool' +description: 'Represents an On-Premises Agent pool.' +base_url: 'projects/{{project}}/agentPools' +self_link: 'projects/{{project}}/agentPools/{{name}}' +create_url: 'projects/{{project}}/agentPools?agentPoolId={{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/storage-transfer/docs/on-prem-agent-pools' + api: 'https://cloud.google.com/storage-transfer/docs/reference/rest/v1/projects.agentPools' +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + The ID of the agent pool to create. + + The agentPoolId must meet the following requirements: + * Length of 128 characters or less. + * Not start with the string goog. + * Start with a lowercase ASCII character, followed by: + * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~). + * One or more numerals or lowercase ASCII characters. + + As expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$. + immutable: true + required: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: 'Specifies the client-specified AgentPool description.' + - !ruby/object:Api::Type::Enum + name: 'state' + description: 'Specifies the state of the AgentPool.' + output: true + values: + - :CREATING + - :CREATED + - :DELETING + - !ruby/object:Api::Type::NestedObject + name: 'bandwidthLimit' + description: | + Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'. + properties: + - !ruby/object:Api::Type::String + name: 'limitMbps' + description: 'Bandwidth rate in megabytes per second, distributed across all the agents in the pool.' + required: true diff --git a/mmv1/products/storagetransfer/api.yaml b/mmv1/products/storagetransfer/api.yaml deleted file mode 100644 index 05222a3a5543..000000000000 --- a/mmv1/products/storagetransfer/api.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: StorageTransfer -display_name: Storage Transfer Service -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://storagetransfer.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Storage Transfer API - url: https://console.cloud.google.com/apis/library/storagetransfer.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'AgentPool' - description: 'Represents an On-Premises Agent pool.' - base_url: 'projects/{{project}}/agentPools' - self_link: 'projects/{{project}}/agentPools/{{name}}' - create_url: 'projects/{{project}}/agentPools?agentPoolId={{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/storage-transfer/docs/on-prem-agent-pools' - api: 'https://cloud.google.com/storage-transfer/docs/reference/rest/v1/projects.agentPools' - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - The ID of the agent pool to create. - - The agentPoolId must meet the following requirements: - * Length of 128 characters or less. - * Not start with the string goog. - * Start with a lowercase ASCII character, followed by: - * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~). - * One or more numerals or lowercase ASCII characters. - - As expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$. - input: true - required: true - url_param_only: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: 'Specifies the client-specified AgentPool description.' - - !ruby/object:Api::Type::Enum - name: 'state' - description: 'Specifies the state of the AgentPool.' - output: true - values: - - :CREATING - - :CREATED - - :DELETING - - !ruby/object:Api::Type::NestedObject - name: 'bandwidthLimit' - description: | - Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'. - properties: - - !ruby/object:Api::Type::String - name: 'limitMbps' - description: 'Bandwidth rate in megabytes per second, distributed across all the agents in the pool.' - required: true \ No newline at end of file diff --git a/mmv1/products/storagetransfer/product.yaml b/mmv1/products/storagetransfer/product.yaml new file mode 100644 index 000000000000..31709ea7c94c --- /dev/null +++ b/mmv1/products/storagetransfer/product.yaml @@ -0,0 +1,26 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: StorageTransfer +display_name: Storage Transfer Service +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://storagetransfer.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Storage Transfer API + url: https://console.cloud.google.com/apis/library/storagetransfer.googleapis.com/ diff --git a/mmv1/products/tags/TagBinding.yaml b/mmv1/products/tags/TagBinding.yaml new file mode 100644 index 000000000000..069bb52abaae --- /dev/null +++ b/mmv1/products/tags/TagBinding.yaml @@ -0,0 +1,44 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TagBinding' +base_url: tagBindings +self_link: "tagBindings/?parent={{parent}}&pageSize=300" +delete_url: "tagBindings/{{name}}" +nested_query: !ruby/object:Api::Resource::NestedQuery + keys: ['tagBindings'] +immutable: true +description: A TagBinding represents a connection between a TagValue and a cloud resource (currently project, folder, or organization). Once a TagBinding is created, the TagValue is applied to all the descendants of the cloud resource. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing' + api: 'https://cloud.google.com/resource-manager/reference/rest/v3/tagBindings' +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The generated id for the TagBinding. This is a string of the form: `tagBindings/{full-resource-name}/{tag-value-name}` + output: true + - !ruby/object:Api::Type::String + name: parent + description: | + The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123 + required: true + - !ruby/object:Api::Type::String + name: tagValue + description: | + The TagValue of the TagBinding. Must be of the form tagValues/456. + required: true + diff --git a/mmv1/products/tags/TagKey.yaml b/mmv1/products/tags/TagKey.yaml new file mode 100644 index 000000000000..af853d5d2abe --- /dev/null +++ b/mmv1/products/tags/TagKey.yaml @@ -0,0 +1,89 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TagKey' +base_url: tagKeys +self_link: "tagKeys/{{name}}" +update_verb: :PATCH +update_mask: true +description: A TagKey, used to group a set of TagValues. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing' + api: 'https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'tag_key' + fetch_iam_policy_verb: :POST +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The generated numeric id for the TagKey. + output: true + - !ruby/object:Api::Type::String + name: parent + description: | + Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id}. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: shortName + description: | + Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: namespacedName + description: | + Output only. Namespaced name of the TagKey. + output: true + - !ruby/object:Api::Type::String + name: description + description: | + User-assigned description of the TagKey. Must not exceed 256 characters. + - !ruby/object:Api::Type::String + name: createTime + description: | + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::String + name: updateTime + description: | + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::Enum + name: purpose + description: | + Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. + values: + - :GCE_FIREWALL + immutable: true + - !ruby/object:Api::Type::KeyValuePairs + name: purposeData + description: | + Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: `network = "/"`. + immutable: true + diff --git a/mmv1/products/tags/TagValue.yaml b/mmv1/products/tags/TagValue.yaml new file mode 100644 index 000000000000..7502ca96d9b9 --- /dev/null +++ b/mmv1/products/tags/TagValue.yaml @@ -0,0 +1,71 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'TagValue' +base_url: tagValues +self_link: "tagValues/{{name}}" +update_verb: :PATCH +update_mask: true +description: A TagValue is a child of a particular TagKey. TagValues are used to group cloud resources for the purpose of controlling them using policies. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing' + api: 'https://cloud.google.com/resource-manager/reference/rest/v3/tagValues' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + parent_resource_attribute: 'tag_value' + fetch_iam_policy_verb: :POST +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The generated numeric id for the TagValue. + output: true + - !ruby/object:Api::Type::String + name: parent + description: | + Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: shortName + description: | + Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + immutable: true + required: true + - !ruby/object:Api::Type::String + name: namespacedName + description: | + Output only. Namespaced name of the TagValue. Will be in the format {organizationId}/{tag_key_short_name}/{shortName}. + output: true + - !ruby/object:Api::Type::String + name: description + description: | + User-assigned description of the TagValue. Must not exceed 256 characters. + - !ruby/object:Api::Type::String + name: createTime + description: | + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - !ruby/object:Api::Type::String + name: updateTime + description: | + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true diff --git a/mmv1/products/tags/api.yaml b/mmv1/products/tags/api.yaml deleted file mode 100644 index 3135279fb33d..000000000000 --- a/mmv1/products/tags/api.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Copyright 2021 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Tags -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://cloudresourcemanager.googleapis.com/v3/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://cloudresourcemanager.googleapis.com/v3/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'TagKey' - base_url: tagKeys - self_link: "tagKeys/{{name}}" - update_verb: :PATCH - update_mask: true - description: A TagKey, used to group a set of TagValues. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing' - api: 'https://cloud.google.com/resource-manager/reference/rest/v3/tagKeys' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'tag_key' - fetch_iam_policy_verb: :POST - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The generated numeric id for the TagKey. - output: true - - !ruby/object:Api::Type::String - name: parent - description: | - Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id}. - input: true - required: true - - !ruby/object:Api::Type::String - name: shortName - description: | - Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - input: true - required: true - - !ruby/object:Api::Type::String - name: namespacedName - description: | - Output only. Namespaced name of the TagKey. - output: true - - !ruby/object:Api::Type::String - name: description - description: | - User-assigned description of the TagKey. Must not exceed 256 characters. - - !ruby/object:Api::Type::String - name: createTime - description: | - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::String - name: updateTime - description: | - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::Enum - name: purpose - description: | - Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. - values: - - :GCE_FIREWALL - input: true - - !ruby/object:Api::Type::KeyValuePairs - name: purposeData - description: | - Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: `network = "/"`. - input: true - - - !ruby/object:Api::Resource - name: 'TagValue' - base_url: tagValues - self_link: "tagValues/{{name}}" - update_verb: :PATCH - update_mask: true - description: A TagValue is a child of a particular TagKey. TagValues are used to group cloud resources for the purpose of controlling them using policies. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing' - api: 'https://cloud.google.com/resource-manager/reference/rest/v3/tagValues' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - parent_resource_attribute: 'tag_value' - fetch_iam_policy_verb: :POST - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The generated numeric id for the TagValue. - output: true - - !ruby/object:Api::Type::String - name: parent - description: | - Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}. - input: true - required: true - - !ruby/object:Api::Type::String - name: shortName - description: | - Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - input: true - required: true - - !ruby/object:Api::Type::String - name: namespacedName - description: | - Output only. Namespaced name of the TagValue. Will be in the format {organizationId}/{tag_key_short_name}/{shortName}. - output: true - - !ruby/object:Api::Type::String - name: description - description: | - User-assigned description of the TagValue. Must not exceed 256 characters. - - !ruby/object:Api::Type::String - name: createTime - description: | - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Type::String - name: updateTime - description: | - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - output: true - - !ruby/object:Api::Resource - name: 'TagBinding' - base_url: tagBindings - self_link: "tagBindings/?parent={{parent}}&pageSize=300" - delete_url: "tagBindings/{{name}}" - nested_query: !ruby/object:Api::Resource::NestedQuery - keys: ['tagBindings'] - input: true - description: A TagBinding represents a connection between a TagValue and a cloud resource (currently project, folder, or organization). Once a TagBinding is created, the TagValue is applied to all the descendants of the cloud resource. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing' - api: 'https://cloud.google.com/resource-manager/reference/rest/v3/tagBindings' - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The generated id for the TagBinding. This is a string of the form: `tagBindings/{full-resource-name}/{tag-value-name}` - output: true - - !ruby/object:Api::Type::String - name: parent - description: | - The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123 - required: true - - !ruby/object:Api::Type::String - name: tagValue - description: | - The TagValue of the TagBinding. Must be of the form tagValues/456. - required: true diff --git a/mmv1/products/tags/product.yaml b/mmv1/products/tags/product.yaml new file mode 100644 index 000000000000..862e9687328c --- /dev/null +++ b/mmv1/products/tags/product.yaml @@ -0,0 +1,41 @@ +# Copyright 2021 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Tags +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://cloudresourcemanager.googleapis.com/v3/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://cloudresourcemanager.googleapis.com/v3/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/tags/terraform.yaml b/mmv1/products/tags/terraform.yaml index 6929d5ce6e79..162609822038 100644 --- a/mmv1/products/tags/terraform.yaml +++ b/mmv1/products/tags/terraform.yaml @@ -32,7 +32,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides # This property expects input like: network = "/" or selfLinkWithId (selfLink is not supported) # However, the API response stored in Terraform state looks like: network = "https://www.googleapis.com/compute/v1/projects//global/networks/" # This results in persistent diffs, so we surpress them by using ignore_read. The API will reject incorrect references to non-existent or inaccessible VPCs. - # Since this property is configured as 'input: true', any modifications to this property will result in a forced replacement of the resource. + # Since this property is configured as 'immutable: true', any modifications to this property will result in a forced replacement of the resource. ignore_read: true examples: - !ruby/object:Provider::Terraform::Examples diff --git a/mmv1/products/tpu/Node.yaml b/mmv1/products/tpu/Node.yaml new file mode 100644 index 000000000000..15a1a5a3ecd9 --- /dev/null +++ b/mmv1/products/tpu/Node.yaml @@ -0,0 +1,135 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Node' +immutable: true +base_url: projects/{{project}}/locations/{{zone}}/nodes +create_url: projects/{{project}}/locations/{{zone}}/nodes?nodeId={{name}} +self_link: projects/{{project}}/locations/{{zone}}/nodes/{{name}} +description: | + A Cloud TPU instance. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/tpu/docs/' + api: 'https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.nodes' +parameters: + - !ruby/object:Api::Type::String # TODO: resourceref? + name: 'zone' + description: | + The GCP location for the TPU. If it is not provided, the provider zone is used. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + required: true + immutable: true + description: | + The immutable name of the TPU. + - !ruby/object:Api::Type::String + name: 'description' + immutable: true + description: | + The user-supplied description of the TPU. Maximum of 512 characters. + - !ruby/object:Api::Type::String + name: 'acceleratorType' + required: true + immutable: true + description: | + The type of hardware accelerators associated with this node. + - !ruby/object:Api::Type::String + name: 'tensorflowVersion' + required: true + update_url: 'projects/{{project}}/locations/{{zone}}/nodes/{{name}}:reimage' + update_verb: :POST + description: | + The version of Tensorflow running in the Node. + - !ruby/object:Api::Type::String + name: 'network' + immutable: true + description: | + The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + - !ruby/object:Api::Type::String + name: 'cidrBlock' + immutable: true + conflicts: + - use_service_networking + description: | + The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + - !ruby/object:Api::Type::String + name: 'serviceAccount' + output: true + description: | + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. + - !ruby/object:Api::Type::Boolean + name: 'useServiceNetworking' + description: | + Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. + immutable: true + default_value: false + conflicts: + - cidr_block + - !ruby/object:Api::Type::NestedObject + name: 'schedulingConfig' + immutable: true + description: | + Sets the scheduling options for this TPU instance. + properties: + - !ruby/object:Api::Type::Boolean + name: 'preemptible' + description: | + Defines whether the TPU instance is preemptible. + required: true + - !ruby/object:Api::Type::Array + name: 'networkEndpoints' + output: true + description: | + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'ipAddress' + output: true + description: | + The IP address of this network endpoint. + - !ruby/object:Api::Type::Integer + name: 'port' + output: true + description: | + The port of this network endpoint. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + immutable: true + description: Resource labels to represent user provided metadata. + diff --git a/mmv1/products/tpu/api.yaml b/mmv1/products/tpu/api.yaml deleted file mode 100644 index 25ec362224cd..000000000000 --- a/mmv1/products/tpu/api.yaml +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright 2018 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: TPU -display_name: Cloud TPU -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://tpu.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Node' - input: true - base_url: projects/{{project}}/locations/{{zone}}/nodes - create_url: projects/{{project}}/locations/{{zone}}/nodes?nodeId={{name}} - self_link: projects/{{project}}/locations/{{zone}}/nodes/{{name}} - description: | - A Cloud TPU instance. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/tpu/docs/' - api: 'https://cloud.google.com/tpu/docs/reference/rest/v1/projects.locations.nodes' - parameters: - - !ruby/object:Api::Type::String # TODO: resourceref? - name: 'zone' - description: | - The GCP location for the TPU. If it is not provided, the provider zone is used. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - required: true - input: true - description: | - The immutable name of the TPU. - - !ruby/object:Api::Type::String - name: 'description' - input: true - description: | - The user-supplied description of the TPU. Maximum of 512 characters. - - !ruby/object:Api::Type::String - name: 'acceleratorType' - required: true - input: true - description: | - The type of hardware accelerators associated with this node. - - !ruby/object:Api::Type::String - name: 'tensorflowVersion' - required: true - update_url: 'projects/{{project}}/locations/{{zone}}/nodes/{{name}}:reimage' - update_verb: :POST - description: | - The version of Tensorflow running in the Node. - - !ruby/object:Api::Type::String - name: 'network' - input: true - description: | - The name of a network to peer the TPU node to. It must be a - preexisting Compute Engine network inside of the project on which - this API has been activated. If none is provided, "default" will be - used. - - !ruby/object:Api::Type::String - name: 'cidrBlock' - input: true - conflicts: - - use_service_networking - description: | - The CIDR block that the TPU node will use when selecting an IP - address. This CIDR block must be a /29 block; the Compute Engine - networks API forbids a smaller block, and using a larger block would - be wasteful (a node can only consume one IP address). - - Errors will occur if the CIDR block has already been used for a - currently existing TPU node, the CIDR block conflicts with any - subnetworks in the user's provided network, or the provided network - is peered with another network that is using that CIDR block. - - !ruby/object:Api::Type::String - name: 'serviceAccount' - output: true - description: | - The service account used to run the tensor flow services within the - node. To share resources, including Google Cloud Storage data, with - the Tensorflow job running in the Node, this account must have - permissions to that data. - - !ruby/object:Api::Type::Boolean - name: 'useServiceNetworking' - description: | - Whether the VPC peering for the node is set up through Service Networking API. - The VPC Peering should be set up before provisioning the node. If this field is set, - cidr_block field should not be specified. If the network that you want to peer the - TPU Node to is a Shared VPC network, the node must be created with this this field enabled. - input: true - default_value: false - conflicts: - - cidr_block - - !ruby/object:Api::Type::NestedObject - name: 'schedulingConfig' - input: true - description: | - Sets the scheduling options for this TPU instance. - properties: - - !ruby/object:Api::Type::Boolean - name: 'preemptible' - description: | - Defines whether the TPU instance is preemptible. - required: true - - !ruby/object:Api::Type::Array - name: 'networkEndpoints' - output: true - description: | - The network endpoints where TPU workers can be accessed and sent work. - It is recommended that Tensorflow clients of the node first reach out - to the first (index 0) entry. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'ipAddress' - output: true - description: | - The IP address of this network endpoint. - - !ruby/object:Api::Type::Integer - name: 'port' - output: true - description: | - The port of this network endpoint. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - input: true - description: Resource labels to represent user provided metadata. diff --git a/mmv1/products/tpu/product.yaml b/mmv1/products/tpu/product.yaml new file mode 100644 index 000000000000..26f59b07bf1a --- /dev/null +++ b/mmv1/products/tpu/product.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: TPU +display_name: Cloud TPU +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://tpu.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/vertexai/Dataset.yaml b/mmv1/products/vertexai/Dataset.yaml new file mode 100644 index 000000000000..fc595f330457 --- /dev/null +++ b/mmv1/products/vertexai/Dataset.yaml @@ -0,0 +1,94 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Dataset +base_url: projects/{{project}}/locations/{{region}}/datasets +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.datasets' +async: !ruby/object:Api::OpAsync + actions: + - create + - delete + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: |- + A collection of DataItems and Annotations on them. +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the dataset. eg us-central1 + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The resource name of the Dataset. This value is set by Google. + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: | + The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the dataset was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp of when the dataset was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this Workflow. + - !ruby/object:Api::Type::NestedObject + name: 'encryptionSpec' + immutable: true + description: | + Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key. + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + immutable: true + - !ruby/object:Api::Type::String + name: 'metadataSchemaUri' + required: true + immutable: true + description: | + Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. diff --git a/mmv1/products/vertexai/Endpoint.yaml b/mmv1/products/vertexai/Endpoint.yaml new file mode 100644 index 000000000000..bb16870884c5 --- /dev/null +++ b/mmv1/products/vertexai/Endpoint.yaml @@ -0,0 +1,224 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Endpoint +base_url: projects/{{project}}/locations/{{location}}/endpoints +create_url: projects/{{project}}/locations/{{location}}/endpoints?endpointId={{name}} +self_link: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.endpoints' +async: !ruby/object:Api::OpAsync + actions: + - create + - delete + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: "Models are deployed into it, and afterwards Endpoint is called to obtain predictions and explanations." +parameters: + - !ruby/object:Api::Type::String + name: location + description: The location for the resource + url_param_only: true + required: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: name + description: The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits. + url_param_only: true + required: true + immutable: true + - !ruby/object:Api::Type::String + name: displayName + description: Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters. + required: true + - !ruby/object:Api::Type::String + name: description + description: The description of the Endpoint. + - !ruby/object:Api::Type::Array + name: deployedModels + description: Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + output: true + item_type: !ruby/object:Api::Type::NestedObject + name: deployedModels + description: Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + properties: + - !ruby/object:Api::Type::NestedObject + name: dedicatedResources + description: A description of resources that are dedicated to the DeployedModel, and that need a higher degree of manual configuration. + output: true + properties: + - !ruby/object:Api::Type::NestedObject + name: machineSpec + description: The specification of a single machine used by the prediction. + output: true + properties: + - !ruby/object:Api::Type::String + name: machineType + description: 'The type of the machine. See the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) See the [list of machine types supported for custom training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). For DeployedModel this field is optional, and the default value is `n1-standard-2`. For BatchPredictionJob or as part of WorkerPoolSpec this field is required. TODO(rsurowka): Try to better unify the required vs optional.' + output: true + - !ruby/object:Api::Type::String + name: acceleratorType + description: The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + output: true + - !ruby/object:Api::Type::Integer + name: acceleratorCount + description: The number of accelerators to attach to the machine. + output: true + - !ruby/object:Api::Type::Integer + name: minReplicaCount + description: The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed. + output: true + - !ruby/object:Api::Type::Integer + name: maxReplicaCount + description: The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type). + output: true + - !ruby/object:Api::Type::Array + name: autoscalingMetricSpecs + description: The metric specifications that overrides a resource utilization metric (CPU utilization, accelerator's duty cycle, and so on) target value (default to 60 if not set). At most one entry is allowed per metric. If machine_spec.accelerator_count is above 0, the autoscaling will be based on both CPU utilization and accelerator's duty cycle metrics and scale up when either metrics exceeds its target value while scale down if both metrics are under their target value. The default target value is 60 for both metrics. If machine_spec.accelerator_count is 0, the autoscaling will be based on CPU utilization metric only with default target value 60 if not explicitly set. For example, in the case of Online Prediction, if you want to override target CPU utilization to 80, you should set autoscaling_metric_specs.metric_name to `aiplatform.googleapis.com/prediction/online/cpu/utilization` and autoscaling_metric_specs.target to `80`. + output: true + item_type: !ruby/object:Api::Type::NestedObject + name: autoscalingMetricSpecs + description: The metric specifications that overrides a resource utilization metric (CPU utilization, accelerator's duty cycle, and so on) target value (default to 60 if not set). At most one entry is allowed per metric. If machine_spec.accelerator_count is above 0, the autoscaling will be based on both CPU utilization and accelerator's duty cycle metrics and scale up when either metrics exceeds its target value while scale down if both metrics are under their target value. The default target value is 60 for both metrics. If machine_spec.accelerator_count is 0, the autoscaling will be based on CPU utilization metric only with default target value 60 if not explicitly set. For example, in the case of Online Prediction, if you want to override target CPU utilization to 80, you should set autoscaling_metric_specs.metric_name to `aiplatform.googleapis.com/prediction/online/cpu/utilization` and autoscaling_metric_specs.target to `80`. + properties: + - !ruby/object:Api::Type::String + name: metricName + description: 'The resource metric name. Supported metrics: * For Online Prediction: * `aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle` * `aiplatform.googleapis.com/prediction/online/cpu/utilization`' + output: true + - !ruby/object:Api::Type::Integer + name: target + description: The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided. + output: true + - !ruby/object:Api::Type::NestedObject + name: automaticResources + description: A description of resources that to large degree are decided by Vertex AI, and require only a modest additional configuration. + output: true + properties: + - !ruby/object:Api::Type::Integer + name: minReplicaCount + description: The minimum number of replicas this DeployedModel will be always deployed on. If traffic against it increases, it may dynamically be deployed onto more replicas up to max_replica_count, and as traffic decreases, some of these extra replicas may be freed. If the requested value is too large, the deployment will error. + output: true + - !ruby/object:Api::Type::Integer + name: maxReplicaCount + description: The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, a no upper bound for scaling under heavy traffic will be assume, though Vertex AI may be unable to scale beyond certain replica number. + output: true + - !ruby/object:Api::Type::String + name: id + description: The ID of the DeployedModel. If not provided upon deployment, Vertex AI will generate a value for this ID. This value should be 1-10 characters, and valid characters are /[0-9]/. + output: true + - !ruby/object:Api::Type::String + name: model + description: The name of the Model that this is the deployment of. Note that the Model may be in a different location than the DeployedModel's Endpoint. + output: true + - !ruby/object:Api::Type::String + name: modelVersionId + description: Output only. The version ID of the model that is deployed. + output: true + - !ruby/object:Api::Type::String + name: displayName + description: The display name of the DeployedModel. If not provided upon creation, the Model's display_name is used. + output: true + - !ruby/object:Api::Type::String + name: createTime + description: Output only. Timestamp when the DeployedModel was created. + output: true + - !ruby/object:Api::Type::String + name: serviceAccount + description: The service account that the DeployedModel's container runs as. Specify the email address of the service account. If this service account is not specified, the container runs as a service account that doesn't have access to the resource project. Users deploying the Model must have the `iam.serviceAccounts.actAs` permission on this service account. + output: true + - !ruby/object:Api::Type::Boolean + name: enableAccessLogging + description: These logs are like standard server access logs, containing information like timestamp and latency for each prediction request. Note that Stackdriver logs may incur a cost, especially if your project receives prediction requests at a high queries per second rate (QPS). Estimate your costs before enabling this option. + output: true + - !ruby/object:Api::Type::NestedObject + name: privateEndpoints + description: Output only. Provide paths for users to send predict/explain/health requests directly to the deployed model services running on Cloud via private services access. This field is populated if network is configured. + output: true + properties: + - !ruby/object:Api::Type::String + name: predictHttpUri + description: Output only. Http(s) path to send prediction requests. + output: true + - !ruby/object:Api::Type::String + name: explainHttpUri + description: Output only. Http(s) path to send explain requests. + output: true + - !ruby/object:Api::Type::String + name: healthHttpUri + description: Output only. Http(s) path to send health check requests. + output: true + - !ruby/object:Api::Type::String + name: serviceAttachment + description: Output only. The name of the service attachment resource. Populated if private service connect is enabled. + output: true + - !ruby/object:Api::Type::String + name: sharedResources + description: 'The resource name of the shared DeploymentResourcePool to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}' + output: true + - !ruby/object:Api::Type::Boolean + name: enableContainerLogging + description: If true, the container of the DeployedModel instances will send `stderr` and `stdout` streams to Stackdriver Logging. Only supported for custom-trained Models and AutoML Tabular Models. + output: true + - !ruby/object:Api::Type::String + name: etag + description: Used to perform consistent read-modify-write updates. If not set, a blind "overwrite" update happens. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: labels + description: The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels. + - !ruby/object:Api::Type::String + name: createTime + description: Output only. Timestamp when this Endpoint was created. + output: true + - !ruby/object:Api::Type::String + name: updateTime + description: Output only. Timestamp when this Endpoint was last updated. + output: true + - !ruby/object:Api::Type::NestedObject + name: encryptionSpec + description: Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: kmsKeyName + description: 'Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. The key needs to be in the same region as where the compute resource is created.' + required: true + immutable: true + - !ruby/object:Api::Type::String + name: network + description: 'The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): `projects/{project}/global/networks/{network}`. Where `{project}` is a project number, as in `12345`, and `{network}` is network name.' + immutable: true + - !ruby/object:Api::Type::String + name: modelDeploymentMonitoringJob + description: 'Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: `projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}`' + output: true diff --git a/mmv1/products/vertexai/Featurestore.yaml b/mmv1/products/vertexai/Featurestore.yaml new file mode 100644 index 000000000000..9339c8bdc30e --- /dev/null +++ b/mmv1/products/vertexai/Featurestore.yaml @@ -0,0 +1,128 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Featurestore +base_url: projects/{{project}}/locations/{{region}}/featurestores +create_url: projects/{{project}}/locations/{{region}}/featurestores?featurestoreId={{name}} +self_link: 'projects/{{project}}/locations/{{region}}/featurestores/{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_attribute: featurestore + import_format: ['projects/{{project}}/locations/{{region}}/featurestores/{{name}}'] + example_config_body: 'templates/terraform/iam/example_config_body/vertex_ai_featurestore.tf.erb' + min_version: beta +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: |- + A collection of DataItems and Annotations on them. +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the dataset. eg us-central1 + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{region}}/featurestores/{{name}} + - !ruby/object:Api::Type::String + name: 'etag' + description: Used to perform consistent read-modify-write updates. + output: true + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this Featurestore. + - !ruby/object:Api::Type::NestedObject + name: 'onlineServingConfig' + description: | + Config for online serving resources. + properties: + - !ruby/object:Api::Type::Integer + name: 'fixedNodeCount' + exactly_one_of: + - online_serving_config.0.fixed_node_count + - online_serving_config.0.scaling + description: | + The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating. + - !ruby/object:Api::Type::NestedObject + name: 'scaling' + exactly_one_of: + - online_serving_config.0.fixed_node_count + - online_serving_config.0.scaling + description: | + Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other. + properties: + - !ruby/object:Api::Type::Integer + name: 'minNodeCount' + required: true + description: | + The minimum number of nodes to scale down to. Must be greater than or equal to 1. + - !ruby/object:Api::Type::Integer + name: 'maxNodeCount' + required: true + description: | + The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'. + - !ruby/object:Api::Type::Integer + name: 'onlineStorageTtlDays' + min_version: beta + default_value: 4000 + description: | + TTL in days for feature values that will be stored in online serving storage. The Feature Store online storage periodically removes obsolete feature values older than onlineStorageTtlDays since the feature generation time. Note that onlineStorageTtlDays should be less than or equal to offlineStorageTtlDays for each EntityType under a featurestore. If not set, default to 4000 days + - !ruby/object:Api::Type::NestedObject + name: 'encryptionSpec' + description: | + If set, both of the online and offline data storage will be secured by this key. + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + required: true + description: | + The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created. diff --git a/mmv1/products/vertexai/FeaturestoreEntitytype.yaml b/mmv1/products/vertexai/FeaturestoreEntitytype.yaml new file mode 100644 index 000000000000..59c199a8ade4 --- /dev/null +++ b/mmv1/products/vertexai/FeaturestoreEntitytype.yaml @@ -0,0 +1,172 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: FeaturestoreEntitytype +base_url: '{{featurestore}}/entityTypes' +create_url: '{{featurestore}}/entityTypes?entityTypeId={{name}}' +self_link: '{{featurestore}}/entityTypes/{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes' +iam_policy: !ruby/object:Api::Resource::IamPolicy + method_name_separator: ':' + fetch_iam_policy_verb: :POST + parent_resource_type: featurestore + parent_resource_attribute: entitytype + import_format: ['{{%featurestore}}/entityTypes/{{name}}', '{{name}}'] + example_config_body: 'templates/terraform/iam/example_config_body/vertex_ai_featurestore_entitytype.tf.erb' + min_version: beta +async: !ruby/object:Api::OpAsync + actions: + - create + - delete + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + include_project: true +description: |- + An entity type is a type of object in a system that needs to be modeled and have stored information about. For example, driver is an entity type, and driver0 is an instance of an entity type driver. +parameters: + - !ruby/object:Api::Type::String + name: featurestore + description: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. + url_param_only: true + immutable: true + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. + immutable: true + url_param_only: true + pattern: '{featurestore}}/entityTypes/{{name}}' + - !ruby/object:Api::Type::String + name: 'description' + description: Optional. Description of the EntityType. + - !ruby/object:Api::Type::String + name: 'etag' + description: Used to perform consistent read-modify-write updates. + output: true + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this EntityType. + - !ruby/object:Api::Type::NestedObject + name: 'monitoringConfig' + description: | + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'snapshotAnalysis' + description: | + The config for Snapshot Analysis Based Feature Monitoring. + properties: + - !ruby/object:Api::Type::Boolean + name: 'disabled' + default_value: false + description: | + The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it. + - !ruby/object:Api::Type::String + name: 'monitoringInterval' + min_version: beta + deprecation_message: This field is unavailable in the GA provider and will be removed from the beta provider in a future release. + description: | + Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + - !ruby/object:Api::Type::Integer + name: 'monitoringIntervalDays' + description: | + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + default_value: 1 + - !ruby/object:Api::Type::Integer + name: 'stalenessDays' + description: | + Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days. + default_value: 21 + - !ruby/object:Api::Type::NestedObject + name: 'importFeaturesAnalysis' + description: | + The config for ImportFeatures Analysis Based Feature Monitoring. + properties: + - !ruby/object:Api::Type::String + name: state + description: | + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. + - !ruby/object:Api::Type::String + name: 'anomalyDetectionBaseline' + description: | + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. + - !ruby/object:Api::Type::NestedObject + name: 'numericalThresholdConfig' + description: | + Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64). + properties: + - !ruby/object:Api::Type::Double + name: 'value' + description: | + Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3. + required: true + - !ruby/object:Api::Type::NestedObject + name: 'categoricalThresholdConfig' + description: | + Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING). + properties: + - !ruby/object:Api::Type::Double + name: 'value' + description: | + Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3. + required: true + - !ruby/object:Api::Type::Integer + name: 'offlineStorageTtlDays' + min_version: beta + default_value: 4000 + description: | + Config for data retention policy in offline storage. TTL in days for feature values that will be stored in offline storage. The Feature Store offline storage periodically removes obsolete feature values older than offlineStorageTtlDays since the feature generation time. If unset (or explicitly set to 0), default to 4000 days TTL. diff --git a/mmv1/products/vertexai/FeaturestoreEntitytypeFeature.yaml b/mmv1/products/vertexai/FeaturestoreEntitytypeFeature.yaml new file mode 100644 index 000000000000..2b56323b393f --- /dev/null +++ b/mmv1/products/vertexai/FeaturestoreEntitytypeFeature.yaml @@ -0,0 +1,89 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: FeaturestoreEntitytypeFeature +base_url: '{{entitytype}}/features' +create_url: '{{entitytype}}/features?featureId={{name}}' +self_link: '{{entitytype}}/features/{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features' +async: !ruby/object:Api::OpAsync + actions: + - create + - delete + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + include_project: true +description: |- + Feature Metadata information that describes an attribute of an entity type. For example, apple is an entity type, and color is a feature that describes apple. +parameters: + - !ruby/object:Api::Type::String + name: entitytype + description: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. + url_param_only: true + immutable: true + required: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type. + immutable: true + url_param_only: true + pattern: '{{entitytype}}/features/{{name}}' + - !ruby/object:Api::Type::String + name: 'etag' + description: Used to perform consistent read-modify-write updates. + output: true + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the entity type was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp when the entity type was most recently updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to the feature. + - !ruby/object:Api::Type::String + name: 'description' + description: Description of the feature. + - !ruby/object:Api::Type::String + name: 'valueType' + description: | + Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType + required: true + immutable: true diff --git a/mmv1/products/vertexai/Index.yaml b/mmv1/products/vertexai/Index.yaml new file mode 100644 index 000000000000..ecffda2c9d4a --- /dev/null +++ b/mmv1/products/vertexai/Index.yaml @@ -0,0 +1,204 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Index +base_url: projects/{{project}}/locations/{{region}}/indexes +create_url: projects/{{project}}/locations/{{region}}/indexes +self_link: projects/{{project}}/locations/{{region}}/indexes/{{name}} +update_verb: :PATCH +update_mask: true +create_verb: :POST +references: !ruby/object:Api::Resource::ReferenceLinks + api: https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexes/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: |- + A representation of a collection of database items organized in a way that allows for approximate nearest neighbor (a.k.a ANN) algorithms search. +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the index. eg us-central1 + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The resource name of the Index. + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters. + required: true + - !ruby/object:Api::Type::String + name: 'description' + description: The description of the Index. + # Please take a look at the following links for the original definition: + # https://cloud.google.com/vertex-ai/docs/matching-engine/create-manage-index#create_index-drest + # https://cloud.google.com/vertex-ai/docs/matching-engine/configuring-indexes + - !ruby/object:Api::Type::NestedObject + name: 'metadata' + description: An additional information about the Index + properties: + - !ruby/object:Api::Type::String + name: 'contentsDeltaUri' + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format + - !ruby/object:Api::Type::Boolean + name: 'isCompleteOverwrite' + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + default_value: false + - !ruby/object:Api::Type::NestedObject + name: 'config' + immutable: true + description: The configuration of the Matching Engine Index. + properties: + - !ruby/object:Api::Type::Integer + name: 'dimensions' + description: The number of dimensions of the input vectors. + required: true + - !ruby/object:Api::Type::Integer + name: 'approximateNeighborsCount' + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + - !ruby/object:Api::Type::String + name: 'distanceMeasureType' + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product + default_value: "DOT_PRODUCT_DISTANCE" + - !ruby/object:Api::Type::String + name: 'featureNormType' + description: |- + Type of normalization to be carried out on each vector. The value must be one of the followings: + * UNIT_L2_NORM: Unit L2 normalization type + * NONE: No normalization type is specified. + default_value: "NONE" + - !ruby/object:Api::Type::NestedObject + name: 'algorithmConfig' + description: The configuration with regard to the algorithms used for efficient search. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'treeAhConfig' + exactly_one_of: + - treeAhConfig + - bruteForceConfig + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396 + properties: + - !ruby/object:Api::Type::Integer + name: 'leafNodeEmbeddingCount' + description: Number of embeddings on each leaf node. The default value is 1000 if not set. + default_value: 1000 + - !ruby/object:Api::Type::Integer + name: 'leafNodesToSearchPercent' + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + default_value: 10 + - !ruby/object:Api::Type::NestedObject + name: 'bruteForceConfig' + allow_empty_object: true + send_empty_value: true + properties: [] + exactly_one_of: + - treeAhConfig + - bruteForceConfig + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + - !ruby/object:Api::Type::String + name: 'metadataSchemaUri' + description: |- + Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information. + output: true + - !ruby/object:Api::Type::Array + name: 'deployedIndexes' + output: true + description: The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: 'indexEndpoint' + output: true + description: A resource name of the IndexEndpoint. + - !ruby/object:Api::Type::String + name: 'deployedIndexId' + output: true + description: The ID of the DeployedIndex in the above IndexEndpoint. + - !ruby/object:Api::Type::String + name: 'etag' + description: Used to perform consistent read-modify-write updates. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: The labels with user-defined metadata to organize your Indexes. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: The timestamp of when the Index was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: The timestamp of when the Index was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::NestedObject + name: 'indexStats' + output: true + description: Stats of the index resource. + properties: + - !ruby/object:Api::Type::String + name: 'vectorsCount' + output: true + description: The number of vectors in the Index. + - !ruby/object:Api::Type::Integer + name: 'shardsCount' + output: true + description: The number of shards in the Index. + - !ruby/object:Api::Type::String + name: 'indexUpdateMethod' + immutable: true + default_value: BATCH_UPDATE + description: |- + The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + diff --git a/mmv1/products/vertexai/MetadataStore.yaml b/mmv1/products/vertexai/MetadataStore.yaml new file mode 100644 index 000000000000..83b03da45138 --- /dev/null +++ b/mmv1/products/vertexai/MetadataStore.yaml @@ -0,0 +1,94 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: MetadataStore +base_url: projects/{{project}}/locations/{{region}}/metadataStores +self_link: 'projects/{{project}}/locations/{{region}}/metadataStores/{{name}}' +create_url: projects/{{project}}/locations/{{region}}/metadataStores?metadataStoreId={{name}} +min_version: beta +immutable: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.metadataStores' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: |- + Instance of a metadata store. Contains a set of metadata that can be queried. +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the Metadata Store. eg us-central1 + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: The name of the MetadataStore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. + immutable: true + url_param_only: true + pattern: projects/{{project}}/locations/{{region}}/metadataStores/{{name}} + - !ruby/object:Api::Type::String + name: 'description' + description: Description of the MetadataStore. + immutable: true + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the MetadataStore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp of when the MetadataStore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::NestedObject + name: 'encryptionSpec' + immutable: true + description: | + Customer-managed encryption key spec for a MetadataStore. If set, this MetadataStore and all sub-resources of this MetadataStore will be secured by this key. + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + immutable: true + - !ruby/object:Api::Type::NestedObject + name: 'state' + output: true + description: | + State information of the MetadataStore. + properties: + - !ruby/object:Api::Type::String + name: 'diskUtilizationBytes' + description: | + The disk utilization of the MetadataStore in bytes. + output: true diff --git a/mmv1/products/vertexai/Tensorboard.yaml b/mmv1/products/vertexai/Tensorboard.yaml new file mode 100644 index 000000000000..5e2b951e1c8c --- /dev/null +++ b/mmv1/products/vertexai/Tensorboard.yaml @@ -0,0 +1,96 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: Tensorboard +base_url: projects/{{project}}/locations/{{region}}/tensorboards +self_link: '{{name}}' +update_verb: :PATCH +update_mask: true +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': + 'https://cloud.google.com/vertex-ai/docs' + api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.tensorboards' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +description: |- + Tensorboard is a physical database that stores users' training metrics. A default Tensorboard is provided in each region of a GCP project. If needed users can also create extra Tensorboards in their projects. +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the tensorboard. eg us-central1 + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Name of the Tensorboard. + output: true + - !ruby/object:Api::Type::String + name: 'displayName' + required: true + description: User provided name of this Tensorboard. + - !ruby/object:Api::Type::String + name: 'description' + description: Description of this Tensorboard. + - !ruby/object:Api::Type::NestedObject + name: 'encryptionSpec' + immutable: true + description: | + Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key. + properties: + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + required: true + description: | + The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + immutable: true + - !ruby/object:Api::Type::String + name: 'blobStoragePathPrefix' + description: Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'. + output: true + - !ruby/object:Api::Type::String + name: 'runCount' + description: The number of Runs stored in this Tensorboard. + output: true + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the Tensorboard was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp of when the Tensorboard was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + The labels with user-defined metadata to organize your Tensorboards. diff --git a/mmv1/products/vertexai/api.yaml b/mmv1/products/vertexai/api.yaml deleted file mode 100644 index ca97631a1cda..000000000000 --- a/mmv1/products/vertexai/api.yaml +++ /dev/null @@ -1,1034 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: VertexAI -display_name: Vertex AI -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://{{region}}-aiplatform.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://{{region}}-aiplatform.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -objects: -# Vertex AI Tensorboards - - !ruby/object:Api::Resource - name: Tensorboard - base_url: projects/{{project}}/locations/{{region}}/tensorboards - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.tensorboards' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: |- - Tensorboard is a physical database that stores users' training metrics. A default Tensorboard is provided in each region of a GCP project. If needed users can also create extra Tensorboards in their projects. - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the tensorboard. eg us-central1 - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Name of the Tensorboard. - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: User provided name of this Tensorboard. - - !ruby/object:Api::Type::String - name: 'description' - description: Description of this Tensorboard. - - !ruby/object:Api::Type::NestedObject - name: 'encryptionSpec' - input: true - description: | - Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key. - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - required: true - description: | - The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. - Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. - input: true - - !ruby/object:Api::Type::String - name: 'blobStoragePathPrefix' - description: Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'. - output: true - - !ruby/object:Api::Type::String - name: 'runCount' - description: The number of Runs stored in this Tensorboard. - output: true - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the Tensorboard was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp of when the Tensorboard was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - The labels with user-defined metadata to organize your Tensorboards. -# Vertex AI Datasets - - !ruby/object:Api::Resource - name: Dataset - base_url: projects/{{project}}/locations/{{region}}/datasets - self_link: '{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.datasets' - async: !ruby/object:Api::OpAsync - actions: - - create - - delete - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: |- - A collection of DataItems and Annotations on them. - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the dataset. eg us-central1 - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The resource name of the Dataset. This value is set by Google. - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - required: true - description: | - The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the dataset was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp of when the dataset was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this Workflow. - - !ruby/object:Api::Type::NestedObject - name: 'encryptionSpec' - input: true - description: | - Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key. - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - description: | - Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. - Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. - input: true - - !ruby/object:Api::Type::String - name: 'metadataSchemaUri' - required: true - input: true - description: | - Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. - -# Vertex AI Endpoints - - !ruby/object:Api::Resource - name: Endpoint - base_url: projects/{{project}}/locations/{{location}}/endpoints - create_url: projects/{{project}}/locations/{{location}}/endpoints?endpointId={{name}} - self_link: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1beta1/projects.locations.endpoints' - async: !ruby/object:Api::OpAsync - actions: - - create - - delete - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: "Models are deployed into it, and afterwards Endpoint is called to obtain predictions and explanations." - parameters: - - !ruby/object:Api::Type::String - name: location - description: The location for the resource - url_param_only: true - required: true - input: true - properties: - - !ruby/object:Api::Type::String - name: name - description: The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits. - url_param_only: true - required: true - input: true - - !ruby/object:Api::Type::String - name: displayName - description: Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters. - required: true - - !ruby/object:Api::Type::String - name: description - description: The description of the Endpoint. - - !ruby/object:Api::Type::Array - name: deployedModels - description: Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). - output: true - item_type: !ruby/object:Api::Type::NestedObject - name: deployedModels - description: Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). - properties: - - !ruby/object:Api::Type::NestedObject - name: dedicatedResources - description: A description of resources that are dedicated to the DeployedModel, and that need a higher degree of manual configuration. - output: true - properties: - - !ruby/object:Api::Type::NestedObject - name: machineSpec - description: The specification of a single machine used by the prediction. - output: true - properties: - - !ruby/object:Api::Type::String - name: machineType - description: 'The type of the machine. See the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) See the [list of machine types supported for custom training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). For DeployedModel this field is optional, and the default value is `n1-standard-2`. For BatchPredictionJob or as part of WorkerPoolSpec this field is required. TODO(rsurowka): Try to better unify the required vs optional.' - output: true - - !ruby/object:Api::Type::String - name: acceleratorType - description: The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). - output: true - - !ruby/object:Api::Type::Integer - name: acceleratorCount - description: The number of accelerators to attach to the machine. - output: true - - !ruby/object:Api::Type::Integer - name: minReplicaCount - description: The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed. - output: true - - !ruby/object:Api::Type::Integer - name: maxReplicaCount - description: The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type). - output: true - - !ruby/object:Api::Type::Array - name: autoscalingMetricSpecs - description: The metric specifications that overrides a resource utilization metric (CPU utilization, accelerator's duty cycle, and so on) target value (default to 60 if not set). At most one entry is allowed per metric. If machine_spec.accelerator_count is above 0, the autoscaling will be based on both CPU utilization and accelerator's duty cycle metrics and scale up when either metrics exceeds its target value while scale down if both metrics are under their target value. The default target value is 60 for both metrics. If machine_spec.accelerator_count is 0, the autoscaling will be based on CPU utilization metric only with default target value 60 if not explicitly set. For example, in the case of Online Prediction, if you want to override target CPU utilization to 80, you should set autoscaling_metric_specs.metric_name to `aiplatform.googleapis.com/prediction/online/cpu/utilization` and autoscaling_metric_specs.target to `80`. - output: true - item_type: !ruby/object:Api::Type::NestedObject - name: autoscalingMetricSpecs - description: The metric specifications that overrides a resource utilization metric (CPU utilization, accelerator's duty cycle, and so on) target value (default to 60 if not set). At most one entry is allowed per metric. If machine_spec.accelerator_count is above 0, the autoscaling will be based on both CPU utilization and accelerator's duty cycle metrics and scale up when either metrics exceeds its target value while scale down if both metrics are under their target value. The default target value is 60 for both metrics. If machine_spec.accelerator_count is 0, the autoscaling will be based on CPU utilization metric only with default target value 60 if not explicitly set. For example, in the case of Online Prediction, if you want to override target CPU utilization to 80, you should set autoscaling_metric_specs.metric_name to `aiplatform.googleapis.com/prediction/online/cpu/utilization` and autoscaling_metric_specs.target to `80`. - properties: - - !ruby/object:Api::Type::String - name: metricName - description: 'The resource metric name. Supported metrics: * For Online Prediction: * `aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle` * `aiplatform.googleapis.com/prediction/online/cpu/utilization`' - output: true - - !ruby/object:Api::Type::Integer - name: target - description: The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided. - output: true - - !ruby/object:Api::Type::NestedObject - name: automaticResources - description: A description of resources that to large degree are decided by Vertex AI, and require only a modest additional configuration. - output: true - properties: - - !ruby/object:Api::Type::Integer - name: minReplicaCount - description: The minimum number of replicas this DeployedModel will be always deployed on. If traffic against it increases, it may dynamically be deployed onto more replicas up to max_replica_count, and as traffic decreases, some of these extra replicas may be freed. If the requested value is too large, the deployment will error. - output: true - - !ruby/object:Api::Type::Integer - name: maxReplicaCount - description: The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, a no upper bound for scaling under heavy traffic will be assume, though Vertex AI may be unable to scale beyond certain replica number. - output: true - - !ruby/object:Api::Type::String - name: id - description: The ID of the DeployedModel. If not provided upon deployment, Vertex AI will generate a value for this ID. This value should be 1-10 characters, and valid characters are /[0-9]/. - output: true - - !ruby/object:Api::Type::String - name: model - description: The name of the Model that this is the deployment of. Note that the Model may be in a different location than the DeployedModel's Endpoint. - output: true - - !ruby/object:Api::Type::String - name: modelVersionId - description: Output only. The version ID of the model that is deployed. - output: true - - !ruby/object:Api::Type::String - name: displayName - description: The display name of the DeployedModel. If not provided upon creation, the Model's display_name is used. - output: true - - !ruby/object:Api::Type::String - name: createTime - description: Output only. Timestamp when the DeployedModel was created. - output: true - - !ruby/object:Api::Type::String - name: serviceAccount - description: The service account that the DeployedModel's container runs as. Specify the email address of the service account. If this service account is not specified, the container runs as a service account that doesn't have access to the resource project. Users deploying the Model must have the `iam.serviceAccounts.actAs` permission on this service account. - output: true - - !ruby/object:Api::Type::Boolean - name: enableAccessLogging - description: These logs are like standard server access logs, containing information like timestamp and latency for each prediction request. Note that Stackdriver logs may incur a cost, especially if your project receives prediction requests at a high queries per second rate (QPS). Estimate your costs before enabling this option. - output: true - - !ruby/object:Api::Type::NestedObject - name: privateEndpoints - description: Output only. Provide paths for users to send predict/explain/health requests directly to the deployed model services running on Cloud via private services access. This field is populated if network is configured. - output: true - properties: - - !ruby/object:Api::Type::String - name: predictHttpUri - description: Output only. Http(s) path to send prediction requests. - output: true - - !ruby/object:Api::Type::String - name: explainHttpUri - description: Output only. Http(s) path to send explain requests. - output: true - - !ruby/object:Api::Type::String - name: healthHttpUri - description: Output only. Http(s) path to send health check requests. - output: true - - !ruby/object:Api::Type::String - name: serviceAttachment - description: Output only. The name of the service attachment resource. Populated if private service connect is enabled. - output: true - - !ruby/object:Api::Type::String - name: sharedResources - description: 'The resource name of the shared DeploymentResourcePool to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}' - output: true - - !ruby/object:Api::Type::Boolean - name: enableContainerLogging - description: If true, the container of the DeployedModel instances will send `stderr` and `stdout` streams to Stackdriver Logging. Only supported for custom-trained Models and AutoML Tabular Models. - output: true - - !ruby/object:Api::Type::String - name: etag - description: Used to perform consistent read-modify-write updates. If not set, a blind "overwrite" update happens. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: labels - description: The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels. - - !ruby/object:Api::Type::String - name: createTime - description: Output only. Timestamp when this Endpoint was created. - output: true - - !ruby/object:Api::Type::String - name: updateTime - description: Output only. Timestamp when this Endpoint was last updated. - output: true - - !ruby/object:Api::Type::NestedObject - name: encryptionSpec - description: Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key. - input: true - properties: - - !ruby/object:Api::Type::String - name: kmsKeyName - description: 'Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. The key needs to be in the same region as where the compute resource is created.' - required: true - input: true - - !ruby/object:Api::Type::String - name: network - description: 'The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): `projects/{project}/global/networks/{network}`. Where `{project}` is a project number, as in `12345`, and `{network}` is network name.' - input: true - - !ruby/object:Api::Type::String - name: modelDeploymentMonitoringJob - description: 'Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: `projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}`' - output: true - -# Vertex AI Featurestores - - !ruby/object:Api::Resource - name: Featurestore - base_url: projects/{{project}}/locations/{{region}}/featurestores - create_url: projects/{{project}}/locations/{{region}}/featurestores?featurestoreId={{name}} - self_link: 'projects/{{project}}/locations/{{region}}/featurestores/{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_attribute: featurestore - import_format: ['projects/{{project}}/locations/{{region}}/featurestores/{{name}}'] - example_config_body: 'templates/terraform/iam/example_config_body/vertex_ai_featurestore.tf.erb' - min_version: beta - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: |- - A collection of DataItems and Annotations on them. - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the dataset. eg us-central1 - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{region}}/featurestores/{{name}} - - !ruby/object:Api::Type::String - name: 'etag' - description: Used to perform consistent read-modify-write updates. - output: true - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this Featurestore. - - !ruby/object:Api::Type::NestedObject - name: 'onlineServingConfig' - description: | - Config for online serving resources. - properties: - - !ruby/object:Api::Type::Integer - name: 'fixedNodeCount' - exactly_one_of: - - online_serving_config.0.fixed_node_count - - online_serving_config.0.scaling - description: | - The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating. - - !ruby/object:Api::Type::NestedObject - name: 'scaling' - exactly_one_of: - - online_serving_config.0.fixed_node_count - - online_serving_config.0.scaling - description: | - Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other. - properties: - - !ruby/object:Api::Type::Integer - name: 'minNodeCount' - required: true - description: | - The minimum number of nodes to scale down to. Must be greater than or equal to 1. - - !ruby/object:Api::Type::Integer - name: 'maxNodeCount' - required: true - description: | - The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'. - - !ruby/object:Api::Type::Integer - name: 'onlineStorageTtlDays' - min_version: beta - default_value: 4000 - description: | - TTL in days for feature values that will be stored in online serving storage. The Feature Store online storage periodically removes obsolete feature values older than onlineStorageTtlDays since the feature generation time. Note that onlineStorageTtlDays should be less than or equal to offlineStorageTtlDays for each EntityType under a featurestore. If not set, default to 4000 days - - !ruby/object:Api::Type::NestedObject - name: 'encryptionSpec' - description: | - If set, both of the online and offline data storage will be secured by this key. - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - required: true - description: | - The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created. - -# Vertex AI Featurestore Entity Type - - !ruby/object:Api::Resource - name: FeaturestoreEntitytype - base_url: '{{featurestore}}/entityTypes' - create_url: '{{featurestore}}/entityTypes?entityTypeId={{name}}' - self_link: '{{featurestore}}/entityTypes/{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes' - iam_policy: !ruby/object:Api::Resource::IamPolicy - method_name_separator: ':' - fetch_iam_policy_verb: :POST - parent_resource_type: featurestore - parent_resource_attribute: entitytype - import_format: ['{{%featurestore}}/entityTypes/{{name}}', '{{name}}'] - example_config_body: 'templates/terraform/iam/example_config_body/vertex_ai_featurestore_entitytype.tf.erb' - min_version: beta - async: !ruby/object:Api::OpAsync - actions: - - create - - delete - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - include_project: true - description: |- - An entity type is a type of object in a system that needs to be modeled and have stored information about. For example, driver is an entity type, and driver0 is an instance of an entity type driver. - parameters: - - !ruby/object:Api::Type::String - name: featurestore - description: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. - url_param_only: true - input: true - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. - input: true - url_param_only: true - pattern: '{featurestore}}/entityTypes/{{name}}' - - !ruby/object:Api::Type::String - name: 'description' - description: Optional. Description of the EntityType. - - !ruby/object:Api::Type::String - name: 'etag' - description: Used to perform consistent read-modify-write updates. - output: true - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the featurestore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp of when the featurestore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this EntityType. - - !ruby/object:Api::Type::NestedObject - name: 'monitoringConfig' - description: | - The default monitoring configuration for all Features under this EntityType. - - If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'snapshotAnalysis' - description: | - The config for Snapshot Analysis Based Feature Monitoring. - properties: - - !ruby/object:Api::Type::Boolean - name: 'disabled' - default_value: false - description: | - The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it. - - !ruby/object:Api::Type::String - name: 'monitoringInterval' - min_version: beta - deprecation_message: This field is unavailable in the GA provider and will be removed from the beta provider in a future release. - description: | - Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. - - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - - !ruby/object:Api::Type::Integer - name: 'monitoringIntervalDays' - description: | - Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. - If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. - default_value: 1 - - !ruby/object:Api::Type::Integer - name: 'stalenessDays' - description: | - Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days. - default_value: 21 - - !ruby/object:Api::Type::NestedObject - name: 'importFeaturesAnalysis' - description: | - The config for ImportFeatures Analysis Based Feature Monitoring. - properties: - - !ruby/object:Api::Type::String - name: state - description: | - Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: - * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. - * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. - * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. - - !ruby/object:Api::Type::String - name: 'anomalyDetectionBaseline' - description: | - Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: - * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. - * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. - * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. - - !ruby/object:Api::Type::NestedObject - name: 'numericalThresholdConfig' - description: | - Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64). - properties: - - !ruby/object:Api::Type::Double - name: 'value' - description: | - Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3. - required: true - - !ruby/object:Api::Type::NestedObject - name: 'categoricalThresholdConfig' - description: | - Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING). - properties: - - !ruby/object:Api::Type::Double - name: 'value' - description: | - Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3. - required: true - - !ruby/object:Api::Type::Integer - name: 'offlineStorageTtlDays' - min_version: beta - default_value: 4000 - description: | - Config for data retention policy in offline storage. TTL in days for feature values that will be stored in offline storage. The Feature Store offline storage periodically removes obsolete feature values older than offlineStorageTtlDays since the feature generation time. If unset (or explicitly set to 0), default to 4000 days TTL. - -# Vertex AI Featurestore Entity Type Feature - - !ruby/object:Api::Resource - name: FeaturestoreEntitytypeFeature - base_url: '{{entitytype}}/features' - create_url: '{{entitytype}}/features?featureId={{name}}' - self_link: '{{entitytype}}/features/{{name}}' - update_verb: :PATCH - update_mask: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features' - async: !ruby/object:Api::OpAsync - actions: - - create - - delete - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - include_project: true - description: |- - Feature Metadata information that describes an attribute of an entity type. For example, apple is an entity type, and color is a feature that describes apple. - parameters: - - !ruby/object:Api::Type::String - name: entitytype - description: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. - url_param_only: true - input: true - required: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type. - input: true - url_param_only: true - pattern: '{{entitytype}}/features/{{name}}' - - !ruby/object:Api::Type::String - name: 'etag' - description: Used to perform consistent read-modify-write updates. - output: true - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the entity type was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp when the entity type was most recently updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to the feature. - - !ruby/object:Api::Type::String - name: 'description' - description: Description of the feature. - - !ruby/object:Api::Type::String - name: 'valueType' - description: | - Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType - required: true - input: true -# Vertex ML Metadata - - !ruby/object:Api::Resource - name: MetadataStore - base_url: projects/{{project}}/locations/{{region}}/metadataStores - self_link: 'projects/{{project}}/locations/{{region}}/metadataStores/{{name}}' - create_url: projects/{{project}}/locations/{{region}}/metadataStores?metadataStoreId={{name}} - min_version: beta - input: true - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Official Documentation': - 'https://cloud.google.com/vertex-ai/docs' - api: 'https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.metadataStores' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: |- - Instance of a metadata store. Contains a set of metadata that can be queried. - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the Metadata Store. eg us-central1 - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The name of the MetadataStore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number. - input: true - url_param_only: true - pattern: projects/{{project}}/locations/{{region}}/metadataStores/{{name}} - - !ruby/object:Api::Type::String - name: 'description' - description: Description of the MetadataStore. - input: true - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the MetadataStore was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp of when the MetadataStore was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::NestedObject - name: 'encryptionSpec' - input: true - description: | - Customer-managed encryption key spec for a MetadataStore. If set, this MetadataStore and all sub-resources of this MetadataStore will be secured by this key. - properties: - - !ruby/object:Api::Type::String - name: 'kmsKeyName' - description: | - Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. - Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. - input: true - - !ruby/object:Api::Type::NestedObject - name: 'state' - output: true - description: | - State information of the MetadataStore. - properties: - - !ruby/object:Api::Type::String - name: 'diskUtilizationBytes' - description: | - The disk utilization of the MetadataStore in bytes. - output: true -# Vertex AI Matching Engine Index - - !ruby/object:Api::Resource - name: Index - base_url: projects/{{project}}/locations/{{region}}/indexes - create_url: projects/{{project}}/locations/{{region}}/indexes - self_link: projects/{{project}}/locations/{{region}}/indexes/{{name}} - update_verb: :PATCH - update_mask: true - create_verb: :POST - references: !ruby/object:Api::Resource::ReferenceLinks - api: https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexes/ - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - description: |- - A representation of a collection of database items organized in a way that allows for approximate nearest neighbor (a.k.a ANN) algorithms search. - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the index. eg us-central1 - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: The resource name of the Index. - output: true - - !ruby/object:Api::Type::String - name: 'displayName' - description: The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters. - required: true - - !ruby/object:Api::Type::String - name: 'description' - description: The description of the Index. - # Please take a look at the following links for the original definition: - # https://cloud.google.com/vertex-ai/docs/matching-engine/create-manage-index#create_index-drest - # https://cloud.google.com/vertex-ai/docs/matching-engine/configuring-indexes - - !ruby/object:Api::Type::NestedObject - name: 'metadata' - description: An additional information about the Index - properties: - - !ruby/object:Api::Type::String - name: 'contentsDeltaUri' - description: |- - Allows inserting, updating or deleting the contents of the Matching Engine Index. - The string must be a valid Cloud Storage directory path. If this - field is set when calling IndexService.UpdateIndex, then no other - Index field can be also updated as part of the same call. - The expected structure and format of the files this URI points to is - described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format - - !ruby/object:Api::Type::Boolean - name: 'isCompleteOverwrite' - description: |- - If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, - then existing content of the Index will be replaced by the data from the contentsDeltaUri. - default_value: false - - !ruby/object:Api::Type::NestedObject - name: 'config' - input: true - description: The configuration of the Matching Engine Index. - properties: - - !ruby/object:Api::Type::Integer - name: 'dimensions' - description: The number of dimensions of the input vectors. - required: true - - !ruby/object:Api::Type::Integer - name: 'approximateNeighborsCount' - description: |- - The default number of neighbors to find via approximate search before exact reordering is - performed. Exact reordering is a procedure where results returned by an - approximate search algorithm are reordered via a more expensive distance computation. - Required if tree-AH algorithm is used. - - !ruby/object:Api::Type::String - name: 'distanceMeasureType' - description: |- - The distance measure used in nearest neighbor search. The value must be one of the followings: - * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance - * L1_DISTANCE: Manhattan (L_1) Distance - * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. - * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product - default_value: "DOT_PRODUCT_DISTANCE" - - !ruby/object:Api::Type::String - name: 'featureNormType' - description: |- - Type of normalization to be carried out on each vector. The value must be one of the followings: - * UNIT_L2_NORM: Unit L2 normalization type - * NONE: No normalization type is specified. - default_value: "NONE" - - !ruby/object:Api::Type::NestedObject - name: 'algorithmConfig' - description: The configuration with regard to the algorithms used for efficient search. - properties: - - !ruby/object:Api::Type::NestedObject - name: 'treeAhConfig' - exactly_one_of: - - treeAhConfig - - bruteForceConfig - description: |- - Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). - Please refer to this paper for more details: https://arxiv.org/abs/1908.10396 - properties: - - !ruby/object:Api::Type::Integer - name: 'leafNodeEmbeddingCount' - description: Number of embeddings on each leaf node. The default value is 1000 if not set. - default_value: 1000 - - !ruby/object:Api::Type::Integer - name: 'leafNodesToSearchPercent' - description: |- - The default percentage of leaf nodes that any query may be searched. Must be in - range 1-100, inclusive. The default value is 10 (means 10%) if not set. - default_value: 10 - - !ruby/object:Api::Type::NestedObject - name: 'bruteForceConfig' - allow_empty_object: true - send_empty_value: true - properties: [] - exactly_one_of: - - treeAhConfig - - bruteForceConfig - description: |- - Configuration options for using brute force search, which simply implements the - standard linear search in the database for each query. - - !ruby/object:Api::Type::String - name: 'metadataSchemaUri' - description: |- - Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information. - output: true - - !ruby/object:Api::Type::Array - name: 'deployedIndexes' - output: true - description: The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: 'indexEndpoint' - output: true - description: A resource name of the IndexEndpoint. - - !ruby/object:Api::Type::String - name: 'deployedIndexId' - output: true - description: The ID of the DeployedIndex in the above IndexEndpoint. - - !ruby/object:Api::Type::String - name: 'etag' - description: Used to perform consistent read-modify-write updates. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: The labels with user-defined metadata to organize your Indexes. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: The timestamp of when the Index was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: The timestamp of when the Index was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::NestedObject - name: 'indexStats' - output: true - description: Stats of the index resource. - properties: - - !ruby/object:Api::Type::String - name: 'vectorsCount' - output: true - description: The number of vectors in the Index. - - !ruby/object:Api::Type::Integer - name: 'shardsCount' - output: true - description: The number of shards in the Index. - - !ruby/object:Api::Type::String - name: 'indexUpdateMethod' - input: true - default_value: BATCH_UPDATE - description: |- - The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. - * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. - * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. diff --git a/mmv1/products/vertexai/product.yaml b/mmv1/products/vertexai/product.yaml new file mode 100644 index 000000000000..86d545efae39 --- /dev/null +++ b/mmv1/products/vertexai/product.yaml @@ -0,0 +1,25 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: VertexAI +display_name: Vertex AI +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://{{region}}-aiplatform.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://{{region}}-aiplatform.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform diff --git a/mmv1/products/vertexai/terraform.yaml b/mmv1/products/vertexai/terraform.yaml index 8e12e34b5a86..46103b2167ba 100644 --- a/mmv1/products/vertexai/terraform.yaml +++ b/mmv1/products/vertexai/terraform.yaml @@ -69,9 +69,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides address_name: "address-name" kms_key_name: "kms-name" network_name: "network-name" - test_vars_overrides: - kms_key_name: 'BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' - network_name: 'BootstrapSharedTestNetwork(t, "vertex")' properties: etag: !ruby/object:Overrides::Terraform::PropertyOverride ignore_read: true diff --git a/mmv1/products/vpcaccess/Connector.yaml b/mmv1/products/vpcaccess/Connector.yaml new file mode 100644 index 000000000000..b9b1b8881bf3 --- /dev/null +++ b/mmv1/products/vpcaccess/Connector.yaml @@ -0,0 +1,131 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Connector' +kind: 'vpcaccess#Connector' +description: 'Serverless VPC Access connector resource.' +immutable: true +base_url: projects/{{project}}/locations/{{region}}/connectors +create_url: projects/{{project}}/locations/{{region}}/connectors?connectorId={{name}} +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configuring Serverless VPC Access': 'https://cloud.google.com/vpc/docs/configure-serverless-vpc-access' + api: 'https://cloud.google.com/vpc/docs/reference/vpcaccess/rest/v1/projects.locations.connectors' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +parameters: + - !ruby/object:Api::Type::String + name: 'region' + description: | + Region where the VPC Access connector resides. If it is not provided, the provider region is used. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: name + description: | + The name of the resource (Max 25 characters). + required: true + - !ruby/object:Api::Type::String + name: network + description: | + Name or self_link of the VPC network. Required if `ip_cidr_range` is set. + exactly_one_of: + - network + - subnet.0.name + - !ruby/object:Api::Type::String + name: ipCidrRange + description: | + The range of internal addresses that follows RFC 4632 notation. Example: `10.132.0.0/28`. + required_with: + - network + - !ruby/object:Api::Type::Enum + name: state + description: | + State of the VPC access connector. + output: true + exclude: true + values: + - :READY + - :CREATING + - :DELETING + - :ERROR + - :UPDATING + - !ruby/object:Api::Type::String + name: machineType + description: | + Machine type of VM Instance underlying connector. Default is e2-micro + default_value: e2-micro + - !ruby/object:Api::Type::Integer + name: minThroughput + description: | + Minimum throughput of the connector in Mbps. Default and min is 200. + default_value: 200 + - !ruby/object:Api::Type::Integer + name: minInstances + description: | + Minimum value of instances in autoscaling group underlying the connector. + - !ruby/object:Api::Type::Integer + name: maxInstances + description: | + Maximum value of instances in autoscaling group underlying the connector. + - !ruby/object:Api::Type::Integer + name: maxThroughput + # The API documentation says this will default to 200, but when I tried that I got an error that the minimum + # throughput must be lower than the maximum. The console defaults to 1000, so I changed it to that. + # API returns 300 if it is not sent + description: | + Maximum throughput of the connector in Mbps, must be greater than `min_throughput`. Default is 300. + default_value: 300 + - !ruby/object:Api::Type::String + name: 'selfLink' + description: | + The fully qualified name of this VPC connector + output: true + - !ruby/object:Api::Type::NestedObject + name: 'subnet' + immutable: true + description: | + The subnet in which to house the connector + properties: + - !ruby/object:Api::Type::String + name: 'name' + description: | + Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is + https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}" + exactly_one_of: + - network + - subnet.0.name + immutable: true + - !ruby/object:Api::Type::String + name: 'projectId' + description: | + Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. + immutable: true + diff --git a/mmv1/products/vpcaccess/api.yaml b/mmv1/products/vpcaccess/api.yaml deleted file mode 100644 index 6d11dfbca0a4..000000000000 --- a/mmv1/products/vpcaccess/api.yaml +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright 2019 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: VPCAccess -display_name: Serverless VPC Access -versions: - - !ruby/object:Api::Product::Version - name: ga - base_url: https://vpcaccess.googleapis.com/v1/ - - !ruby/object:Api::Product::Version - name: beta - base_url: https://vpcaccess.googleapis.com/v1beta1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Serverless VPC Access API - url: https://console.cloud.google.com/apis/library/vpcaccess.googleapis.com/ -objects: - - !ruby/object:Api::Resource - name: 'Connector' - kind: 'vpcaccess#Connector' - description: 'Serverless VPC Access connector resource.' - input: true - base_url: projects/{{project}}/locations/{{region}}/connectors - create_url: projects/{{project}}/locations/{{region}}/connectors?connectorId={{name}} - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Configuring Serverless VPC Access': 'https://cloud.google.com/vpc/docs/configure-serverless-vpc-access' - api: 'https://cloud.google.com/vpc/docs/reference/vpcaccess/rest/v1/projects.locations.connectors' - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - parameters: - - !ruby/object:Api::Type::String - name: 'region' - description: | - Region where the VPC Access connector resides. If it is not provided, the provider region is used. - input: true - url_param_only: true - properties: - - !ruby/object:Api::Type::String - name: name - description: | - The name of the resource (Max 25 characters). - required: true - - !ruby/object:Api::Type::String - name: network - description: | - Name or self_link of the VPC network. Required if `ip_cidr_range` is set. - exactly_one_of: - - network - - subnet.0.name - - !ruby/object:Api::Type::String - name: ipCidrRange - description: | - The range of internal addresses that follows RFC 4632 notation. Example: `10.132.0.0/28`. - required_with: - - network - - !ruby/object:Api::Type::Enum - name: state - description: | - State of the VPC access connector. - output: true - exclude: true - values: - - :READY - - :CREATING - - :DELETING - - :ERROR - - :UPDATING - - !ruby/object:Api::Type::String - name: machineType - description: | - Machine type of VM Instance underlying connector. Default is e2-micro - default_value: e2-micro - - !ruby/object:Api::Type::Integer - name: minThroughput - description: | - Minimum throughput of the connector in Mbps. Default and min is 200. - default_value: 200 - - !ruby/object:Api::Type::Integer - name: minInstances - description: | - Minimum value of instances in autoscaling group underlying the connector. - - !ruby/object:Api::Type::Integer - name: maxInstances - description: | - Maximum value of instances in autoscaling group underlying the connector. - - !ruby/object:Api::Type::Integer - name: maxThroughput - # The API documentation says this will default to 200, but when I tried that I got an error that the minimum - # throughput must be lower than the maximum. The console defaults to 1000, so I changed it to that. - # API returns 300 if it is not sent - description: | - Maximum throughput of the connector in Mbps, must be greater than `min_throughput`. Default is 300. - default_value: 300 - - !ruby/object:Api::Type::String - name: 'selfLink' - description: | - The fully qualified name of this VPC connector - output: true - - !ruby/object:Api::Type::NestedObject - name: 'subnet' - input: true - description: | - The subnet in which to house the connector - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: | - Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is - https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}" - exactly_one_of: - - network - - subnet.0.name - input: true - - !ruby/object:Api::Type::String - name: 'projectId' - description: | - Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued. - input: true diff --git a/mmv1/products/vpcaccess/product.yaml b/mmv1/products/vpcaccess/product.yaml new file mode 100644 index 000000000000..86e93dcd1a99 --- /dev/null +++ b/mmv1/products/vpcaccess/product.yaml @@ -0,0 +1,29 @@ +# Copyright 2019 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: VPCAccess +display_name: Serverless VPC Access +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://vpcaccess.googleapis.com/v1/ + - !ruby/object:Api::Product::Version + name: beta + base_url: https://vpcaccess.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Serverless VPC Access API + url: https://console.cloud.google.com/apis/library/vpcaccess.googleapis.com/ diff --git a/mmv1/products/workflows/Workflow.yaml b/mmv1/products/workflows/Workflow.yaml new file mode 100644 index 000000000000..46c839db125c --- /dev/null +++ b/mmv1/products/workflows/Workflow.yaml @@ -0,0 +1,77 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'Workflow' +description: | + Workflow program to be executed by Workflows. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Managing Workflows': + 'https://cloud.google.com/workflows/docs/creating-updating-workflow' + api: 'https://cloud.google.com/workflows/docs/reference/rest/v1/projects.locations.workflows' +base_url: projects/{{project}}/locations/{{region}}/workflows +create_url: projects/{{project}}/locations/{{region}}/workflows?workflowId={{name}} +self_link: 'projects/{{project}}/locations/{{region}}/workflows/{{name}}' +update_verb: :PATCH +update_mask: true +parameters: + - !ruby/object:Api::Type::String + name: region + description: The region of the workflow. + url_param_only: true + immutable: true +properties: + - !ruby/object:Api::Type::String + name: 'name' + description: Name of the Workflow. + immutable: true + - !ruby/object:Api::Type::String + name: 'description' + description: | + Description of the workflow provided by the user. Must be at most 1000 unicode characters long. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + The timestamp of when the workflow was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + The timestamp of when the workflow was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + - !ruby/object:Api::Type::String + name: 'state' + output: true + description: State of the workflow deployment. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + A set of key/value label pairs to assign to this Workflow. + - !ruby/object:Api::Type::String + name: 'serviceAccount' + description: | + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + - !ruby/object:Api::Type::String + name: 'sourceContents' + description: | + Workflow code to be executed. The size limit is 32KB. + - !ruby/object:Api::Type::String + name: 'revisionId' + output: true + description: | + The revision of the workflow. A new one is generated if the service account or source contents is changed. + diff --git a/mmv1/products/workflows/api.yaml b/mmv1/products/workflows/api.yaml deleted file mode 100644 index e7080616f40a..000000000000 --- a/mmv1/products/workflows/api.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright 2020 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- !ruby/object:Api::Product -name: Workflows -display_name: Workflows -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://workflows.googleapis.com/v1beta/ - - !ruby/object:Api::Product::Version - name: ga - base_url: https://workflows.googleapis.com/v1/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Workflows API - url: https://console.cloud.google.com/apis/library/workflows.googleapis.com/ -async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: 'name' - base_url: '{{op_id}}' - wait_ms: 1000 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - resource_inside_response: true - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: True - allowed: - - True - - False - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' -objects: - - !ruby/object:Api::Resource - name: 'Workflow' - description: | - Workflow program to be executed by Workflows. - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - 'Managing Workflows': - 'https://cloud.google.com/workflows/docs/creating-updating-workflow' - api: 'https://cloud.google.com/workflows/docs/reference/rest/v1/projects.locations.workflows' - base_url: projects/{{project}}/locations/{{region}}/workflows - create_url: projects/{{project}}/locations/{{region}}/workflows?workflowId={{name}} - self_link: 'projects/{{project}}/locations/{{region}}/workflows/{{name}}' - update_verb: :PATCH - update_mask: true - parameters: - - !ruby/object:Api::Type::String - name: region - description: The region of the workflow. - url_param_only: true - input: true - properties: - - !ruby/object:Api::Type::String - name: 'name' - description: Name of the Workflow. - input: true - - !ruby/object:Api::Type::String - name: 'description' - description: | - Description of the workflow provided by the user. Must be at most 1000 unicode characters long. - - !ruby/object:Api::Type::String - name: 'createTime' - output: true - description: | - The timestamp of when the workflow was created in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'updateTime' - output: true - description: | - The timestamp of when the workflow was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - - !ruby/object:Api::Type::String - name: 'state' - output: true - description: State of the workflow deployment. - - !ruby/object:Api::Type::KeyValuePairs - name: 'labels' - description: | - A set of key/value label pairs to assign to this Workflow. - - !ruby/object:Api::Type::String - name: 'serviceAccount' - description: | - Name of the service account associated with the latest workflow version. This service - account represents the identity of the workflow and determines what permissions the workflow has. - - Format: projects/{project}/serviceAccounts/{account}. - - !ruby/object:Api::Type::String - name: 'sourceContents' - description: | - Workflow code to be executed. The size limit is 32KB. - - !ruby/object:Api::Type::String - name: 'revisionId' - output: true - description: | - The revision of the workflow. A new one is generated if the service account or source contents is changed. diff --git a/mmv1/products/workflows/product.yaml b/mmv1/products/workflows/product.yaml new file mode 100644 index 000000000000..a58ebc7a16da --- /dev/null +++ b/mmv1/products/workflows/product.yaml @@ -0,0 +1,46 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Workflows +display_name: Workflows +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://workflows.googleapis.com/v1beta/ + - !ruby/object:Api::Product::Version + name: ga + base_url: https://workflows.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Workflows API + url: https://console.cloud.google.com/apis/library/workflows.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: True + allowed: + - True + - False + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' diff --git a/mmv1/products/workstations/Workstation.yaml b/mmv1/products/workstations/Workstation.yaml new file mode 100644 index 000000000000..010786e09a0e --- /dev/null +++ b/mmv1/products/workstations/Workstation.yaml @@ -0,0 +1,119 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "Workstation" +self_link: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}/workstations/{{workstation_id}}" +base_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}/workstations" +create_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}/workstations?workstationId={{workstation_id}}" +update_verb: :PATCH +update_mask: true +min_version: beta +description: "A single instance of a developer workstation with its own persistent storage." +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Workstations": "https://cloud.google.com/workstations/docs/" + api: "https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters.workstationConfigs.workstations" +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: "name" + base_url: "{{op_id}}" + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: !ruby/object:Api::OpAsync::Result + path: "response" + status: !ruby/object:Api::OpAsync::Status + path: "done" + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: "error" + message: "message" +parameters: + - !ruby/object:Api::Type::String + name: "workstationId" + required: true + immutable: true + url_param_only: true + description: | + ID to use for the workstation. + - !ruby/object:Api::Type::String + name: "workstationConfigId" + required: true + immutable: true + url_param_only: true + description: | + The ID of the workstation cluster config. + - !ruby/object:Api::Type::String + name: "workstationClusterId" + required: true + immutable: true + url_param_only: true + description: | + The name of the workstation cluster. + - !ruby/object:Api::Type::String + name: "location" + immutable: true + required: true + url_param_only: true + description: | + The location where the workstation cluster config should reside. +properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + The name of the cluster resource. + - !ruby/object:Api::Type::String + name: "uid" + output: true + description: | + The system-generated UID of the resource. + - !ruby/object:Api::Type::String + name: "displayName" + description: | + Human-readable name for this resource. + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: "Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources." + - !ruby/object:Api::Type::KeyValuePairs + name: "annotations" + description: "Client-specified annotations. This is distinct from labels." + - !ruby/object:Api::Type::Time + name: "createTime" + description: | + Time the Instance was created in UTC. + output: true + - !ruby/object:Api::Type::String + name: "host" + description: | + Host to which clients can send HTTPS traffic that will be received by the workstation. + Authorized traffic will be received to the workstation as HTTP on port 80. + To send traffic to a different port, clients may prefix the host with the destination port in the format "{port}-{host}". + output: true + - !ruby/object:Api::Type::Enum + name: "state" + output: true + description: | + Current state of the workstation. + values: + - :STATE_STARTING + - :STATE_RUNNING + - :STATE_STOPPING + - :STATE_STOPPED + diff --git a/mmv1/products/workstations/WorkstationCluster.yaml b/mmv1/products/workstations/WorkstationCluster.yaml new file mode 100644 index 000000000000..11bb6fdb1282 --- /dev/null +++ b/mmv1/products/workstations/WorkstationCluster.yaml @@ -0,0 +1,159 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "WorkstationCluster" +self_link: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}" +base_url: "projects/{{project}}/locations/{{location}}/workstationClusters" +create_url: "projects/{{project}}/locations/{{location}}/workstationClusters?workstationClusterId={{workstation_cluster_id}}" +update_verb: :PATCH +update_mask: true +min_version: beta +description: "A managed workstation cluster." +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Workstations": "https://cloud.google.com/workstations/docs/" + api: "https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters/create" +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: "name" + base_url: "{{op_id}}" + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: !ruby/object:Api::OpAsync::Result + path: "response" + status: !ruby/object:Api::OpAsync::Status + path: "done" + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: "error" + message: "message" +parameters: + - !ruby/object:Api::Type::String + name: "workstationClusterId" + required: true + immutable: true + url_param_only: true + description: | + The ID of the workstation cluster. + - !ruby/object:Api::Type::String + name: "location" + immutable: true + url_param_only: true + description: | + The location where the workstation cluster should reside. +properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + The name of the cluster resource. + - !ruby/object:Api::Type::String + name: "uid" + output: true + description: | + The system-generated UID of the resource. + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: "Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources." + - !ruby/object:Api::Type::String + name: "network" + required: true + immutable: true + description: | + The relative resource name of the VPC network on which the instance can be accessed. + It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". + - !ruby/object:Api::Type::String + name: "subnetwork" + required: true + immutable: true + description: | + Name of the Compute Engine subnetwork in which instances associated with this cluster will be created. + Must be part of the subnetwork specified for this cluster. + - !ruby/object:Api::Type::String + name: "displayName" + description: | + Human-readable name for this resource. + - !ruby/object:Api::Type::Boolean + name: "degraded" + description: | + Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. + Details can be found in the conditions field. + output: true + - !ruby/object:Api::Type::KeyValuePairs + name: "annotations" + description: "Client-specified annotations. This is distinct from labels." + - !ruby/object:Api::Type::Fingerprint + name: "etag" + description: | + Checksum computed by the server. + May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. + - !ruby/object:Api::Type::Time + name: "createTime" + description: | + Time the Instance was created in UTC. + output: true + - !ruby/object:Api::Type::NestedObject + name: "privateClusterConfig" + description: | + Configuration for private cluster. + properties: + - !ruby/object:Api::Type::Boolean + name: "enablePrivateEndpoint" + immutable: true + required: true + description: | + Whether Workstations endpoint is private. + - !ruby/object:Api::Type::String + name: "clusterHostname" + description: | + Hostname for the workstation cluster. + This field will be populated only when private endpoint is enabled. + To access workstations in the cluster, create a new DNS zone mapping this domain name to an internal IP address and a forwarding rule mapping that address to the service attachment. + output: true + - !ruby/object:Api::Type::String + name: "serviceAttachmentUri" + description: | + Service attachment URI for the workstation cluster. + The service attachemnt is created when private endpoint is enabled. + To access workstations in the cluster, configure access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]. + output: true + - !ruby/object:Api::Type::Array + name: "conditions" + description: |- + Status conditions describing the current resource state. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: "code" + output: true + description: |- + The status code, which should be an enum value of google.rpc.Code. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::Array + name: "details" + description: | + A list of messages that carry the error details. + item_type: Api::Type::KeyValuePairs + output: true diff --git a/mmv1/products/workstations/WorkstationConfig.yaml b/mmv1/products/workstations/WorkstationConfig.yaml new file mode 100644 index 000000000000..d7cbf8af8c73 --- /dev/null +++ b/mmv1/products/workstations/WorkstationConfig.yaml @@ -0,0 +1,288 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: "WorkstationConfig" +self_link: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}" +base_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs" +create_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs?workstationConfigId={{workstation_config_id}}" +update_verb: :PATCH +update_mask: true +min_version: beta +description: "A set of configuration options describing how a workstation will be run. Workstation configurations are intended to be shared across multiple workstations." +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + "Workstations": "https://cloud.google.com/workstations/docs/" + api: "https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters.workstationConfigs/create" +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: "name" + base_url: "{{op_id}}" + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: !ruby/object:Api::OpAsync::Result + path: "response" + status: !ruby/object:Api::OpAsync::Status + path: "done" + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: "error" + message: "message" +parameters: + - !ruby/object:Api::Type::String + name: "workstationConfigId" + required: true + immutable: true + url_param_only: true + description: | + The ID of the workstation cluster config. + - !ruby/object:Api::Type::String + name: "workstationClusterId" + required: true + immutable: true + url_param_only: true + description: | + The name of the workstation cluster. + - !ruby/object:Api::Type::String + name: "location" + immutable: true + required: true + url_param_only: true + description: | + The location where the workstation cluster config should reside. +properties: + - !ruby/object:Api::Type::String + name: "name" + output: true + description: | + Full name of this resource. + - !ruby/object:Api::Type::String + name: "uid" + output: true + description: | + The system-generated UID of the resource. + - !ruby/object:Api::Type::String + name: "displayName" + description: | + Human-readable name for this resource. + - !ruby/object:Api::Type::KeyValuePairs + name: "labels" + description: "Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources." + - !ruby/object:Api::Type::KeyValuePairs + name: "annotations" + description: "Client-specified annotations. This is distinct from labels." + - !ruby/object:Api::Type::Fingerprint + name: "etag" + description: | + Checksum computed by the server. + May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. + - !ruby/object:Api::Type::Time + name: "createTime" + description: | + Time the Instance was created in UTC. + output: true + - !ruby/object:Api::Type::NestedObject + name: "host" + description: | + Runtime host for a workstation. + immutable: true + properties: + - !ruby/object:Api::Type::NestedObject + name: "gceInstance" + description: | + Specifies a Compute Engine instance as the host. + immutable: true + properties: + - !ruby/object:Api::Type::String + name: "machineType" + immutable: true + description: |- + The name of a Compute Engine machine type. + - !ruby/object:Api::Type::String + name: "serviceAccount" + immutable: true + description: |- + Email address of the service account that will be used on VM instances used to support this config. This service account must have permission to pull the specified container image. If not set, VMs will run without a service account, in which case the image must be publicly accessible. + - !ruby/object:Api::Type::Integer + name: "poolSize" + immutable: true + description: |- + Number of instances to pool for faster workstation startup. + - !ruby/object:Api::Type::Integer + name: "bootDiskSizeGb" + immutable: true + description: |- + Size of the boot disk in GB. + - !ruby/object:Api::Type::Array + name: "tags" + item_type: Api::Type::String + immutable: true + description: | + Network tags to add to the Compute Engine machines backing the Workstations. + - !ruby/object:Api::Type::Boolean + name: "disablePublicIpAddresses" + immutable: true + description: | + Whether instances have no public IP address. + - !ruby/object:Api::Type::NestedObject + name: "shieldedInstanceConfig" + description: | + A set of Compute Engine Shielded instance options. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: "enableSecureBoot" + immutable: true + description: | + Whether the instance has Secure Boot enabled. + - !ruby/object:Api::Type::Boolean + name: "enableVtpm" + immutable: true + description: | + Whether the instance has the vTPM enabled. + - !ruby/object:Api::Type::Boolean + name: "enableIntegrityMonitoring" + immutable: true + description: | + Whether the instance has integrity monitoring enabled. + - !ruby/object:Api::Type::NestedObject + name: "confidentialInstanceConfig" + description: | + A set of Compute Engine Confidential VM instance options. + immutable: true + properties: + - !ruby/object:Api::Type::Boolean + name: "enableConfidentialCompute" + immutable: true + description: | + Whether the instance has confidential compute enabled. + - !ruby/object:Api::Type::Array + name: "persistentDirectories" + description: | + Directories to persist across workstation sessions. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::String + name: "mountPath" + description: | + Location of this directory in the running workstation. + - !ruby/object:Api::Type::NestedObject + name: "gcePd" + description: | + PersistentDirectory backed by a Compute Engine regional persistent disk. + properties: + - !ruby/object:Api::Type::String + name: "fsType" + description: | + Type of file system that the disk should be formatted with. The workstation image must support this file system type. Must be empty if sourceSnapshot is set. + - !ruby/object:Api::Type::String + name: "diskType" + description: | + Type of the disk to use. + - !ruby/object:Api::Type::Integer + name: "sizeGb" + description: |- + Size of the disk in GB. Must be empty if sourceSnapshot is set. + - !ruby/object:Api::Type::Enum + name: "reclaimPolicy" + description: | + What should happen to the disk after the workstation is deleted. Defaults to DELETE. + values: + - :RECLAIM_POLICY_UNSPECIFIED + - :DELETE + - :RETAIN + - !ruby/object:Api::Type::NestedObject + name: "container" + description: | + Container that will be run for each workstation using this configuration when that workstation is started. + properties: + - !ruby/object:Api::Type::String + name: "image" + description: | + Docker image defining the container. This image must be accessible by the config"s service account. + - !ruby/object:Api::Type::Array + name: "command" + item_type: Api::Type::String + description: | + If set, overrides the default ENTRYPOINT specified by the image. + - !ruby/object:Api::Type::Array + name: "args" + item_type: Api::Type::String + description: | + Arguments passed to the entrypoint. + - !ruby/object:Api::Type::String + name: "workingDir" + description: | + If set, overrides the default DIR specified by the image. + - !ruby/object:Api::Type::KeyValuePairs + name: "env" + description: | + Environment variables passed to the container. + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + - !ruby/object:Api::Type::Integer + name: "runAsUser" + description: | + If set, overrides the USER specified in the image with the given uid. + - !ruby/object:Api::Type::NestedObject + name: "encryptionKey" + description: | + Encrypts resources of this workstation configuration using a customer-managed encryption key. + + If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. + If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. + If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. + properties: + - !ruby/object:Api::Type::String + name: "kmsKey" + description: | + The name of the Google Cloud KMS encryption key. + required: true + - !ruby/object:Api::Type::String + name: "kmsKeyServiceAccount" + description: | + The service account to use with the specified KMS key. + required: true + - !ruby/object:Api::Type::Boolean + name: "degraded" + description: | + Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. + output: true + - !ruby/object:Api::Type::Array + name: "conditions" + description: |- + Status conditions describing the current resource state. + output: true + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Integer + name: "code" + output: true + description: |- + The status code, which should be an enum value of google.rpc.Code. + - !ruby/object:Api::Type::String + name: "message" + output: true + description: |- + Human readable message indicating details about the current status. + - !ruby/object:Api::Type::Array + name: "details" + output: true + description: | + A list of messages that carry the error details. + item_type: Api::Type::KeyValuePairs diff --git a/mmv1/products/workstations/api.yaml b/mmv1/products/workstations/api.yaml deleted file mode 100644 index 0e1499cccd80..000000000000 --- a/mmv1/products/workstations/api.yaml +++ /dev/null @@ -1,554 +0,0 @@ -# Copyright 2022 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -!ruby/object:Api::Product -name: Workstations -display_name: Workstations -versions: - - !ruby/object:Api::Product::Version - name: beta - base_url: https://workstations.googleapis.com/v1beta/ -scopes: - - https://www.googleapis.com/auth/cloud-platform -apis_required: - - !ruby/object:Api::Product::ApiReference - name: Workstations API - url: https://console.cloud.google.com/apis/library/workstations.googleapis.com -objects: - - !ruby/object:Api::Resource - name: "WorkstationCluster" - self_link: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}" - base_url: "projects/{{project}}/locations/{{location}}/workstationClusters" - create_url: "projects/{{project}}/locations/{{location}}/workstationClusters?workstationClusterId={{workstation_cluster_id}}" - update_verb: :PATCH - update_mask: true - min_version: beta - description: "A managed workstation cluster." - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Workstations": "https://cloud.google.com/workstations/docs/" - api: "https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters/create" - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: "name" - base_url: "{{op_id}}" - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 60 - update_minutes: 60 - delete_minutes: 60 - result: !ruby/object:Api::OpAsync::Result - path: "response" - status: !ruby/object:Api::OpAsync::Status - path: "done" - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: "error" - message: "message" - parameters: - - !ruby/object:Api::Type::String - name: "workstationClusterId" - required: true - input: true - url_param_only: true - description: | - The ID of the workstation cluster. - - !ruby/object:Api::Type::String - name: "location" - input: true - url_param_only: true - description: | - The location where the workstation cluster should reside. - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - The name of the cluster resource. - - !ruby/object:Api::Type::String - name: "uid" - output: true - description: | - The system-generated UID of the resource. - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: "Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources." - - !ruby/object:Api::Type::String - name: "network" - required: true - input: true - description: | - The relative resource name of the VPC network on which the instance can be accessed. - It is specified in the following form: "projects/{projectNumber}/global/networks/{network_id}". - - !ruby/object:Api::Type::String - name: "subnetwork" - required: true - input: true - description: | - Name of the Compute Engine subnetwork in which instances associated with this cluster will be created. - Must be part of the subnetwork specified for this cluster. - - !ruby/object:Api::Type::String - name: "displayName" - description: | - Human-readable name for this resource. - - !ruby/object:Api::Type::Boolean - name: "degraded" - description: | - Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. - Details can be found in the conditions field. - output: true - - !ruby/object:Api::Type::KeyValuePairs - name: "annotations" - description: "Client-specified annotations. This is distinct from labels." - - !ruby/object:Api::Type::Fingerprint - name: "etag" - description: | - Checksum computed by the server. - May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. - - !ruby/object:Api::Type::Time - name: "createTime" - description: | - Time the Instance was created in UTC. - output: true - - !ruby/object:Api::Type::NestedObject - name: "privateClusterConfig" - description: | - Configuration for private cluster. - properties: - - !ruby/object:Api::Type::Boolean - name: "enablePrivateEndpoint" - input: true - required: true - description: | - Whether Workstations endpoint is private. - - !ruby/object:Api::Type::String - name: "clusterHostname" - description: | - Hostname for the workstation cluster. - This field will be populated only when private endpoint is enabled. - To access workstations in the cluster, create a new DNS zone mapping this domain name to an internal IP address and a forwarding rule mapping that address to the service attachment. - output: true - - !ruby/object:Api::Type::String - name: "serviceAttachmentUri" - description: | - Service attachment URI for the workstation cluster. - The service attachemnt is created when private endpoint is enabled. - To access workstations in the cluster, configure access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]. - output: true - - !ruby/object:Api::Type::Array - name: "conditions" - description: |- - Status conditions describing the current resource state. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: "code" - output: true - description: |- - The status code, which should be an enum value of google.rpc.Code. - - !ruby/object:Api::Type::String - name: "message" - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::Array - name: "details" - description: | - A list of messages that carry the error details. - item_type: Api::Type::KeyValuePairs - output: true - - !ruby/object:Api::Resource - name: "WorkstationConfig" - self_link: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}" - base_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs" - create_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs?workstationConfigId={{workstation_config_id}}" - update_verb: :PATCH - update_mask: true - min_version: beta - description: "A set of configuration options describing how a workstation will be run. Workstation configurations are intended to be shared across multiple workstations." - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Workstations": "https://cloud.google.com/workstations/docs/" - api: "https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters.workstationConfigs/create" - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: "name" - base_url: "{{op_id}}" - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 30 - update_minutes: 30 - delete_minutes: 30 - result: !ruby/object:Api::OpAsync::Result - path: "response" - status: !ruby/object:Api::OpAsync::Status - path: "done" - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: "error" - message: "message" - parameters: - - !ruby/object:Api::Type::String - name: "workstationConfigId" - required: true - input: true - url_param_only: true - description: | - The ID of the workstation cluster config. - - !ruby/object:Api::Type::String - name: "workstationClusterId" - required: true - input: true - url_param_only: true - description: | - The name of the workstation cluster. - - !ruby/object:Api::Type::String - name: "location" - input: true - required: true - url_param_only: true - description: | - The location where the workstation cluster config should reside. - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - Full name of this resource. - - !ruby/object:Api::Type::String - name: "uid" - output: true - description: | - The system-generated UID of the resource. - - !ruby/object:Api::Type::String - name: "displayName" - description: | - Human-readable name for this resource. - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: "Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources." - - !ruby/object:Api::Type::KeyValuePairs - name: "annotations" - description: "Client-specified annotations. This is distinct from labels." - - !ruby/object:Api::Type::Fingerprint - name: "etag" - description: | - Checksum computed by the server. - May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. - - !ruby/object:Api::Type::Time - name: "createTime" - description: | - Time the Instance was created in UTC. - output: true - - !ruby/object:Api::Type::NestedObject - name: "host" - description: | - Runtime host for a workstation. - input: true - properties: - - !ruby/object:Api::Type::NestedObject - name: "gceInstance" - description: | - Specifies a Compute Engine instance as the host. - input: true - properties: - - !ruby/object:Api::Type::String - name: "machineType" - input: true - description: |- - The name of a Compute Engine machine type. - - !ruby/object:Api::Type::String - name: "serviceAccount" - input: true - description: |- - Email address of the service account that will be used on VM instances used to support this config. This service account must have permission to pull the specified container image. If not set, VMs will run without a service account, in which case the image must be publicly accessible. - - !ruby/object:Api::Type::Integer - name: "poolSize" - input: true - description: |- - Number of instances to pool for faster workstation startup. - - !ruby/object:Api::Type::Integer - name: "bootDiskSizeGb" - input: true - description: |- - Size of the boot disk in GB. - - !ruby/object:Api::Type::Array - name: "tags" - item_type: Api::Type::String - input: true - description: | - Network tags to add to the Compute Engine machines backing the Workstations. - - !ruby/object:Api::Type::Boolean - name: "disablePublicIpAddresses" - input: true - description: | - Whether instances have no public IP address. - - !ruby/object:Api::Type::NestedObject - name: "shieldedInstanceConfig" - description: | - A set of Compute Engine Shielded instance options. - input: true - properties: - - !ruby/object:Api::Type::Boolean - name: "enableSecureBoot" - input: true - description: | - Whether the instance has Secure Boot enabled. - - !ruby/object:Api::Type::Boolean - name: "enableVtpm" - input: true - description: | - Whether the instance has the vTPM enabled. - - !ruby/object:Api::Type::Boolean - name: "enableIntegrityMonitoring" - input: true - description: | - Whether the instance has integrity monitoring enabled. - - !ruby/object:Api::Type::NestedObject - name: "confidentialInstanceConfig" - description: | - A set of Compute Engine Confidential VM instance options. - input: true - properties: - - !ruby/object:Api::Type::Boolean - name: "enableConfidentialCompute" - input: true - description: | - Whether the instance has confidential compute enabled. - - !ruby/object:Api::Type::Array - name: "persistentDirectories" - description: | - Directories to persist across workstation sessions. - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::String - name: "mountPath" - description: | - Location of this directory in the running workstation. - - !ruby/object:Api::Type::NestedObject - name: "gcePd" - description: | - PersistentDirectory backed by a Compute Engine regional persistent disk. - properties: - - !ruby/object:Api::Type::String - name: "fsType" - description: | - Type of file system that the disk should be formatted with. The workstation image must support this file system type. Must be empty if sourceSnapshot is set. - - !ruby/object:Api::Type::String - name: "diskType" - description: | - Type of the disk to use. - - !ruby/object:Api::Type::Integer - name: "sizeGb" - description: |- - Size of the disk in GB. Must be empty if sourceSnapshot is set. - - !ruby/object:Api::Type::Enum - name: "reclaimPolicy" - description: | - What should happen to the disk after the workstation is deleted. Defaults to DELETE. - values: - - :RECLAIM_POLICY_UNSPECIFIED - - :DELETE - - :RETAIN - - !ruby/object:Api::Type::NestedObject - name: "container" - description: | - Container that will be run for each workstation using this configuration when that workstation is started. - properties: - - !ruby/object:Api::Type::String - name: "image" - description: | - Docker image defining the container. This image must be accessible by the config"s service account. - - !ruby/object:Api::Type::Array - name: "command" - item_type: Api::Type::String - description: | - If set, overrides the default ENTRYPOINT specified by the image. - - !ruby/object:Api::Type::Array - name: "args" - item_type: Api::Type::String - description: | - Arguments passed to the entrypoint. - - !ruby/object:Api::Type::String - name: "workingDir" - description: | - If set, overrides the default DIR specified by the image. - - !ruby/object:Api::Type::KeyValuePairs - name: "env" - description: | - Environment variables passed to the container. - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - - !ruby/object:Api::Type::Integer - name: "runAsUser" - description: | - If set, overrides the USER specified in the image with the given uid. - - !ruby/object:Api::Type::NestedObject - name: "encryptionKey" - description: | - Encrypts resources of this workstation configuration using a customer-managed encryption key. - - If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. - If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. - If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. - properties: - - !ruby/object:Api::Type::String - name: "kmsKey" - description: | - The name of the Google Cloud KMS encryption key. - required: true - - !ruby/object:Api::Type::String - name: "kmsKeyServiceAccount" - description: | - The service account to use with the specified KMS key. - required: true - - !ruby/object:Api::Type::Boolean - name: "degraded" - description: | - Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. - output: true - - !ruby/object:Api::Type::Array - name: "conditions" - description: |- - Status conditions describing the current resource state. - output: true - item_type: !ruby/object:Api::Type::NestedObject - properties: - - !ruby/object:Api::Type::Integer - name: "code" - output: true - description: |- - The status code, which should be an enum value of google.rpc.Code. - - !ruby/object:Api::Type::String - name: "message" - output: true - description: |- - Human readable message indicating details about the current status. - - !ruby/object:Api::Type::Array - name: "details" - output: true - description: | - A list of messages that carry the error details. - item_type: Api::Type::KeyValuePairs - - !ruby/object:Api::Resource - name: "Workstation" - self_link: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}/workstations/{{workstation_id}}" - base_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}/workstations" - create_url: "projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}/workstations?workstationId={{workstation_id}}" - update_verb: :PATCH - update_mask: true - min_version: beta - description: "A single instance of a developer workstation with its own persistent storage." - references: !ruby/object:Api::Resource::ReferenceLinks - guides: - "Workstations": "https://cloud.google.com/workstations/docs/" - api: "https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClusters.workstationConfigs.workstations" - async: !ruby/object:Api::OpAsync - operation: !ruby/object:Api::OpAsync::Operation - path: "name" - base_url: "{{op_id}}" - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 30 - update_minutes: 30 - delete_minutes: 30 - result: !ruby/object:Api::OpAsync::Result - path: "response" - status: !ruby/object:Api::OpAsync::Status - path: "done" - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: "error" - message: "message" - parameters: - - !ruby/object:Api::Type::String - name: "workstationId" - required: true - input: true - url_param_only: true - description: | - ID to use for the workstation. - - !ruby/object:Api::Type::String - name: "workstationConfigId" - required: true - input: true - url_param_only: true - description: | - The ID of the workstation cluster config. - - !ruby/object:Api::Type::String - name: "workstationClusterId" - required: true - input: true - url_param_only: true - description: | - The name of the workstation cluster. - - !ruby/object:Api::Type::String - name: "location" - input: true - required: true - url_param_only: true - description: | - The location where the workstation cluster config should reside. - properties: - - !ruby/object:Api::Type::String - name: "name" - output: true - description: | - The name of the cluster resource. - - !ruby/object:Api::Type::String - name: "uid" - output: true - description: | - The system-generated UID of the resource. - - !ruby/object:Api::Type::String - name: "displayName" - description: | - Human-readable name for this resource. - - !ruby/object:Api::Type::KeyValuePairs - name: "labels" - description: "Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources." - - !ruby/object:Api::Type::KeyValuePairs - name: "annotations" - description: "Client-specified annotations. This is distinct from labels." - - !ruby/object:Api::Type::Time - name: "createTime" - description: | - Time the Instance was created in UTC. - output: true - - !ruby/object:Api::Type::String - name: "host" - description: | - Host to which clients can send HTTPS traffic that will be received by the workstation. - Authorized traffic will be received to the workstation as HTTP on port 80. - To send traffic to a different port, clients may prefix the host with the destination port in the format "{port}-{host}". - output: true - - !ruby/object:Api::Type::Enum - name: "state" - output: true - description: | - Current state of the workstation. - values: - - :STATE_STARTING - - :STATE_RUNNING - - :STATE_STOPPING - - :STATE_STOPPED diff --git a/mmv1/products/workstations/product.yaml b/mmv1/products/workstations/product.yaml new file mode 100644 index 000000000000..fc48291520b9 --- /dev/null +++ b/mmv1/products/workstations/product.yaml @@ -0,0 +1,27 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +!ruby/object:Api::Product +name: Workstations +display_name: Workstations +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://workstations.googleapis.com/v1beta/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Workstations API + url: https://console.cloud.google.com/apis/library/workstations.googleapis.com diff --git a/mmv1/products/workstations/terraform.yaml b/mmv1/products/workstations/terraform.yaml index fa966c7473f8..7e68819c8f7f 100644 --- a/mmv1/products/workstations/terraform.yaml +++ b/mmv1/products/workstations/terraform.yaml @@ -50,6 +50,9 @@ overrides: !ruby/object:Overrides::ResourceOverrides host.gceInstance.bootDiskSizeGb: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true + host.gceInstance.serviceAccount: + !ruby/object:Overrides::Terraform::PropertyOverride + default_from_api: true host.gceInstance.machineType: !ruby/object:Overrides::Terraform::PropertyOverride default_from_api: true diff --git a/mmv1/provider/terraform.rb b/mmv1/provider/terraform.rb index 796697aacac1..ac71ed97848d 100644 --- a/mmv1/provider/terraform.rb +++ b/mmv1/provider/terraform.rb @@ -90,12 +90,13 @@ def tf_types end def updatable?(resource, properties) - !resource.input || !properties.reject { |p| p.update_url.nil? }.empty? + !resource.immutable || !properties.reject { |p| p.update_url.nil? }.empty? end def force_new?(property, resource) !property.output && - (property.input || (resource.input && property.update_url.nil? && property.input.nil? && + (property.immutable || (resource.immutable && property.update_url.nil? && + property.immutable.nil? && (property.parent.nil? || force_new?(property.parent, resource)))) end diff --git a/mmv1/provider/terraform_kcc.rb b/mmv1/provider/terraform_kcc.rb index daa10cb72176..bc1a29949af8 100644 --- a/mmv1/provider/terraform_kcc.rb +++ b/mmv1/provider/terraform_kcc.rb @@ -87,8 +87,10 @@ def copy_common_files(output_folder, generate_code, generate_docs) end def guess_metadata_mapping_name(object) # Split the last import format by '/' and take the last part. Then use # the regex to verify if it is a value field in the format of {{value}}. - last_import_part = - import_id_formats_from_resource(object)[-1].split('/')[-1].scan(/{{[[:word:]]+}}/) + last_import_part = import_id_formats_from_resource(object)[-1] + .gsub('%', '') + .split('/')[-1] + .scan(/{{[[:word:]]+}}/) # If it is a value field, the length of last_import_part will be 1; # otherwise it'll be 0. # Remove '{{' and '}}' and only return the field name. diff --git a/mmv1/templates/terraform/constants/data_fusion_instance_option.go.erb b/mmv1/templates/terraform/constants/data_fusion_instance_option.go.erb new file mode 100644 index 000000000000..ede5560480b8 --- /dev/null +++ b/mmv1/templates/terraform/constants/data_fusion_instance_option.go.erb @@ -0,0 +1,21 @@ +var instanceAcceleratorOptions = []string{ + "delta.default.checkpoint.directory", + "ui.feature.cdc", +} + +func instanceOptionsDiffSuppress(k, old, new string, d *schema.ResourceData) bool { + // Suppress diffs for the options generated by adding an accelerator to a data fusion instance + for _, option := range instanceAcceleratorOptions { + if strings.Contains(k, option) && new == "" { + return true + } + } + + // Let diff be determined by options (above) + if strings.Contains(k, "options.%") { + return true + } + + // For other keys, don't suppress diff. + return false +} \ No newline at end of file diff --git a/mmv1/templates/terraform/constants/datastream_stream.go.erb b/mmv1/templates/terraform/constants/datastream_stream.go.erb index 7f4cebc715dc..58ce5dd546de 100644 --- a/mmv1/templates/terraform/constants/datastream_stream.go.erb +++ b/mmv1/templates/terraform/constants/datastream_stream.go.erb @@ -63,4 +63,19 @@ func waitForDatastreamStreamReady(d *schema.ResourceData, config *Config, timeou } }) } + +func resourceDatastreamStreamDatabaseIdDiffSuppress(_, old, new string, _ *schema.ResourceData) bool { + re := regexp.MustCompile(`projects/(.+)/datasets/([^\.\?\#]+)`) + paths := re.FindStringSubmatch(new) + + // db returns value in form : + if len(paths) == 3 { + project := paths[1] + datasetId := paths[2] + new = fmt.Sprintf("%s:%s", project, datasetId) + } + + return old == new +} + <% end -%> diff --git a/mmv1/templates/terraform/custom_expand/datastream_stream_dataset_id.go.erb b/mmv1/templates/terraform/custom_expand/datastream_stream_dataset_id.go.erb new file mode 100644 index 000000000000..504d9eeb9de9 --- /dev/null +++ b/mmv1/templates/terraform/custom_expand/datastream_stream_dataset_id.go.erb @@ -0,0 +1,26 @@ +<%# # the license inside this if block pertains to this file + # Copyright 2023 Google Inc. + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +#%> +func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + s := v.(string) + re := regexp.MustCompile(`projects/(.+)/datasets/([^\.\?\#]+)`) + paths := re.FindStringSubmatch(s) + if len(paths) == 3 { + project := paths[1] + datasetId := paths[2] + return fmt.Sprintf("%s:%s", project, datasetId), nil + } + + return s, nil +} diff --git a/mmv1/templates/terraform/custom_expand/privateca_certificate_509_config.go.erb b/mmv1/templates/terraform/custom_expand/privateca_certificate_509_config.go.erb index 4082eb6e0e68..ae5c0fbfce3a 100644 --- a/mmv1/templates/terraform/custom_expand/privateca_certificate_509_config.go.erb +++ b/mmv1/templates/terraform/custom_expand/privateca_certificate_509_config.go.erb @@ -44,5 +44,10 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d T } transformed["additionalExtensions"] = addExts + nameConstraints, err := expandPrivatecaCertificateConfigX509ConfigNameConstraints(original["name_constraints"], d, config) + if err != nil { + return nil, err + } + transformed["nameConstraints"] = nameConstraints return transformed, nil } diff --git a/mmv1/templates/terraform/custom_flatten/certificate_manager_certificate_managed_dns_auth.go.erb b/mmv1/templates/terraform/custom_flatten/certificate_manager_certificate_managed_dns_auth.go.erb deleted file mode 100644 index 9ef7931f054b..000000000000 --- a/mmv1/templates/terraform/custom_flatten/certificate_manager_certificate_managed_dns_auth.go.erb +++ /dev/null @@ -1,17 +0,0 @@ -<%# The license inside this block applies to this file. - # Copyright 2021 Google Inc. - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. --%> -func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *Config) interface{} { - return d.Get("managed.0.dns_authorizations") -} diff --git a/mmv1/templates/terraform/custom_flatten/privateca_certificate_509_config.go.erb b/mmv1/templates/terraform/custom_flatten/privateca_certificate_509_config.go.erb index 81ccb1a33dda..eeee33e9eff9 100644 --- a/mmv1/templates/terraform/custom_flatten/privateca_certificate_509_config.go.erb +++ b/mmv1/templates/terraform/custom_flatten/privateca_certificate_509_config.go.erb @@ -14,5 +14,7 @@ func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d flattenPrivatecaCertificateConfigX509ConfigCaOptions(original["caOptions"], d, config) transformed["key_usage"] = flattenPrivatecaCertificateConfigX509ConfigKeyUsage(original["keyUsage"], d, config) + transformed["name_constraints"] = + flattenPrivatecaCertificateConfigX509ConfigNameConstraints(original["nameConstraints"], d, config) return []interface{}{transformed} } diff --git a/mmv1/templates/terraform/examples/access_context_manager_authorized_orgs_desc_basic.tf.erb b/mmv1/templates/terraform/examples/access_context_manager_authorized_orgs_desc_basic.tf.erb new file mode 100644 index 000000000000..4158f7b60b00 --- /dev/null +++ b/mmv1/templates/terraform/examples/access_context_manager_authorized_orgs_desc_basic.tf.erb @@ -0,0 +1,13 @@ +resource "google_access_context_manager_authorized_orgs_desc" "<%= ctx[:primary_resource_id] %>" { + parent = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/authorizedOrgsDescs/fakeDescName" + authorization_type = "AUTHORIZATION_TYPE_TRUST" + asset_type = "ASSET_TYPE_CREDENTIAL_STRENGTH" + authorization_direction = "AUTHORIZATION_DIRECTION_TO" + orgs = ["organizations/12345", "organizations/98765"] +} + +resource "google_access_context_manager_access_policy" "test-access" { + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" + title = "my policy" +} diff --git a/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb b/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb index 2be6dfea1de0..caedf28e80c7 100644 --- a/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb +++ b/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb @@ -1,5 +1,4 @@ resource "google_bigquery_datapolicy_data_policy" "<%= ctx[:primary_resource_id] %>" { - provider = google-beta location = "us-central1" data_policy_id = "<%= ctx[:vars]['data_policy_id'] %>" policy_tag = google_data_catalog_policy_tag.policy_tag.name @@ -7,14 +6,12 @@ resource "google_bigquery_datapolicy_data_policy" "<%= ctx[:primary_resource_id] } resource "google_data_catalog_policy_tag" "policy_tag" { - provider = google-beta taxonomy = google_data_catalog_taxonomy.taxonomy.id display_name = "Low security" description = "A policy tag normally associated with low security items" } resource "google_data_catalog_taxonomy" "taxonomy" { - provider = google-beta region = "us-central1" display_name = "<%= ctx[:vars]['taxonomy'] %>" description = "A collection of policy tags" diff --git a/mmv1/templates/terraform/examples/data_fusion_instance_full.tf.erb b/mmv1/templates/terraform/examples/data_fusion_instance_full.tf.erb index 44daa5eb109e..44e3bee0a2c2 100644 --- a/mmv1/templates/terraform/examples/data_fusion_instance_full.tf.erb +++ b/mmv1/templates/terraform/examples/data_fusion_instance_full.tf.erb @@ -18,6 +18,10 @@ resource "google_data_fusion_instance" "<%= ctx[:primary_resource_id] %>" { ip_allocation = "${google_compute_global_address.private_ip_alloc.address}/${google_compute_global_address.private_ip_alloc.prefix_length}" } + accelerators { + accelerator_type = "CDC" + state = "ENABLED" + } <%= ctx[:vars]['prober_test_run'] %> } diff --git a/mmv1/templates/terraform/examples/datastream_stream_postgresql_bigquery_dataset_id.tf.erb b/mmv1/templates/terraform/examples/datastream_stream_postgresql_bigquery_dataset_id.tf.erb new file mode 100644 index 000000000000..cfbc21d7252c --- /dev/null +++ b/mmv1/templates/terraform/examples/datastream_stream_postgresql_bigquery_dataset_id.tf.erb @@ -0,0 +1,106 @@ + +resource "google_bigquery_dataset" "postgres" { + dataset_id = "postgres%{random_suffix}" + friendly_name = "postgres" + description = "Database of postgres" + location = "us-central1" +} + +resource "google_datastream_stream" "default" { + display_name = "postgres to bigQuery" + location = "us-central1" + stream_id = "postgres-to-big-query%{random_suffix}" + + source_config { + source_connection_profile = google_datastream_connection_profile.source_connection_profile.id + mysql_source_config {} + } + + destination_config { + destination_connection_profile = google_datastream_connection_profile.destination_connection_profile2.id + bigquery_destination_config { + data_freshness = "900s" + single_target_dataset { + dataset_id = google_bigquery_dataset.postgres.id + } + } + } + + backfill_all { + } + +} + +resource "google_datastream_connection_profile" "destination_connection_profile2" { + display_name = "Connection profile" + location = "us-central1" + connection_profile_id = "tf-test-destination-profile%{random_suffix}" + bigquery_profile {} +} + +resource "google_sql_database_instance" "instance" { + name = "tf-test-my-instance%{random_suffix}" + database_version = "MYSQL_8_0" + region = "us-central1" + settings { + tier = "db-f1-micro" + backup_configuration { + enabled = true + binary_log_enabled = true + } + + ip_configuration { + // Datastream IPs will vary by region. + authorized_networks { + value = "34.71.242.81" + } + + authorized_networks { + value = "34.72.28.29" + } + + authorized_networks { + value = "34.67.6.157" + } + + authorized_networks { + value = "34.67.234.134" + } + + authorized_networks { + value = "34.72.239.218" + } + } + } + + deletion_protection = false +} + +resource "google_sql_database" "db" { + instance = google_sql_database_instance.instance.name + name = "db" +} + +resource "random_password" "pwd" { + length = 16 + special = false +} + +resource "google_sql_user" "user" { + name = "user%{random_suffix}" + instance = google_sql_database_instance.instance.name + host = "%" + password = random_password.pwd.result +} + +resource "google_datastream_connection_profile" "source_connection_profile" { + display_name = "Source connection profile" + location = "us-central1" + connection_profile_id = "tf-test-source-profile%{random_suffix}" + + mysql_profile { + hostname = google_sql_database_instance.instance.public_ip_address + username = google_sql_user.user.name + password = google_sql_user.user.password + } +} diff --git a/mmv1/templates/terraform/examples/privateca_capool_all_fields.tf.erb b/mmv1/templates/terraform/examples/privateca_capool_all_fields.tf.erb index bb2312c26d9a..2affa2c3991a 100644 --- a/mmv1/templates/terraform/examples/privateca_capool_all_fields.tf.erb +++ b/mmv1/templates/terraform/examples/privateca_capool_all_fields.tf.erb @@ -73,6 +73,17 @@ resource "google_privateca_ca_pool" "<%= ctx[:primary_resource_id] %>" { time_stamping = true } } + name_constraints { + critical = true + permitted_dns_names = ["*.example1.com", "*.example2.com"] + excluded_dns_names = ["*.deny.example1.com", "*.deny.example2.com"] + permitted_ip_ranges = ["10.0.0.0/8", "11.0.0.0/8"] + excluded_ip_ranges = ["10.1.1.0/24", "11.1.1.0/24"] + permitted_email_addresses = [".example1.com", ".example2.com"] + excluded_email_addresses = [".deny.example1.com", ".deny.example2.com"] + permitted_uris = [".example1.com", ".example2.com"] + excluded_uris = [".deny.example1.com", ".deny.example2.com"] + } } } } diff --git a/mmv1/templates/terraform/examples/privateca_certificate_authority_byo_key.tf.erb b/mmv1/templates/terraform/examples/privateca_certificate_authority_byo_key.tf.erb index 97745a698cfb..1db78f99f431 100644 --- a/mmv1/templates/terraform/examples/privateca_certificate_authority_byo_key.tf.erb +++ b/mmv1/templates/terraform/examples/privateca_certificate_authority_byo_key.tf.erb @@ -54,6 +54,17 @@ resource "google_privateca_certificate_authority" "<%= ctx[:primary_resource_id] server_auth = false } } + name_constraints { + critical = true + permitted_dns_names = ["*.example.com"] + excluded_dns_names = ["*.deny.example.com"] + permitted_ip_ranges = ["10.0.0.0/8"] + excluded_ip_ranges = ["10.1.1.0/24"] + permitted_email_addresses = [".example.com"] + excluded_email_addresses = [".deny.example.com"] + permitted_uris = [".example.com"] + excluded_uris = [".deny.example.com"] + } } } diff --git a/mmv1/templates/terraform/examples/privateca_certificate_config.tf.erb b/mmv1/templates/terraform/examples/privateca_certificate_config.tf.erb index c8dabc5c4ea4..f01870f48b34 100644 --- a/mmv1/templates/terraform/examples/privateca_certificate_config.tf.erb +++ b/mmv1/templates/terraform/examples/privateca_certificate_config.tf.erb @@ -48,7 +48,7 @@ resource "google_privateca_certificate" "<%= ctx[:primary_resource_id] %>" { location = "us-central1" pool = google_privateca_ca_pool.default.name certificate_authority = google_privateca_certificate_authority.default.certificate_authority_id - lifetime = "860s" + lifetime = "86000s" name = "<%= ctx[:vars]["certificate_name"] %>" config { subject_config { @@ -69,7 +69,7 @@ resource "google_privateca_certificate" "<%= ctx[:primary_resource_id] %>" { } x509_config { ca_options { - is_ca = false + is_ca = true } key_usage { base_key_usage { @@ -80,6 +80,17 @@ resource "google_privateca_certificate" "<%= ctx[:primary_resource_id] %>" { server_auth = false } } + name_constraints { + critical = true + permitted_dns_names = ["*.example.com"] + excluded_dns_names = ["*.deny.example.com"] + permitted_ip_ranges = ["10.0.0.0/8"] + excluded_ip_ranges = ["10.1.1.0/24"] + permitted_email_addresses = [".example.com"] + excluded_email_addresses = [".deny.example.com"] + permitted_uris = [".example.com"] + excluded_uris = [".deny.example.com"] + } } public_key { format = "PEM" diff --git a/mmv1/templates/terraform/examples/pubsub_subscription_push_bq.tf.erb b/mmv1/templates/terraform/examples/pubsub_subscription_push_bq.tf.erb index f6695f22aae4..9bc5915278d4 100644 --- a/mmv1/templates/terraform/examples/pubsub_subscription_push_bq.tf.erb +++ b/mmv1/templates/terraform/examples/pubsub_subscription_push_bq.tf.erb @@ -7,7 +7,7 @@ resource "google_pubsub_subscription" "<%= ctx[:primary_resource_id] %>" { topic = google_pubsub_topic.<%= ctx[:primary_resource_id] %>.name bigquery_config { - table = "${google_bigquery_table.test.project}:${google_bigquery_table.test.dataset_id}.${google_bigquery_table.test.table_id}" + table = "${google_bigquery_table.test.project}.${google_bigquery_table.test.dataset_id}.${google_bigquery_table.test.table_id}" } depends_on = [google_project_iam_member.viewer, google_project_iam_member.editor] diff --git a/mmv1/templates/terraform/examples/workstation_config_encryption_key.tf.erb b/mmv1/templates/terraform/examples/workstation_config_encryption_key.tf.erb index c600de7a5532..c734fe83ca01 100644 --- a/mmv1/templates/terraform/examples/workstation_config_encryption_key.tf.erb +++ b/mmv1/templates/terraform/examples/workstation_config_encryption_key.tf.erb @@ -37,7 +37,6 @@ resource "google_kms_key_ring" "default" { resource "google_kms_crypto_key" "default" { name = "<%= ctx[:vars]['workstation_cluster_name'] %>" key_ring = google_kms_key_ring.default.id - rotation_period = "100000s" provider = google-beta } diff --git a/mmv1/templates/terraform/post_create/sleep_2_min.go.erb b/mmv1/templates/terraform/post_create/sleep_2_min.go.erb new file mode 100644 index 000000000000..df48ca805713 --- /dev/null +++ b/mmv1/templates/terraform/post_create/sleep_2_min.go.erb @@ -0,0 +1,4 @@ +// This is useful if the resource in question doesn't have a perfectly consistent API +// That is, the Operation for Create might return before the Get operation shows the +// completed state of the resource. +time.Sleep(2 * time.Minute) diff --git a/mmv1/templates/terraform/resource.erb b/mmv1/templates/terraform/resource.erb index ef83b4e10df1..900c767b40ca 100644 --- a/mmv1/templates/terraform/resource.erb +++ b/mmv1/templates/terraform/resource.erb @@ -48,7 +48,7 @@ import ( resource_name = product_ns + object.name properties = object.all_user_properties update_body_properties = properties_without_custom_update(object.settable_properties) - update_body_properties = update_body_properties.reject(&:input) if object.update_verb == :PATCH + update_body_properties = update_body_properties.reject(&:immutable) if object.update_verb == :PATCH # Handwritten TF Operation objects will be shaped like accessContextManager while the Google Go Client will have a name like accesscontextmanager client_name = @config.client_name || product_ns client_name_camel = client_name.camelize(:lower) @@ -598,7 +598,7 @@ func resource<%= resource_name -%>Update(d *schema.ResourceData, meta interface{ <% end -%> -<% if !object.input -%> +<% if !object.immutable -%> obj := make(map[string]interface{}) <% update_body_properties.each do |prop| -%> <%# flattened objects won't have something stored in state so instead nil is passed to the next expander. -%> @@ -700,7 +700,7 @@ if len(updateMask) > 0 { <% if object.update_mask && field_specific_update_methods(object.root_properties) -%> } <% end -%> -<% end # if !object.input -%> +<% end # if !object.immutable -%> <% if field_specific_update_methods(object.root_properties) -%> d.Partial(true) diff --git a/mmv1/third_party/terraform/data_sources/data_source_google_firebase_android_app.go.erb b/mmv1/third_party/terraform/data_sources/data_source_google_firebase_android_app.go.erb index 0d03ca553d4c..18d46f8a4dd5 100644 --- a/mmv1/third_party/terraform/data_sources/data_source_google_firebase_android_app.go.erb +++ b/mmv1/third_party/terraform/data_sources/data_source_google_firebase_android_app.go.erb @@ -14,6 +14,9 @@ func DataSourceGoogleFirebaseAndroidApp() *schema.Resource { // Set 'Required' schema elements addRequiredFieldsToSchema(dsSchema, "app_id") + // Allow specifying a project + addOptionalFieldsToSchema(dsSchema, "project") + return &schema.Resource{ Read: dataSourceGoogleFirebaseAndroidAppRead, Schema: dsSchema, diff --git a/mmv1/third_party/terraform/data_sources/data_source_google_firebase_apple_app.go.erb b/mmv1/third_party/terraform/data_sources/data_source_google_firebase_apple_app.go.erb index 75d6bcdf8aae..3c774eaa78c4 100644 --- a/mmv1/third_party/terraform/data_sources/data_source_google_firebase_apple_app.go.erb +++ b/mmv1/third_party/terraform/data_sources/data_source_google_firebase_apple_app.go.erb @@ -14,6 +14,9 @@ func DataSourceGoogleFirebaseAppleApp() *schema.Resource { // Set 'Required' schema elements addRequiredFieldsToSchema(dsSchema, "app_id") + // Allow specifying a project + addOptionalFieldsToSchema(dsSchema, "project") + return &schema.Resource{ Read: dataSourceGoogleFirebaseAppleAppRead, Schema: dsSchema, diff --git a/mmv1/third_party/terraform/data_sources/data_source_google_firebase_web_app.go.erb b/mmv1/third_party/terraform/data_sources/data_source_google_firebase_web_app.go.erb index 10127a8cf157..946bdabd5f99 100644 --- a/mmv1/third_party/terraform/data_sources/data_source_google_firebase_web_app.go.erb +++ b/mmv1/third_party/terraform/data_sources/data_source_google_firebase_web_app.go.erb @@ -14,6 +14,9 @@ func DataSourceGoogleFirebaseWebApp() *schema.Resource { // Set 'Required' schema elements addRequiredFieldsToSchema(dsSchema, "app_id") + // Allow specifying a project + addOptionalFieldsToSchema(dsSchema, "project") + return &schema.Resource{ Read: dataSourceGoogleFirebaseWebAppRead, Schema: dsSchema, diff --git a/mmv1/third_party/terraform/resources/resource_apigee_flowhook.go b/mmv1/third_party/terraform/resources/resource_apigee_flowhook.go new file mode 100644 index 000000000000..5a406b27f8e5 --- /dev/null +++ b/mmv1/third_party/terraform/resources/resource_apigee_flowhook.go @@ -0,0 +1,240 @@ +package google + +import ( + "fmt" + "log" + "reflect" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func ResourceApigeeFlowhook() *schema.Resource { + return &schema.Resource{ + Create: resourceApigeeFlowhookCreate, + Read: resourceApigeeFlowhookRead, + Delete: resourceApigeeFlowhookDelete, + + Importer: &schema.ResourceImporter{ + State: resourceApigeeFlowhookImport, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(20 * time.Minute), + Delete: schema.DefaultTimeout(20 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "description": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `Description of the flow hook.`, + }, + "environment": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The resource ID of the environment.`, + }, + "flow_hook_point": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.`, + }, + "org_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The Apigee Organization associated with the environment`, + }, + "sharedflow": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Id of the Sharedflow attaching to a flowhook point.`, + }, + "continue_on_error": { + Type: schema.TypeBool, + ForceNew: true, + Optional: true, + Default: true, + Description: `Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.`, + }, + }, + UseJSONNumber: true, + } +} + +func resourceApigeeFlowhookCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + descriptionProp, err := expandApigeeFlowhookDescription(d.Get("description"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("description"); !isEmptyValue(reflect.ValueOf(descriptionProp)) && (ok || !reflect.DeepEqual(v, descriptionProp)) { + obj["description"] = descriptionProp + } + sharedflowProp, err := expandApigeeFlowhookSharedflow(d.Get("sharedflow"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("sharedflow"); !isEmptyValue(reflect.ValueOf(sharedflowProp)) && (ok || !reflect.DeepEqual(v, sharedflowProp)) { + obj["sharedFlow"] = sharedflowProp + } + continue_on_errorProp, err := expandApigeeFlowhookContinueOnError(d.Get("continue_on_error"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("continue_on_error"); !isEmptyValue(reflect.ValueOf(continue_on_errorProp)) && (ok || !reflect.DeepEqual(v, continue_on_errorProp)) { + obj["continueOnError"] = continue_on_errorProp + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Creating new Flowhook: %#v", obj) + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "PUT", billingProject, url, userAgent, obj, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return fmt.Errorf("Error creating Flowhook: %s", err) + } + + // Store the ID now + id, err := replaceVars(d, config, "organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + log.Printf("[DEBUG] Finished creating Flowhook %q: %#v", d.Id(), res) + + return resourceApigeeFlowhookRead(d, meta) +} + +func resourceApigeeFlowhookRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}") + if err != nil { + return err + } + + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequest(config, "GET", billingProject, url, userAgent, nil) + if err != nil { + return handleNotFoundError(err, d, fmt.Sprintf("ApigeeFlowhook %q", d.Id())) + } + if res["sharedFlow"] == nil || res["sharedFlow"].(string) == "" { + //if response does not contain shared_flow field, then nothing is attached to this flowhook, we treat this "binding" resource non-existent + d.SetId("") + return nil + } + if err := d.Set("description", flattenApigeeFlowhookDescription(res["description"], d, config)); err != nil { + return fmt.Errorf("Error reading Flowhook: %s", err) + } + if err := d.Set("sharedflow", flattenApigeeFlowhookSharedflow(res["sharedFlow"], d, config)); err != nil { + return fmt.Errorf("Error reading Flowhook: %s", err) + } + if err := d.Set("continue_on_error", flattenApigeeFlowhookContinueOnError(res["continueOnError"], d, config)); err != nil { + return fmt.Errorf("Error reading Flowhook: %s", err) + } + + return nil +} + +func resourceApigeeFlowhookDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}") + if err != nil { + return err + } + + var obj map[string]interface{} + log.Printf("[DEBUG] Deleting Flowhook %q", d.Id()) + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "DELETE", billingProject, url, userAgent, obj, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return handleNotFoundError(err, d, "Flowhook") + } + + log.Printf("[DEBUG] Finished deleting Flowhook %q: %#v", d.Id(), res) + return nil +} + +func resourceApigeeFlowhookImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*Config) + if err := parseImportId([]string{ + "organizations/(?P[^/]+)/environments/(?P[^/]+)/flowhooks/(?P[^/]+)", + "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := replaceVars(d, config, "organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenApigeeFlowhookDescription(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeFlowhookSharedflow(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeFlowhookContinueOnError(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func expandApigeeFlowhookDescription(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeFlowhookSharedflow(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandApigeeFlowhookContinueOnError(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} diff --git a/mmv1/third_party/terraform/resources/resource_apigee_sharedflow.go b/mmv1/third_party/terraform/resources/resource_apigee_sharedflow.go new file mode 100644 index 000000000000..e0c136552d0f --- /dev/null +++ b/mmv1/third_party/terraform/resources/resource_apigee_sharedflow.go @@ -0,0 +1,460 @@ +// ---------------------------------------------------------------------------- +// +// This file is partially automatically generated by Magic Modules and with manual +// changes to resourceApigeeSharedFlowCreate +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "context" + "encoding/json" + "fmt" + "io" + "log" + "net/http" + "os" + "time" + + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "google.golang.org/api/googleapi" +) + +func ResourceApigeeSharedFlow() *schema.Resource { + return &schema.Resource{ + Create: resourceApigeeSharedFlowCreate, + Read: resourceApigeeSharedFlowRead, + Update: resourceApigeeSharedFlowUpdate, + Delete: resourceApigeeSharedFlowDelete, + + Importer: &schema.ResourceImporter{ + State: resourceApigeeSharedFlowImport, + }, + + CustomizeDiff: customdiff.All( + /* + If any of the config_bundle, detect_md5hash or md5hash is changed, + then an update is expected, so we tell Terraform core to expect update on meta_data, + latest_revision_id and revision + */ + + customdiff.ComputedIf("meta_data", apigeeSharedflowDetectBundleUpdate), + customdiff.ComputedIf("latest_revision_id", apigeeSharedflowDetectBundleUpdate), + customdiff.ComputedIf("revision", apigeeSharedflowDetectBundleUpdate), + ), + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(20 * time.Minute), + Update: schema.DefaultTimeout(20 * time.Minute), + Delete: schema.DefaultTimeout(20 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The ID of the shared flow.`, + }, + "org_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The Apigee Organization associated with the Apigee instance, +in the format 'organizations/{{org_name}}'.`, + }, + "latest_revision_id": { + Type: schema.TypeString, + Computed: true, + Description: `The id of the most recently created revision for this shared flow.`, + }, + "meta_data": { + Type: schema.TypeList, + Computed: true, + Description: `Metadata describing the shared flow.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "created_at": { + Type: schema.TypeString, + Computed: true, + Description: `Time at which the API proxy was created, in milliseconds since epoch.`, + }, + "last_modified_at": { + Type: schema.TypeString, + Computed: true, + Description: `Time at which the API proxy was most recently modified, in milliseconds since epoch.`, + }, + "sub_type": { + Type: schema.TypeString, + Computed: true, + Description: `The type of entity described`, + }, + }, + }, + }, + "revision": { + Type: schema.TypeList, + Computed: true, + Description: `A list of revisions of this shared flow.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "config_bundle": { + Type: schema.TypeString, + Required: true, + Description: `A path to the config bundle zip you want to upload. Must be defined if content is not.`, + }, + "md5hash": { + Type: schema.TypeString, + Computed: true, + Description: `Base 64 MD5 hash of the uploaded config bundle.`, + }, + "detect_md5hash": { + Type: schema.TypeString, + Optional: true, + Default: "Different Hash", + Description: `A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.`, + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + localMd5Hash := "" + if config_bundle, ok := d.GetOkExists("config_bundle"); ok { + localMd5Hash = getFileMd5Hash(config_bundle.(string)) + } + if localMd5Hash == "" { + return false + } + + // `old` is the md5 hash we speculated from server responses, + // when apply responded with succeed, hash is set to the hash of uploaded bundle + if old != localMd5Hash { + return false + } + + return true + }, + }, + }, + UseJSONNumber: true, + } +} + +func resourceApigeeSharedFlowCreate(d *schema.ResourceData, meta interface{}) error { + ctx := context.TODO() + tflog.Info(ctx, "resourceApigeeSharedFlowCreate") + log.Printf("[DEBUG] resourceApigeeSharedFlowCreate") + + log.Printf("[DEBUG] resourceApigeeSharedFlowCreate, name= %s", d.Get("name").(string)) + log.Printf("[DEBUG] resourceApigeeSharedFlowCreate, org_id=, %s", d.Get("org_id").(string)) + log.Printf("[DEBUG] resourceApigeeSharedFlowCreate, config_bundle=, %s", d.Get("config_bundle").(string)) + + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + var file *os.File + var localMd5Hash string + if configBundlePath, ok := d.GetOk("config_bundle"); ok { + var err error + file, err = os.Open(configBundlePath.(string)) + if err != nil { + return err + } + localMd5Hash = getFileMd5Hash(configBundlePath.(string)) + } else { + return fmt.Errorf("Error, \"config_bundle\" must be specified") + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/sharedflows?name={{name}}&action=import") + if err != nil { + return err + } + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + log.Printf("[DEBUG] resourceApigeeSharedFlowCreate, url=, %s", url) + res, err := sendRequestRawBodyWithTimeout(config, "POST", billingProject, url, userAgent, file, "application/octet-stream", d.Timeout(schema.TimeoutCreate)) + + log.Printf("[DEBUG] sendRequestRawBodyWithTimeout Done") + if err != nil { + return fmt.Errorf("Error creating SharedFlow: %s", err) + } + + // Store the ID now + id, err := replaceVars(d, config, "organizations/{{org_id}}/sharedflows/{{name}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + log.Printf("[DEBUG] create d.SetId done, id = %s", id) + + log.Printf("[DEBUG] Finished creating SharedFlow %q: %#v", d.Id(), res) + + if resourceApigeeSharedFlowRead(d, meta) != nil { + return fmt.Errorf("Error reading SharedFlow at end of Create: %s", err) + } + d.Set("md5hash", localMd5Hash) + d.Set("detect_md5hash", localMd5Hash) + return nil +} + +func resourceApigeeSharedFlowUpdate(d *schema.ResourceData, meta interface{}) error { + //For how sharedflow api is implemented, just treat an update as create, when the name is same, it will create a new revision + return resourceApigeeSharedFlowCreate(d, meta) +} + +func resourceApigeeSharedFlowRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/sharedflows/{{name}}") + if err != nil { + return err + } + log.Printf("[DEBUG] sharedflow read url is: %s", url) + + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + log.Printf("[DEBUG] resourceApigeeSharedFlowRead sendRequest") + log.Printf("[DEBUG] resourceApigeeSharedFlowRead, url=, %s", url) + res, err := SendRequest(config, "GET", billingProject, url, userAgent, nil) + if err != nil { + return handleNotFoundError(err, d, fmt.Sprintf("ApigeeSharedFlow %q", d.Id())) + } + log.Printf("[DEBUG] resourceApigeeSharedFlowRead sendRequest completed") + previousLastModifiedAt := getApigeeSharedFlowLastModifiedAt(d) + if err := d.Set("meta_data", flattenApigeeSharedFlowMetaData(res["metaData"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedFlow: %s", err) + } + currentLastModifiedAt := getApigeeSharedFlowLastModifiedAt(d) + if err := d.Set("name", flattenApigeeSharedFlowName(res["name"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedFlow: %s", err) + } + if err := d.Set("revision", flattenApigeeSharedFlowRevision(res["revision"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedFlow: %s", err) + } + if err := d.Set("latest_revision_id", flattenApigeeSharedFlowLatestRevisionId(res["latestRevisionId"], d, config)); err != nil { + return fmt.Errorf("Error reading SharedFlow: %s", err) + } + + //setting hash to suggest update + if previousLastModifiedAt != currentLastModifiedAt { + d.Set("md5hash", "UNKNOWN") + d.Set("detect_md5hash", "UNKNOWN") + } + return nil +} + +func getApigeeSharedFlowLastModifiedAt(d *schema.ResourceData) string { + + metaDataRaw := d.Get("meta_data").([]interface{}) + if len(metaDataRaw) != 1 { + //in Terraform Schema, a nest in object is implemented as an array of length one, even if it's technically an object + return "UNKNOWN" + } + metaData := metaDataRaw[0].(map[string]interface{}) + if metaData == nil { + return "UNKNOWN" + } + lastModifiedAt := metaData["last_modified_at"].(string) + if lastModifiedAt == "" { + return "UNKNOWN" + } + return lastModifiedAt +} + +func resourceApigeeSharedFlowDelete(d *schema.ResourceData, meta interface{}) error { + log.Printf("[DEBUG] resourceApigeeSharedFlowDelete") + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/sharedflows/{{name}}") + if err != nil { + return err + } + + var obj map[string]interface{} + log.Printf("[DEBUG] Deleting SharedFlow %q", d.Id()) + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "DELETE", billingProject, url, userAgent, obj, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return handleNotFoundError(err, d, "SharedFlow") + } + + log.Printf("[DEBUG] Finished deleting SharedFlow %q: %#v", d.Id(), res) + return nil +} + +func resourceApigeeSharedFlowImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*Config) + if err := parseImportId([]string{ + "organizations/(?P[^/]+)/sharedflows/(?P[^/]+)", + "(?P[^/]+)/(?P[^/]+)", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := replaceVars(d, config, "organizations/{{org_id}}/sharedflows/{{name}}") + + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + log.Printf("[DEBUG] resourceApigeeSharedFlowImport, id= %s", id) + + return []*schema.ResourceData{d}, nil +} + +func flattenApigeeSharedFlowMetaData(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["created_at"] = + flattenApigeeSharedFlowMetaDataCreatedAt(original["createdAt"], d, config) + transformed["last_modified_at"] = + flattenApigeeSharedFlowMetaDataLastModifiedAt(original["lastModifiedAt"], d, config) + transformed["sub_type"] = + flattenApigeeSharedFlowMetaDataSubType(original["subType"], d, config) + return []interface{}{transformed} +} +func flattenApigeeSharedFlowMetaDataCreatedAt(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedFlowMetaDataLastModifiedAt(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedFlowMetaDataSubType(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedFlowName(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedFlowRevision(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedFlowLatestRevisionId(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func expandApigeeSharedFlowName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +// sendRequestRawBodyWithTimeout is derived from sendRequestWithTimeout with direct pass through of request body +func sendRequestRawBodyWithTimeout(config *Config, method, project, rawurl, userAgent string, body io.Reader, contentType string, timeout time.Duration, errorRetryPredicates ...RetryErrorPredicateFunc) (map[string]interface{}, error) { + log.Printf("[DEBUG] sendRequestRawBodyWithTimeout start") + reqHeaders := make(http.Header) + reqHeaders.Set("User-Agent", userAgent) + reqHeaders.Set("Content-Type", contentType) + + if config.UserProjectOverride && project != "" { + // Pass the project into this fn instead of parsing it from the URL because + // both project names and URLs can have colons in them. + reqHeaders.Set("X-Goog-User-Project", project) + } + + if timeout == 0 { + timeout = time.Duration(1) * time.Minute + } + + var res *http.Response + + log.Printf("[DEBUG] sendRequestRawBodyWithTimeout sending request") + + err := RetryTimeDuration( + func() error { + req, err := http.NewRequest(method, rawurl, body) + if err != nil { + return err + } + + req.Header = reqHeaders + res, err = config.Client.Do(req) + if err != nil { + return err + } + + if err := googleapi.CheckResponse(res); err != nil { + googleapi.CloseBody(res) + return err + } + + return nil + }, + timeout, + errorRetryPredicates..., + ) + if err != nil { + return nil, err + } + + if res == nil { + return nil, fmt.Errorf("Unable to parse server response. This is most likely a terraform problem, please file a bug at https://github.com/hashicorp/terraform-provider-google/issues.") + } + + // The defer call must be made outside of the retryFunc otherwise it's closed too soon. + defer googleapi.CloseBody(res) + + // 204 responses will have no body, so we're going to error with "EOF" if we + // try to parse it. Instead, we can just return nil. + if res.StatusCode == 204 { + return nil, nil + } + result := make(map[string]interface{}) + if err := json.NewDecoder(res.Body).Decode(&result); err != nil { + return nil, err + } + log.Printf("[DEBUG] sendRequestRawBodyWithTimeout returning") + return result, nil +} + +func apigeeSharedflowDetectBundleUpdate(_ context.Context, diff *schema.ResourceDiff, v interface{}) bool { + tmp, _ := diff.GetChange("detect_md5hash") + oldBundleHash := tmp.(string) + currentBundleHash := "" + if config_bundle, ok := diff.GetOkExists("config_bundle"); ok { + currentBundleHash = getFileMd5Hash(config_bundle.(string)) + } + log.Printf("[DEBUG] apigeeSharedflowDetectUpdate detect_md5hash: %s -> %s", oldBundleHash, currentBundleHash) + + if oldBundleHash != currentBundleHash { + return true + } + return diff.HasChange("config_bundle") || diff.HasChange("md5hash") +} diff --git a/mmv1/third_party/terraform/resources/resource_apigee_sharedflow_deployment.go b/mmv1/third_party/terraform/resources/resource_apigee_sharedflow_deployment.go new file mode 100644 index 000000000000..6c1124637260 --- /dev/null +++ b/mmv1/third_party/terraform/resources/resource_apigee_sharedflow_deployment.go @@ -0,0 +1,198 @@ +package google + +import ( + "fmt" + "log" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func ResourceApigeeSharedFlowDeployment() *schema.Resource { + return &schema.Resource{ + Create: resourceApigeeSharedflowDeploymentCreate, + Read: resourceApigeeSharedflowDeploymentRead, + Delete: resourceApigeeSharedflowDeploymentDelete, + + Importer: &schema.ResourceImporter{ + State: resourceApigeeSharedflowDeploymentImport, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(20 * time.Minute), + Update: schema.DefaultTimeout(20 * time.Minute), + Delete: schema.DefaultTimeout(20 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + "environment": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The resource ID of the environment.`, + }, + "org_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The Apigee Organization associated with the Apigee instance`, + }, + "revision": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Revision of the Sharedflow to be deployed.`, + }, + "service_account": { + Type: schema.TypeString, + ForceNew: true, + Optional: true, + Description: `The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.`, + }, + "sharedflow_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Id of the Sharedflow to be deployed.`, + }, + }, + UseJSONNumber: true, + } +} + +func resourceApigeeSharedflowDeploymentCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments?override=true&serviceAccount={{service_account}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Creating new SharedflowDeployment at %s", url) + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "POST", billingProject, url, userAgent, nil, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return fmt.Errorf("Error creating SharedflowDeployment: %s", err) + } + + // Store the ID now + id, err := replaceVars(d, config, "organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + log.Printf("[DEBUG] Finished creating SharedflowDeployment %q: %#v", d.Id(), res) + + return resourceApigeeSharedflowDeploymentRead(d, meta) +} + +func resourceApigeeSharedflowDeploymentRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments") + if err != nil { + return err + } + + billingProject := "" + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + log.Printf("[DEBUG] Reading SharedflowDeployment at %s", url) + + res, err := SendRequest(config, "GET", billingProject, url, userAgent, nil) + if err != nil { + return handleNotFoundError(err, d, fmt.Sprintf("ApigeeSharedflowDeployment %q", d.Id())) + } + log.Printf("[DEBUG] ApigeeSharedflowDeployment deployStartTime %s", res["deployStartTime"]) + + return nil +} + +func resourceApigeeSharedflowDeploymentDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + userAgent, err := generateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + url, err := replaceVars(d, config, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments") + if err != nil { + return err + } + + var obj map[string]interface{} + log.Printf("[DEBUG] Deleting SharedflowDeployment %q", d.Id()) + + // err == nil indicates that the billing_project value was found + if bp, err := getBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := SendRequestWithTimeout(config, "DELETE", billingProject, url, userAgent, obj, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return handleNotFoundError(err, d, "SharedflowDeployment") + } + + log.Printf("[DEBUG] Finished deleting SharedflowDeployment %q: %#v", d.Id(), res) + return nil +} + +func resourceApigeeSharedflowDeploymentImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*Config) + if err := parseImportId([]string{ + "organizations/(?P[^/]+)/environments/(?P[^/]+)/sharedflows/(?P[^/]+)/revisions/(?P[^/]+)", + "(?P[^/]+)/(?P[^/]+)/(?P[^/]+)/(?P[^/]+)", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := replaceVars(d, config, "organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenApigeeSharedflowDeploymentOrgId(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedflowDeploymentEnvironment(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedflowDeploymentSharedflowId(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedflowDeploymentRevision(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + +func flattenApigeeSharedflowDeploymentServiceAccount(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} diff --git a/mmv1/third_party/terraform/resources/resource_compute_instance.go.erb b/mmv1/third_party/terraform/resources/resource_compute_instance.go.erb index cef546dd6878..f8569666c13d 100644 --- a/mmv1/third_party/terraform/resources/resource_compute_instance.go.erb +++ b/mmv1/third_party/terraform/resources/resource_compute_instance.go.erb @@ -54,6 +54,7 @@ var ( "scheduling.0.instance_termination_action", <% unless version == 'ga' -%> "scheduling.0.max_run_duration", + "scheduling.0.maintenance_interval", <% end -%> } @@ -675,6 +676,12 @@ be from 0 to 999,999,999 inclusive.`, }, }, }, + "maintenance_interval": { + Type: schema.TypeString, + Optional: true, + AtLeastOneOf: schedulingKeys, + Description: `Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC`, + }, <% end -%> }, diff --git a/mmv1/third_party/terraform/resources/resource_compute_instance_template.go.erb b/mmv1/third_party/terraform/resources/resource_compute_instance_template.go.erb index 65713c25b889..20808d509f7f 100644 --- a/mmv1/third_party/terraform/resources/resource_compute_instance_template.go.erb +++ b/mmv1/third_party/terraform/resources/resource_compute_instance_template.go.erb @@ -33,6 +33,7 @@ var ( "scheduling.0.instance_termination_action", <% unless version == 'ga' -%> "scheduling.0.max_run_duration", + "scheduling.0.maintenance_interval", <% end -%> } @@ -652,6 +653,11 @@ be from 0 to 999,999,999 inclusive.`, }, }, }, + "maintenance_interval" : { + Type: schema.TypeString, + Optional: true, + Description: `Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC`, + }, <% end -%> }, }, diff --git a/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb b/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb index fe8df133610e..9b784ee68e47 100644 --- a/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb +++ b/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb @@ -173,7 +173,7 @@ func ResourceComputeSecurityPolicy() *schema.Resource { "request_uri": resourceComputeSecurityPolicyRulePreconfiguredWafConfigExclusionFieldParamsSchema( `Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.`, ), - + "request_query_param": resourceComputeSecurityPolicyRulePreconfiguredWafConfigExclusionFieldParamsSchema( `Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.`, ), @@ -1159,7 +1159,7 @@ func expandSecurityPolicyAdaptiveProtectionConfig(configured []interface{}) *com <% unless version == 'ga' -%> AutoDeployConfig: expandAutoDeployConfig(data["auto_deploy_config"].([]interface{})), <% end -%> - + } } @@ -1255,6 +1255,11 @@ func expandSecurityPolicyRuleRateLimitOptions(configured []interface{}) *compute <% end -%> BanDurationSec: int64(data["ban_duration_sec"].(int)), ExceedRedirectOptions: expandSecurityPolicyRuleRedirectOptions(data["exceed_redirect_options"].([]interface{})), + <% if version == 'ga' -%> + ForceSendFields: []string{"EnforceOnKey", "EnforceOnKeyName"}, + <% else -%> + ForceSendFields: []string{"EnforceOnKey", "EnforceOnKeyName", "EnforceOnKeyConfigs"}, + <% end -%> } } @@ -1273,7 +1278,7 @@ func expandThreshold(configured []interface{}) *compute.SecurityPolicyRuleRateLi <% unless version == 'ga' -%> func expandSecurityPolicyEnforceOnKeyConfigs(configured []interface{}) []*compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig { params := make([]*compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig, 0, len(configured)) - + for _, raw := range configured { params = append(params, expandSecurityPolicyEnforceOnKeyConfigsFields(raw)) } @@ -1305,7 +1310,7 @@ func flattenSecurityPolicyRuleRateLimitOptions(conf *compute.SecurityPolicyRuleR "enforce_on_key_name": conf.EnforceOnKeyName, <% unless version == 'ga' -%> "enforce_on_key_configs": flattenSecurityPolicyEnforceOnKeyConfigs(conf.EnforceOnKeyConfigs), - <% end -%> + <% end -%> "ban_duration_sec": conf.BanDurationSec, "exceed_redirect_options": flattenSecurityPolicyRedirectOptions(conf.ExceedRedirectOptions), } diff --git a/mmv1/third_party/terraform/tests/data_source_dns_key_test.go b/mmv1/third_party/terraform/tests/data_source_dns_key_test.go index a512139eb83e..7ba6988d1038 100644 --- a/mmv1/third_party/terraform/tests/data_source_dns_key_test.go +++ b/mmv1/third_party/terraform/tests/data_source_dns_key_test.go @@ -72,7 +72,7 @@ func testAccDataSourceDNSKeysConfig(dnsZoneName, dnssecStatus string) string { return fmt.Sprintf(` resource "google_dns_managed_zone" "foo" { name = "%s" - dns_name = "dnssec.tf-test.club." + dns_name = "dnssec.gcp.tfacc.hashicorptest.com." dnssec_config { state = "%s" diff --git a/mmv1/third_party/terraform/tests/data_source_dns_managed_zone_test.go.erb b/mmv1/third_party/terraform/tests/data_source_dns_managed_zone_test.go.erb index cf0cddaab659..90cd39c68304 100644 --- a/mmv1/third_party/terraform/tests/data_source_dns_managed_zone_test.go.erb +++ b/mmv1/third_party/terraform/tests/data_source_dns_managed_zone_test.go.erb @@ -43,7 +43,7 @@ func testAccDataSourceDnsManagedZone_basic(managedZoneName string) string { return fmt.Sprintf(` resource "google_dns_managed_zone" "foo" { name = "qa-zone-%s" - dns_name = "qa.tf-test.club." + dns_name = "qa.gcp.tfacc.hashicorptest.com." description = "QA DNS zone" } diff --git a/mmv1/third_party/terraform/tests/data_source_google_compute_instance_group_manager_test.go b/mmv1/third_party/terraform/tests/data_source_google_compute_instance_group_manager_test.go index dda387a68817..b6683d20ee98 100644 --- a/mmv1/third_party/terraform/tests/data_source_google_compute_instance_group_manager_test.go +++ b/mmv1/third_party/terraform/tests/data_source_google_compute_instance_group_manager_test.go @@ -10,15 +10,15 @@ func TestAccDataSourceGoogleComputeInstanceGroupManager(t *testing.T) { t.Parallel() zoneName := "us-central1-a" - igmName := "tf-tst-igm" + RandString(t, 6) + igmName := "tf-test-igm" + RandString(t, 6) context := map[string]interface{}{ "zoneName": zoneName, "igmName": igmName, - "baseName": "tf-tst-igm-base" + RandString(t, 6), - "poolName": "tf-tst-pool" + RandString(t, 6), - "templateName": "tf-tst-templt" + RandString(t, 6), - "autoHealName": "tf-tst-ah-name" + RandString(t, 6), + "baseName": "tf-test-igm-base" + RandString(t, 6), + "poolName": "tf-test-pool" + RandString(t, 6), + "templateName": "tf-test-templt" + RandString(t, 6), + "autoHealName": "tf-test-ah-name" + RandString(t, 6), } VcrTest(t, resource.TestCase{ diff --git a/mmv1/third_party/terraform/tests/data_source_google_firebase_android_app_test.go.erb b/mmv1/third_party/terraform/tests/data_source_google_firebase_android_app_test.go.erb index 91a44fa8d5cf..0e4298ccafb5 100644 --- a/mmv1/third_party/terraform/tests/data_source_google_firebase_android_app_test.go.erb +++ b/mmv1/third_party/terraform/tests/data_source_google_firebase_android_app_test.go.erb @@ -51,6 +51,11 @@ resource "google_firebase_android_app" "my_app" { data "google_firebase_android_app" "my_app" { app_id = google_firebase_android_app.my_app.app_id } + +data "google_firebase_android_app" "my_app_project" { + project = "%{project_id}" + app_id = google_firebase_android_app.my_app.app_id +} `, context) } <% end -%> diff --git a/mmv1/third_party/terraform/tests/data_source_google_firebase_apple_app_test.go.erb b/mmv1/third_party/terraform/tests/data_source_google_firebase_apple_app_test.go.erb index 56d053e12159..1ca38e6db8ac 100644 --- a/mmv1/third_party/terraform/tests/data_source_google_firebase_apple_app_test.go.erb +++ b/mmv1/third_party/terraform/tests/data_source_google_firebase_apple_app_test.go.erb @@ -53,6 +53,11 @@ resource "google_firebase_apple_app" "my_app" { data "google_firebase_apple_app" "my_app" { app_id = google_firebase_apple_app.my_app.app_id } + +data "google_firebase_apple_app" "my_app_project" { + project = "%{project_id}" + app_id = google_firebase_apple_app.my_app.app_id +} `, context) } <% end -%> diff --git a/mmv1/third_party/terraform/tests/data_source_google_firebase_web_app_test.go.erb b/mmv1/third_party/terraform/tests/data_source_google_firebase_web_app_test.go.erb new file mode 100644 index 000000000000..e6db9dc5c107 --- /dev/null +++ b/mmv1/third_party/terraform/tests/data_source_google_firebase_web_app_test.go.erb @@ -0,0 +1,58 @@ +<% autogen_exception -%> +package google +<% unless version == 'ga' -%> +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceGoogleFirebaseWebApp(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "project_id": GetTestProjectFromEnv(), + "display_name": "tf_test Display Name WebApp DataSource", + } + + resourceName := "data.google_firebase_web_app.my_app" + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceGoogleFirebaseWebApp(context), + Check: resource.ComposeTestCheckFunc( + checkDataSourceStateMatchesResourceStateWithIgnores( + resourceName, + "google_firebase_web_app.my_app", + map[string]struct{}{ + "deletion_policy": {}, + }, + ), + ), + }, + }, + }) +} + +func testAccDataSourceGoogleFirebaseWebApp(context map[string]interface{}) string { + return Nprintf(` +resource "google_firebase_web_app" "my_app" { + project = "%{project_id}" + display_name = "%{display_name}" + deletion_policy = "DELETE" +} + +data "google_firebase_web_app" "my_app" { + app_id = google_firebase_web_app.my_app.app_id +} + +data "google_firebase_web_app" "my_app_project" { + project = "%{project_id}" + app_id = google_firebase_web_app.my_app.app_id +} +`, context) +} +<% end -%> diff --git a/mmv1/third_party/terraform/tests/resource_access_context_manager_access_policy_test.go.erb b/mmv1/third_party/terraform/tests/resource_access_context_manager_access_policy_test.go.erb index c385eea8982d..37426deb9869 100644 --- a/mmv1/third_party/terraform/tests/resource_access_context_manager_access_policy_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_access_context_manager_access_policy_test.go.erb @@ -91,6 +91,7 @@ func TestAccAccessContextManager(t *testing.T) { "access_level_condition": testAccAccessContextManagerAccessLevelCondition_basicTest, "service_perimeters": testAccAccessContextManagerServicePerimeters_basicTest, "gcp_user_access_binding": testAccAccessContextManagerGcpUserAccessBinding_basicTest, + "authorized_orgs_desc": testAccAccessContextManagerAuthorizedOrgsDesc_basicTest, } for name, tc := range testCases { diff --git a/mmv1/third_party/terraform/tests/resource_access_context_manager_authorized_orgs_desc_test.go b/mmv1/third_party/terraform/tests/resource_access_context_manager_authorized_orgs_desc_test.go new file mode 100644 index 000000000000..38fbaff5699e --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_access_context_manager_authorized_orgs_desc_test.go @@ -0,0 +1,84 @@ +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func testAccAccessContextManagerAuthorizedOrgsDesc_basicTest(t *testing.T) { + context := map[string]interface{}{ + "org_id": GetTestOrgFromEnv(t), + } + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckAccessContextManagerAuthorizedOrgsDescDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccAccessContextManagerAuthorizedOrgsDesc_accessContextManagerAuthorizedOrgsDescBasicExample(context), + }, + { + ResourceName: "google_access_context_manager_authorized_orgs_desc.authorized-orgs-desc", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"parent"}, + }, + }, + }) +} + +func testAccAccessContextManagerAuthorizedOrgsDesc_accessContextManagerAuthorizedOrgsDescBasicExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_access_context_manager_authorized_orgs_desc" "authorized-orgs-desc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/authorizedOrgsDescs/fakeDescName" + authorization_type = "AUTHORIZATION_TYPE_TRUST" + asset_type = "ASSET_TYPE_CREDENTIAL_STRENGTH" + authorization_direction = "AUTHORIZATION_DIRECTION_TO" + orgs = ["organizations/12345", "organizations/98765"] +} + +resource "google_access_context_manager_access_policy" "test-access" { + parent = "organizations/%{org_id}" + title = "my policy" +} +`, context) +} + +func testAccCheckAccessContextManagerAuthorizedOrgsDescDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_access_context_manager_authorized_orgs_desc" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := GoogleProviderConfig(t) + + url, err := replaceVarsForTest(config, rs, "{{AccessContextManagerBasePath}}{{name}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + + _, err = SendRequest(config, "GET", billingProject, url, config.UserAgent, nil) + if err == nil { + return fmt.Errorf("AccessContextManagerAuthorizedOrgsDesc still exists at %s", url) + } + } + + return nil + } +} diff --git a/mmv1/third_party/terraform/tests/resource_alloydb_backup_test.go b/mmv1/third_party/terraform/tests/resource_alloydb_backup_test.go index be5b7ba3729f..3d175d703bb6 100644 --- a/mmv1/third_party/terraform/tests/resource_alloydb_backup_test.go +++ b/mmv1/third_party/terraform/tests/resource_alloydb_backup_test.go @@ -10,7 +10,7 @@ func TestAccAlloydbBackup_update(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "network_name": BootstrapSharedTestNetwork(t, "alloydb"), + "network_name": BootstrapSharedTestNetwork(t, "alloydb-update"), "random_suffix": RandString(t, 10), } diff --git a/mmv1/third_party/terraform/tests/resource_apigee_flowhook_test.go b/mmv1/third_party/terraform/tests/resource_apigee_flowhook_test.go new file mode 100644 index 000000000000..93ab7c2f7437 --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_apigee_flowhook_test.go @@ -0,0 +1,161 @@ +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func TestAccApigeeFlowhook_apigeeFlowhookTestExample(t *testing.T) { + SkipIfVcr(t) + t.Parallel() + + context := map[string]interface{}{ + "org_id": GetTestOrgFromEnv(t), + "billing_account": GetTestBillingAccountFromEnv(t), + "random_suffix": RandString(t, 10), + } + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckApigeeFlowhookDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccApigeeFlowhook_apigeeFlowhookTestExample(context), + }, + { + ResourceName: "google_apigee_flowhook.flowhook_test", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{}, + }, + }, + }) +} + +func testAccApigeeFlowhook_apigeeFlowhookTestExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" + depends_on = [google_project_service.apigee] +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" + depends_on = [google_project_service.servicenetworking] +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_environment" "apigee_environment" { + org_id = google_apigee_organization.apigee_org.id + name = "tf-test%{random_suffix}" + description = "Apigee Environment" + display_name = "environment-1" +} + +resource "google_apigee_sharedflow" "test_apigee_sharedflow" { + name = "tf-test-apigee-sharedflow" + org_id = google_project.project.project_id + config_bundle = "./test-fixtures/apigee/apigee_sharedflow_bundle.zip" + depends_on = [google_apigee_organization.apigee_org] +} + +resource "google_apigee_sharedflow_deployment" "sharedflow_deployment_test" { + environment = google_apigee_environment.apigee_environment.name + org_id = google_apigee_sharedflow.test_apigee_sharedflow.org_id + revision = google_apigee_sharedflow.test_apigee_sharedflow.revision[length(google_apigee_sharedflow.test_apigee_sharedflow.revision)-1] + sharedflow_id = google_apigee_sharedflow.test_apigee_sharedflow.name +} + +resource "google_apigee_flowhook" "flowhook_test" { + environment = google_apigee_sharedflow_deployment.sharedflow_deployment_test.environment + org_id = google_apigee_sharedflow.test_apigee_sharedflow.org_id + flow_hook_point = "PreProxyFlowHook" + sharedflow = google_apigee_sharedflow.test_apigee_sharedflow.name + description = "test flowhook" + continue_on_error = true + } +`, context) +} + +func testAccCheckApigeeFlowhookDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_apigee_flowhook" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := GoogleProviderConfig(t) + + url, err := replaceVarsForTest(config, rs, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + res, err := SendRequest(config, "GET", billingProject, url, config.UserAgent, nil) + // Flowhooks always exist, we treat the binding as a removable resource, thus we check if the sharedFlow field to detect sharedflow attachment + if err == nil && res != nil && res["sharedFlow"] != nil { + return fmt.Errorf("Flowhook still has an attachment at %s", url) + } + } + + return nil + } +} diff --git a/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_deployment_test.go b/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_deployment_test.go new file mode 100644 index 000000000000..57f456e93dc0 --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_deployment_test.go @@ -0,0 +1,151 @@ +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func TestAccApigeeSharedflowDeployment_apigeeSharedflowDeploymentTestExample(t *testing.T) { + SkipIfVcr(t) + t.Parallel() + + context := map[string]interface{}{ + "org_id": GetTestOrgFromEnv(t), + "billing_account": GetTestBillingAccountFromEnv(t), + "random_suffix": RandString(t, 10), + } + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckApigeeSharedflowDeploymentDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccApigeeSharedflowDeployment_apigeeSharedflowDeploymentTestExample(context), + }, + { + ResourceName: "google_apigee_sharedflow_deployment.sharedflow_deployment_test", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{}, + }, + }, + }) +} + +func testAccApigeeSharedflowDeployment_apigeeSharedflowDeploymentTestExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" + depends_on = [google_project_service.apigee] +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" + depends_on = [google_project_service.servicenetworking] +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_environment" "apigee_environment" { + org_id = google_apigee_organization.apigee_org.id + name = "tf-test%{random_suffix}" + description = "Apigee Environment" + display_name = "environment-1" +} + +resource "google_apigee_sharedflow" "test_apigee_sharedflow" { + name = "tf-test-apigee-sharedflow" + org_id = google_project.project.project_id + config_bundle = "./test-fixtures/apigee/apigee_sharedflow_bundle.zip" + depends_on = [google_apigee_organization.apigee_org] +} + +resource "google_apigee_sharedflow_deployment" "sharedflow_deployment_test" { + environment = google_apigee_environment.apigee_environment.name + org_id = google_apigee_sharedflow.test_apigee_sharedflow.org_id + revision = google_apigee_sharedflow.test_apigee_sharedflow.revision[length(google_apigee_sharedflow.test_apigee_sharedflow.revision)-1] + sharedflow_id = google_apigee_sharedflow.test_apigee_sharedflow.name +} +`, context) +} + +func testAccCheckApigeeSharedflowDeploymentDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_apigee_sharedflow_deployment" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := GoogleProviderConfig(t) + + url, err := replaceVarsForTest(config, rs, "{{ApigeeBasePath}}organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + _, err = SendRequest(config, "GET", billingProject, url, config.UserAgent, nil) + if err == nil { + return fmt.Errorf("ApigeeSharedFlow still exists at %s", url) + } + } + + return nil + } +} diff --git a/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_sweeper_test.go b/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_sweeper_test.go new file mode 100644 index 000000000000..9cd60acc221b --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_sweeper_test.go @@ -0,0 +1,128 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "context" + "log" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func init() { + resource.AddTestSweepers("ApigeeSharedFlow", &resource.Sweeper{ + Name: "ApigeeSharedFlow", + F: testSweepApigeeSharedFlow, + }) +} + +// At the time of writing, the CI only passes us-central1 as the region +func testSweepApigeeSharedFlow(region string) error { + resourceName := "ApigeeSharedFlow" + log.Printf("[INFO][SWEEPER_LOG] Starting sweeper for %s", resourceName) + + config, err := SharedConfigForRegion(region) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error getting shared config for region: %s", err) + return err + } + + err = config.LoadAndValidate(context.Background()) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error loading: %s", err) + return err + } + + t := &testing.T{} + billingId := GetTestBillingAccountFromEnv(t) + + // Setup variables to replace in list template + d := &ResourceDataMock{ + FieldsInSchema: map[string]interface{}{ + "project": config.Project, + "region": region, + "location": region, + "zone": "-", + "billing_account": billingId, + }, + } + + listTemplate := strings.Split("https://apigee.googleapis.com/v1/organizations/{{org_id}}/sharedflows/{{name}}", "?")[0] + listUrl, err := replaceVars(d, config, listTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing sweeper list url: %s", err) + return nil + } + + res, err := SendRequest(config, "GET", config.Project, listUrl, config.UserAgent, nil) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error in response from request %s: %s", listUrl, err) + return nil + } + + resourceList, ok := res["sharedFlows"] + if !ok { + log.Printf("[INFO][SWEEPER_LOG] Nothing found in response.") + return nil + } + + rl := resourceList.([]interface{}) + + log.Printf("[INFO][SWEEPER_LOG] Found %d items in %s list response.", len(rl), resourceName) + // Keep count of items that aren't sweepable for logging. + nonPrefixCount := 0 + for _, ri := range rl { + obj := ri.(map[string]interface{}) + var name string + // Id detected in the delete URL, attempt to use id. + if obj["id"] != nil { + name = GetResourceNameFromSelfLink(obj["id"].(string)) + } else if obj["name"] != nil { + name = GetResourceNameFromSelfLink(obj["name"].(string)) + } else { + log.Printf("[INFO][SWEEPER_LOG] %s resource name and id were nil", resourceName) + return nil + } + // Skip resources that shouldn't be sweeped + if !IsSweepableTestResource(name) { + nonPrefixCount++ + continue + } + + deleteTemplate := "https://apigee.googleapis.com/v1/organizations/{{org_id}}/sharedflows/{{name}}" + deleteUrl, err := replaceVars(d, config, deleteTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err) + return nil + } + deleteUrl = deleteUrl + name + + // Don't wait on operations as we may have a lot to delete + _, err = SendRequest(config, "DELETE", config.Project, deleteUrl, config.UserAgent, nil) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error deleting for url %s : %s", deleteUrl, err) + } else { + log.Printf("[INFO][SWEEPER_LOG] Sent delete request for %s resource: %s", resourceName, name) + } + } + + if nonPrefixCount > 0 { + log.Printf("[INFO][SWEEPER_LOG] %d items were non-sweepable and skipped.", nonPrefixCount) + } + + return nil +} diff --git a/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_test.go b/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_test.go new file mode 100644 index 000000000000..bfd31ebbfb47 --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_apigee_sharedflow_test.go @@ -0,0 +1,216 @@ +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func TestAccApigeeSharedFlow_apigeeSharedflowTestExample(t *testing.T) { + SkipIfVcr(t) + t.Parallel() + + fmt.Printf("from t: org_id %s", GetTestOrgFromEnv(t)) + + context := map[string]interface{}{ + "org_id": GetTestOrgFromEnv(t), + "billing_account": GetTestBillingAccountFromEnv(t), + "random_suffix": RandString(t, 10), + } + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckApigeeSharedFlowDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccApigeeSharedFlow_apigeeSharedflowTestExample(context), + }, + { + ResourceName: "google_apigee_sharedflow.test_apigee_sharedflow", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"config_bundle", "detect_md5hash", "md5hash"}, + }, + { + Config: testAccApigeeSharedFlow_apigeeSharedflowTestExampleUpdate(context), + }, + { + ResourceName: "google_apigee_sharedflow.test_apigee_sharedflow", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"config_bundle", "detect_md5hash", "md5hash"}, + }, + }, + }) +} + +func testAccApigeeSharedFlow_apigeeSharedflowTestExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" + depends_on = [google_project_service.apigee] +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" + depends_on = [google_project_service.servicenetworking] +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_sharedflow" "test_apigee_sharedflow" { + name = "tf-test-apigee-sharedflow" + org_id = google_project.project.project_id + config_bundle = "./test-fixtures/apigee/apigee_sharedflow_bundle.zip" + depends_on = [google_apigee_organization.apigee_org] +} +`, context) +} + +func testAccCheckApigeeSharedFlowDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_apigee_shared_flow" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := GoogleProviderConfig(t) + + url, err := replaceVarsForTest(config, rs, "{{ApigeeBasePath}}organizations/{{org_id}}/sharedflows/{{name}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + fmt.Printf("testAccCheckApigeeSharedFlowDestroyProducer, url %s", url) + _, err = SendRequest(config, "GET", billingProject, url, config.UserAgent, nil) + if err == nil { + return fmt.Errorf("ApigeeSharedFlow still exists at %s", url) + } + } + + return nil + } +} + +func testAccApigeeSharedFlow_apigeeSharedflowTestExampleUpdate(context map[string]interface{}) string { + return Nprintf(` +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_project_service" "servicenetworking" { + project = google_project.project.project_id + service = "servicenetworking.googleapis.com" + depends_on = [google_project_service.apigee] +} + +resource "google_project_service" "compute" { + project = google_project.project.project_id + service = "compute.googleapis.com" + depends_on = [google_project_service.servicenetworking] +} + +resource "google_compute_network" "apigee_network" { + name = "apigee-network" + project = google_project.project.project_id + depends_on = [google_project_service.compute] +} + +resource "google_compute_global_address" "apigee_range" { + name = "apigee-range" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.apigee_network.id + project = google_project.project.project_id +} + +resource "google_service_networking_connection" "apigee_vpc_connection" { + network = google_compute_network.apigee_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.apigee_range.name] + depends_on = [google_project_service.servicenetworking] +} + +resource "google_apigee_organization" "apigee_org" { + analytics_region = "us-central1" + project_id = google_project.project.project_id + authorized_network = google_compute_network.apigee_network.id + depends_on = [ + google_service_networking_connection.apigee_vpc_connection, + google_project_service.apigee, + ] +} + +resource "google_apigee_sharedflow" "test_apigee_sharedflow" { + name = "tf-test-apigee-sharedflow" + org_id = google_project.project.project_id + config_bundle = "./test-fixtures/apigee/apigee_sharedflow_bundle2.zip" + depends_on = [google_apigee_organization.apigee_org] +} +`, context) +} diff --git a/mmv1/third_party/terraform/tests/resource_big_query_dataset_test.go b/mmv1/third_party/terraform/tests/resource_big_query_dataset_test.go index e083807fd4b6..8c36e10fd473 100644 --- a/mmv1/third_party/terraform/tests/resource_big_query_dataset_test.go +++ b/mmv1/third_party/terraform/tests/resource_big_query_dataset_test.go @@ -35,6 +35,14 @@ func TestAccBigQueryDataset_basic(t *testing.T) { ImportState: true, ImportStateVerify: true, }, + { + Config: testAccBigQueryDatasetUpdated2(datasetID), + }, + { + ResourceName: "google_bigquery_dataset.test", + ImportState: true, + ImportStateVerify: true, + }, }, }) } @@ -212,6 +220,24 @@ resource "google_bigquery_dataset" "test" { `, datasetID) } +func testAccBigQueryDatasetUpdated2(datasetID string) string { + return fmt.Sprintf(` +resource "google_bigquery_dataset" "test" { + dataset_id = "%s" + # friendly_name = "bar" + description = "This is a bar description" + location = "EU" + default_partition_expiration_ms = 7200000 + default_table_expiration_ms = 7200000 + + labels = { + env = "bar" + default_table_expiration_ms = 7200000 + } +} +`, datasetID) +} + func testAccBigQueryDatasetDeleteContents(datasetID string) string { return fmt.Sprintf(` resource "google_bigquery_dataset" "contents_test" { diff --git a/mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go.erb b/mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go similarity index 91% rename from mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go.erb rename to mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go index a5d19d3f9368..7ee7dd6c8111 100644 --- a/mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go @@ -1,8 +1,5 @@ -<% autogen_exception -%> package google -<% unless version == 'ga' -%> - import ( "testing" @@ -18,7 +15,7 @@ func TestAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(t *t VcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: TestAccProvidersOiCS, + Providers: TestAccProviders, CheckDestroy: testAccCheckBigqueryDatapolicyDataPolicyDestroyProducer(t), Steps: []resource.TestStep{ { @@ -40,7 +37,6 @@ func TestAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(t *t func testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(context map[string]interface{}) string { return Nprintf(` resource "google_bigquery_datapolicy_data_policy" "data_policy" { - provider = google-beta location = "us-central1" data_policy_id = "tf_test_data_policy%{random_suffix}" policy_tag = google_data_catalog_policy_tag.policy_tag_updated.name @@ -48,21 +44,18 @@ resource "google_bigquery_datapolicy_data_policy" "data_policy" { } resource "google_data_catalog_policy_tag" "policy_tag" { - provider = google-beta taxonomy = google_data_catalog_taxonomy.taxonomy.id display_name = "Low security" description = "A policy tag normally associated with low security items" } resource "google_data_catalog_policy_tag" "policy_tag_updated" { - provider = google-beta taxonomy = google_data_catalog_taxonomy.taxonomy.id display_name = "Low security updated" description = "A policy tag normally associated with low security items" } resource "google_bigquery_datapolicy_data_policy" "policy_tag_with_data_masking_policy" { - provider = google-beta location = "us-central1" data_policy_id = "masking_policy_test" policy_tag = google_data_catalog_policy_tag.policy_tag_updated.name @@ -73,7 +66,6 @@ resource "google_bigquery_datapolicy_data_policy" "data_policy" { } resource "google_data_catalog_taxonomy" "taxonomy" { - provider = google-beta region = "us-central1" display_name = "taxonomy%{random_suffix}" description = "A collection of policy tags" @@ -81,5 +73,3 @@ resource "google_bigquery_datapolicy_data_policy" "data_policy" { } `, context) } - -<% end %> \ No newline at end of file diff --git a/mmv1/third_party/terraform/tests/resource_cloudfunction2_function_test.go b/mmv1/third_party/terraform/tests/resource_cloudfunction2_function_test.go index bd03c48c048f..ea552b5c0850 100644 --- a/mmv1/third_party/terraform/tests/resource_cloudfunction2_function_test.go +++ b/mmv1/third_party/terraform/tests/resource_cloudfunction2_function_test.go @@ -57,18 +57,18 @@ resource "google_storage_bucket" "bucket" { location = "US" uniform_bucket_level_access = true } - + resource "google_storage_bucket_object" "object" { name = "function-source.zip" bucket = google_storage_bucket.bucket.name source = "%{zip_path}" } - + resource "google_cloudfunctions2_function" "terraform-test2" { name = "tf-test-test-function%{random_suffix}" location = "us-central1" description = "a new function" - + build_config { runtime = "nodejs12" entry_point = "helloHttp" @@ -79,7 +79,7 @@ resource "google_cloudfunctions2_function" "terraform-test2" { } } } - + service_config { max_instance_count = 1 available_memory = "1536Mi" @@ -96,18 +96,18 @@ resource "google_storage_bucket" "bucket" { location = "US" uniform_bucket_level_access = true } - + resource "google_storage_bucket_object" "object" { name = "function-source.zip" bucket = google_storage_bucket.bucket.name source = "%{zip_path}" } - + resource "google_cloudfunctions2_function" "terraform-test2" { name = "tf-test-test-function%{random_suffix}" location = "us-central1" description = "an updated function" - + build_config { runtime = "nodejs12" entry_point = "helloHttp" @@ -118,7 +118,7 @@ resource "google_cloudfunctions2_function" "terraform-test2" { } } } - + service_config { max_instance_count = 1 available_memory = "1536Mi" @@ -135,18 +135,18 @@ resource "google_storage_bucket" "bucket" { location = "US" uniform_bucket_level_access = true } - + resource "google_storage_bucket_object" "object" { name = "function-source.zip" bucket = google_storage_bucket.bucket.name source = "%{zip_path}" } - + resource "google_cloudfunctions2_function" "terraform-test2" { name = "tf-test-test-function%{random_suffix}" location = "us-west1" description = "function test" - + build_config { runtime = "nodejs16" entry_point = "helloHttp" @@ -160,7 +160,7 @@ resource "google_cloudfunctions2_function" "terraform-test2" { } } } - + service_config { max_instance_count = 5 min_instance_count = 1 @@ -183,6 +183,10 @@ func TestAccCloudFunctions2Function_fullUpdate(t *testing.T) { "random_suffix": RandString(t, 10), } + if BootstrapPSARole(t, "service-", "gcp-sa-pubsub", "roles/cloudkms.cryptoKeyEncrypterDecrypter") { + t.Fatal("Stopping the test because a binding was added.") + } + VcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: TestAccProviders, @@ -212,7 +216,7 @@ resource "google_storage_bucket" "source-bucket" { location = "US" uniform_bucket_level_access = true } - + resource "google_storage_bucket_object" "object" { name = "function-source.zip" bucket = google_storage_bucket.source-bucket.name @@ -262,7 +266,7 @@ resource "google_cloudfunctions2_function" "function" { name = "tf-test-gcf-function%{random_suffix}" location = "us-central1" description = "a new function" - + build_config { runtime = "nodejs12" entry_point = "entryPoint" # Set the entry point in the code @@ -276,7 +280,7 @@ resource "google_cloudfunctions2_function" "function" { } } } - + service_config { max_instance_count = 3 min_instance_count = 1 diff --git a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb index a5c2b2d57405..fbcecd4ae628 100644 --- a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb @@ -27,6 +27,16 @@ func init() { }) } +func allComposerServiceAgents() []string { + return []string{ + "cloudcomposer-accounts", + "compute-system", + "container-engine-robot", + "gcp-sa-artifactregistry", + "gcp-sa-pubsub", + } +} + func TestComposerImageVersionDiffSuppress(t *testing.T) { t.Parallel() @@ -308,6 +318,9 @@ func TestAccComposerEnvironment_withWebServerConfig(t *testing.T) { network := fmt.Sprintf("%s-%d", testComposerNetworkPrefix, RandInt(t)) subnetwork := network + "-1" + + grantServiceAgentsRole(t, "service-", []string{"gcp-sa-cloudbuild"}, "roles/cloudbuild.builds.builder") + VcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: TestAccProviders, @@ -342,6 +355,7 @@ func TestAccComposerEnvironment_withEncryptionConfigComposer1(t *testing.T) { kms := BootstrapKMSKeyInLocation(t, "us-central1") pid := GetTestProjectFromEnv() + grantServiceAgentsRole(t, "service-", allComposerServiceAgents(), "roles/cloudkms.cryptoKeyEncrypterDecrypter") envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, RandInt(t)) network := fmt.Sprintf("%s-%d", testComposerNetworkPrefix, RandInt(t)) subnetwork := network + "-1" @@ -377,6 +391,7 @@ func TestAccComposerEnvironment_withEncryptionConfigComposer2(t *testing.T) { kms := BootstrapKMSKeyInLocation(t, "us-central1") pid := GetTestProjectFromEnv() + grantServiceAgentsRole(t, "service-", allComposerServiceAgents(), "roles/cloudkms.cryptoKeyEncrypterDecrypter") envName := fmt.Sprintf("%s-%d", testComposerEnvironmentPrefix, RandInt(t)) network := fmt.Sprintf("%s-%d", testComposerNetworkPrefix, RandInt(t)) subnetwork := network + "-1" @@ -960,6 +975,14 @@ func TestAccComposerEnvironment_fixPyPiPackages(t *testing.T) { }) } +// This bootstraps the IAM roles needed for the service agents. +func grantServiceAgentsRole(t *testing.T, prefix string, agentNames []string, role string) { + if BootstrapAllPSARole(t, prefix, agentNames, role) { + // Fail this test run because the policy needs time to reconcile. + t.Fatal("Stopping test because permissions were added.") + } +} + func testAccComposerEnvironmentDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { config := GoogleProviderConfig(t) @@ -2325,6 +2348,7 @@ resource "google_project_iam_member" "composer-worker" { `, environment, network, subnetwork, serviceAccount) } + /** * CLEAN UP HELPER FUNCTIONS * Because the environments are flaky and bucket deletion rates can be diff --git a/mmv1/third_party/terraform/tests/resource_compute_instance_template_test.go.erb b/mmv1/third_party/terraform/tests/resource_compute_instance_template_test.go.erb index 916c35c7b8e7..8e573b6c84f1 100644 --- a/mmv1/third_party/terraform/tests/resource_compute_instance_template_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_compute_instance_template_test.go.erb @@ -298,6 +298,43 @@ func TestAccComputeInstanceTemplate_preemptible(t *testing.T) { }) } +<% unless version == "ga" -%> +func TestAccComputeInstanceTemplate_maintenance_interval(t *testing.T) { + t.Parallel() + + var instanceTemplate compute.InstanceTemplate + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckComputeInstanceTemplateDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeInstanceTemplate_maintenance_interval(RandString(t, 10)), + Check: resource.ComposeTestCheckFunc( + testAccCheckComputeInstanceTemplateExists( + t, "google_compute_instance_template.foobar", &instanceTemplate), + testAccCheckComputeInstanceTemplateMaintenanceInterval(&instanceTemplate, "PERIODIC"), + ), + }, + { + ResourceName: "google_compute_instance_template.foobar", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeInstanceTemplate_basic(RandString(t, 10)), + Check: resource.ComposeTestCheckFunc( + testAccCheckComputeInstanceTemplateExists( + t, "google_compute_instance_template.foobar", &instanceTemplate), + testAccCheckComputeInstanceTemplateMaintenanceInterval(&instanceTemplate, ""), + ), + }, + }, + }) +} +<% end -%> + func TestAccComputeInstanceTemplate_IP(t *testing.T) { t.Parallel() @@ -1205,8 +1242,13 @@ func TestAccComputeInstanceTemplate_sourceSnapshotEncryptionKey(t *testing.T) { var instanceTemplate compute.InstanceTemplate kmsKey := BootstrapKMSKeyInLocation(t, "us-central1") - kmsKeyName := GetResourceNameFromSelfLink(kmsKey.CryptoKey.Name) - kmsRingName := GetResourceNameFromSelfLink(kmsKey.KeyRing.Name) + + context := map[string]interface{}{ + "kms_ring_name": GetResourceNameFromSelfLink(kmsKey.KeyRing.Name), + "kms_key_name": GetResourceNameFromSelfLink(kmsKey.CryptoKey.Name), + "random_suffix": RandString(t, 10), + } + VcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -1214,7 +1256,7 @@ func TestAccComputeInstanceTemplate_sourceSnapshotEncryptionKey(t *testing.T) { CheckDestroy: testAccCheckComputeInstanceTemplateDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccComputeInstanceTemplate_sourceSnapshotEncryptionKey(kmsRingName, kmsKeyName, RandString(t, 10)), + Config: testAccComputeInstanceTemplate_sourceSnapshotEncryptionKey(context), Check: resource.ComposeTestCheckFunc( testAccCheckComputeInstanceTemplateExists( t, "google_compute_instance_template.template", &instanceTemplate), @@ -1235,8 +1277,12 @@ func TestAccComputeInstanceTemplate_sourceImageEncryptionKey(t *testing.T) { var instanceTemplate compute.InstanceTemplate kmsKey := BootstrapKMSKeyInLocation(t, "us-central1") - kmsKeyName := GetResourceNameFromSelfLink(kmsKey.CryptoKey.Name) - kmsRingName := GetResourceNameFromSelfLink(kmsKey.KeyRing.Name) + + context := map[string]interface{}{ + "kms_ring_name": GetResourceNameFromSelfLink(kmsKey.KeyRing.Name), + "kms_key_name": GetResourceNameFromSelfLink(kmsKey.CryptoKey.Name), + "random_suffix": RandString(t, 10), + } VcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -1244,7 +1290,7 @@ func TestAccComputeInstanceTemplate_sourceImageEncryptionKey(t *testing.T) { CheckDestroy: testAccCheckComputeInstanceTemplateDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccComputeInstanceTemplate_sourceImageEncryptionKey(kmsRingName, kmsKeyName, RandString(t, 10)), + Config: testAccComputeInstanceTemplate_sourceImageEncryptionKey(context), Check: resource.ComposeTestCheckFunc( testAccCheckComputeInstanceTemplateExists( t, "google_compute_instance_template.template", &instanceTemplate), @@ -1407,6 +1453,17 @@ func testAccCheckComputeInstanceTemplatePreemptible(instanceTemplate *compute.In } } +<% unless version == "ga" -%> +func testAccCheckComputeInstanceTemplateMaintenanceInterval(instanceTemplate *compute.InstanceTemplate, maintenance_interval string) resource.TestCheckFunc { + return func(s *terraform.State) error { + if instanceTemplate.Properties.Scheduling.MaintenanceInterval != maintenance_interval { + return fmt.Errorf("Expected maintenance interval value %v, got %v", maintenance_interval, instanceTemplate.Properties.Scheduling.MaintenanceInterval) + } + return nil + } +} +<% end -%> + func testAccCheckComputeInstanceTemplateProvisioningModel(instanceTemplate *compute.InstanceTemplate, provisioning_model string) resource.TestCheckFunc { return func(s *terraform.State) error { if instanceTemplate.Properties.Scheduling.ProvisioningModel != provisioning_model { @@ -1793,6 +1850,52 @@ resource "google_compute_instance_template" "foobar" { `, suffix) } +<% unless version == 'ga' -%> +func testAccComputeInstanceTemplate_maintenance_interval(suffix string) string { + return fmt.Sprintf(` +data "google_compute_image" "my_image" { + family = "debian-11" + project = "debian-cloud" +} + +resource "google_compute_instance_template" "foobar" { + name = "tf-test-instance-template-%s" + machine_type = "e2-medium" + can_ip_forward = false + tags = ["foo", "bar"] + + disk { + source_image = data.google_compute_image.my_image.self_link + auto_delete = true + boot = true + } + + network_interface { + network = "default" + } + + scheduling { + preemptible = false + automatic_restart = true + maintenance_interval = "PERIODIC" + } + + metadata = { + foo = "bar" + } + + service_account { + scopes = ["userinfo-email", "compute-ro", "storage-ro"] + } + + labels = { + my_label = "foobar" + } +} +`, suffix) +} +<% end -%> + func testAccComputeInstanceTemplate_ip(suffix string) string { return fmt.Sprintf(` resource "google_compute_address" "foo" { @@ -3127,20 +3230,20 @@ resource "google_compute_instance_template" "foobar" { `, suffix) } -func testAccComputeInstanceTemplate_sourceSnapshotEncryptionKey(kmsRingName, kmsKeyName, suffix string) string { - return fmt.Sprintf(` +func testAccComputeInstanceTemplate_sourceSnapshotEncryptionKey(context map[string]interface{}) string { + return Nprintf(` data "google_kms_key_ring" "ring" { - name = "%s" + name = "%{kms_ring_name}" location = "us-central1" } data "google_kms_crypto_key" "key" { - name = "%s" + name = "%{kms_key_name}" key_ring = data.google_kms_key_ring.ring.id } resource "google_service_account" "test" { - account_id = "test-sa-%s" + account_id = "tf-test-sa-%{random_suffix}" display_name = "KMS Ops Account" } @@ -3156,7 +3259,7 @@ data "google_compute_image" "debian" { } resource "google_compute_disk" "persistent" { - name = "debian-disk" + name = "tf-test-debian-disk-%{random_suffix}" image = data.google_compute_image.debian.self_link size = 10 type = "pd-ssd" @@ -3174,7 +3277,7 @@ resource "google_compute_snapshot" "snapshot" { } resource "google_compute_instance_template" "template" { - name = "tf-test-instance-template-%s" + name = "tf-test-instance-template-%{random_suffix}" machine_type = "e2-medium" disk { @@ -3191,23 +3294,23 @@ resource "google_compute_instance_template" "template" { network = "default" } } -`, kmsRingName, kmsKeyName, suffix, suffix) +`, context) } -func testAccComputeInstanceTemplate_sourceImageEncryptionKey(kmsRingName, kmsKeyName, suffix string) string { - return fmt.Sprintf(` +func testAccComputeInstanceTemplate_sourceImageEncryptionKey(context map[string]interface{}) string { + return Nprintf(` data "google_kms_key_ring" "ring" { - name = "%s" + name = "%{kms_ring_name}" location = "us-central1" } data "google_kms_crypto_key" "key" { - name = "%s" + name = "%{kms_key_name}" key_ring = data.google_kms_key_ring.ring.id } resource "google_service_account" "test" { - account_id = "tf-test-sa-%s" + account_id = "tf-test-sa-%{random_suffix}" display_name = "KMS Ops Account" } @@ -3233,7 +3336,7 @@ resource "google_compute_image" "image" { resource "google_compute_instance_template" "template" { - name = "tf-test-instance-template-%s" + name = "tf-test-instance-template-%{random_suffix}" machine_type = "e2-medium" disk { @@ -3250,5 +3353,5 @@ resource "google_compute_instance_template" "template" { network = "default" } } -`, kmsRingName, kmsKeyName, suffix, suffix) +`, context) } diff --git a/mmv1/third_party/terraform/tests/resource_compute_per_instance_config_test.go b/mmv1/third_party/terraform/tests/resource_compute_per_instance_config_test.go.erb similarity index 99% rename from mmv1/third_party/terraform/tests/resource_compute_per_instance_config_test.go rename to mmv1/third_party/terraform/tests/resource_compute_per_instance_config_test.go.erb index 729aae283391..55a9c5079a81 100644 --- a/mmv1/third_party/terraform/tests/resource_compute_per_instance_config_test.go +++ b/mmv1/third_party/terraform/tests/resource_compute_per_instance_config_test.go.erb @@ -1,3 +1,4 @@ +<% autogen_exception -%> package google import ( @@ -125,6 +126,7 @@ func TestAccComputePerInstanceConfig_update(t *testing.T) { }) } +<% unless version == 'ga' -%> func TestAccComputePerInstanceConfig_statefulIps(t *testing.T) { t.Parallel() @@ -165,6 +167,7 @@ func TestAccComputePerInstanceConfig_statefulIps(t *testing.T) { }, }) } +<% end -%> func testAccComputePerInstanceConfig_statefulBasic(context map[string]interface{}) string { return Nprintf(` @@ -336,6 +339,7 @@ resource "google_compute_instance_group_manager" "igm" { `, context) } +<% unless version == 'ga' -%> func testAccComputePerInstanceConfig_statefulIpsBasic(context map[string]interface{}) string { return Nprintf(` resource "google_compute_network" "default" { @@ -485,6 +489,7 @@ resource "google_compute_disk" "disk1" { } `, context) + testAccComputePerInstanceConfig_igm(context) } +<% end -%> // Checks that the per instance config with the given name was destroyed func testAccCheckComputePerInstanceConfigDestroyed(t *testing.T, igmId, configName string) resource.TestCheckFunc { diff --git a/mmv1/third_party/terraform/tests/resource_compute_region_per_instance_config_test.go b/mmv1/third_party/terraform/tests/resource_compute_region_per_instance_config_test.go.erb similarity index 99% rename from mmv1/third_party/terraform/tests/resource_compute_region_per_instance_config_test.go rename to mmv1/third_party/terraform/tests/resource_compute_region_per_instance_config_test.go.erb index 6e4e3b594005..b2664629477c 100644 --- a/mmv1/third_party/terraform/tests/resource_compute_region_per_instance_config_test.go +++ b/mmv1/third_party/terraform/tests/resource_compute_region_per_instance_config_test.go.erb @@ -1,3 +1,4 @@ +<% autogen_exception -%> package google import ( @@ -124,7 +125,7 @@ func TestAccComputeRegionPerInstanceConfig_update(t *testing.T) { }, }) } - +<% unless version == 'ga' -%> func TestAccComputeRegionPerInstanceConfig_statefulIps(t *testing.T) { t.Parallel() @@ -165,6 +166,7 @@ func TestAccComputeRegionPerInstanceConfig_statefulIps(t *testing.T) { }, }) } +<% end -%> func testAccComputeRegionPerInstanceConfig_statefulBasic(context map[string]interface{}) string { return Nprintf(` @@ -343,7 +345,7 @@ resource "google_compute_region_instance_group_manager" "rigm" { } `, context) } - +<% unless version == 'ga' -%> func testAccComputeRegionPerInstanceConfig_statefulIpsBasic(context map[string]interface{}) string { return Nprintf(` resource "google_compute_network" "default" { @@ -495,6 +497,7 @@ resource "google_compute_disk" "disk1" { } `, context) + testAccComputeRegionPerInstanceConfig_rigm(context) } +<% end -%> // Checks that the per instance config with the given name was destroyed func testAccCheckComputeRegionPerInstanceConfigDestroyed(t *testing.T, rigmId, configName string) resource.TestCheckFunc { diff --git a/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb b/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb index 90a7132665c4..6857d03e908b 100644 --- a/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb @@ -351,6 +351,53 @@ func TestAccComputeSecurityPolicy_withRateLimitOption_withMultipleEnforceOnKeyCo }) } + +func TestAccComputeSecurityPolicy_EnforceOnKeyUpdates(t *testing.T) { + t.Parallel() + + spName := fmt.Sprintf("tf-test-%s", RandString(t, 10)) + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyName(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKey(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyConfigs(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKey(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + <% end -%> func TestAccComputeSecurityPolicy_withRecaptchaOptionsConfig(t *testing.T) { @@ -1180,12 +1227,89 @@ resource "google_compute_security_policy" "policy" { } <% unless version == 'ga' -%> +func testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKey(spName string) string { + return fmt.Sprintf(` +resource "google_compute_security_policy" "policy" { + name = "%s" + description = "throttle rule with enforce_on_key_configs" + + rule { + action = "throttle" + priority = "2147483647" + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = ["*"] + } + } + description = "default rule" + + rate_limit_options { + conform_action = "allow" + exceed_action = "redirect" + + enforce_on_key = "IP" + + exceed_redirect_options { + type = "EXTERNAL_302" + target = "https://www.example.com" + } + + rate_limit_threshold { + count = 10 + interval_sec = 60 + } + } + } +} +`, spName) +} + +func testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyName(spName string) string { + return fmt.Sprintf(` +resource "google_compute_security_policy" "policy" { + name = "%s" + description = "throttle rule with enforce_on_key_configs" + + rule { + action = "throttle" + priority = "2147483647" + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = ["*"] + } + } + description = "default rule" + + rate_limit_options { + conform_action = "allow" + exceed_action = "redirect" + + enforce_on_key = "HTTP_HEADER" + enforce_on_key_name = "user-agent" + + exceed_redirect_options { + type = "EXTERNAL_302" + target = "https://www.example.com" + } + + rate_limit_threshold { + count = 10 + interval_sec = 60 + } + } + } +} +`, spName) +} + func testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyConfigs(spName string) string { return fmt.Sprintf(` resource "google_compute_security_policy" "policy" { name = "%s" description = "throttle rule with enforce_on_key_configs" - + rule { action = "throttle" priority = "2147483647" @@ -1226,7 +1350,7 @@ func testAccComputeSecurityPolicy_withRateLimitOption_withMultipleEnforceOnKeyCo resource "google_compute_security_policy" "policy" { name = "%s" description = "throttle rule with enforce_on_key_configs" - + rule { action = "throttle" priority = "2147483647" diff --git a/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb b/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb index 560c34bf20a2..46023097e987 100644 --- a/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb @@ -4447,7 +4447,7 @@ func TestAccContainerCluster_failedCreation(t *testing.T) { clusterName := fmt.Sprintf("tf-test-cluster-%s", RandString(t, 10)) - project := BootstrapProject(t, "tf-fail-cluster-test", GetTestBillingAccountFromEnv(t), []string{"container.googleapis.com"}) + project := BootstrapProject(t, "tf-fail-cluster-", GetTestBillingAccountFromEnv(t), []string{"container.googleapis.com"}) removeContainerServiceAgentRoleFromContainerEngineRobot(t, project) VcrTest(t, resource.TestCase{ diff --git a/mmv1/third_party/terraform/tests/resource_data_fusion_instance_test.go b/mmv1/third_party/terraform/tests/resource_data_fusion_instance_test.go index 0ba6eedf6e81..111da1710700 100644 --- a/mmv1/third_party/terraform/tests/resource_data_fusion_instance_test.go +++ b/mmv1/third_party/terraform/tests/resource_data_fusion_instance_test.go @@ -48,6 +48,10 @@ resource "google_data_fusion_instance" "foobar" { options = { prober_test_run = "true" } + accelerators { + accelerator_type = "CDC" + state = "DISABLED" + } } `, instanceName) } @@ -66,6 +70,11 @@ resource "google_data_fusion_instance" "foobar" { label2 = "value2" } version = "6.8.0" + + accelerators { + accelerator_type = "CCAI_INSIGHTS" + state = "ENABLED" + } # Mark for testing to avoid service networking connection usage that is not cleaned up options = { prober_test_run = "true" diff --git a/mmv1/third_party/terraform/tests/resource_eventarc_channel_test.go.erb b/mmv1/third_party/terraform/tests/resource_eventarc_channel_test.go.erb index 09e220fa1969..98714def0a2d 100644 --- a/mmv1/third_party/terraform/tests/resource_eventarc_channel_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_eventarc_channel_test.go.erb @@ -43,8 +43,8 @@ func TestAccEventarcChannel_cryptoKeyUpdate(t *testing.T) { t.Parallel() region := GetTestRegionFromEnv() - key1 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-key1") - key2 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-key2") + key1 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-channel-key1") + key2 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-channel-key2") context := map[string]interface{}{ "region": region, diff --git a/mmv1/third_party/terraform/tests/resource_eventarc_google_channel_config_test.go.erb b/mmv1/third_party/terraform/tests/resource_eventarc_google_channel_config_test.go.erb index 5846919dffcf..c8f8bf4dce17 100644 --- a/mmv1/third_party/terraform/tests/resource_eventarc_google_channel_config_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_eventarc_google_channel_config_test.go.erb @@ -43,8 +43,8 @@ func TestAccEventarcGoogleChannelConfig_cryptoKeyUpdate(t *testing.T) { t.Parallel() region := GetTestRegionFromEnv() - key1 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-key1") - key2 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-key2") + key1 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-google-channel-config-key1") + key2 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-google-channel-config-key2") context := map[string]interface{}{ "project_name": GetTestProjectFromEnv(), diff --git a/mmv1/third_party/terraform/tests/resource_eventarc_trigger_test.go.erb b/mmv1/third_party/terraform/tests/resource_eventarc_trigger_test.go.erb index 503254f5e8ea..5f9e9430b5b8 100644 --- a/mmv1/third_party/terraform/tests/resource_eventarc_trigger_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_eventarc_trigger_test.go.erb @@ -18,8 +18,8 @@ func TestAccEventarcTrigger_channel(t *testing.T) { t.Parallel() region := GetTestRegionFromEnv() - key1 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-key1") - key2 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-key2") + key1 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-trigger-key1") + key2 := BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", region, "tf-bootstrap-eventarc-trigger-key2") context := map[string]interface{}{ "region": region, diff --git a/mmv1/third_party/terraform/tests/resource_google_project_test.go b/mmv1/third_party/terraform/tests/resource_google_project_test.go index d668bc5610d6..4aab90fc0e8c 100644 --- a/mmv1/third_party/terraform/tests/resource_google_project_test.go +++ b/mmv1/third_party/terraform/tests/resource_google_project_test.go @@ -23,6 +23,15 @@ var ( ) func init() { + // SKIP_PROJECT_SWEEPER can be set for a sweeper run to prevent it from + // sweeping projects. This can be useful when running sweepers in + // organizations where acceptance tests intiated by another project may + // already be in-progress. + // Example: SKIP_PROJECT_SWEEPER=1 go test ./google -v -sweep=us-central1 -sweep-run= + if os.Getenv("SKIP_PROJECT_SWEEPER") != "" { + return + } + resource.AddTestSweepers("GoogleProject", &resource.Sweeper{ Name: "GoogleProject", F: testSweepProject, diff --git a/mmv1/third_party/terraform/tests/resource_pubsub_topic_test.go b/mmv1/third_party/terraform/tests/resource_pubsub_topic_test.go index b78147f0dfd8..6732417f39e6 100644 --- a/mmv1/third_party/terraform/tests/resource_pubsub_topic_test.go +++ b/mmv1/third_party/terraform/tests/resource_pubsub_topic_test.go @@ -45,6 +45,10 @@ func TestAccPubsubTopic_cmek(t *testing.T) { kms := BootstrapKMSKey(t) topicName := fmt.Sprintf("tf-test-%s", RandString(t, 10)) + if BootstrapPSARole(t, "service-", "gcp-sa-pubsub", "roles/cloudkms.cryptoKeyEncrypterDecrypter") { + t.Fatal("Stopping the test because a role was added to the policy.") + } + VcrTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: TestAccProviders, diff --git a/mmv1/third_party/terraform/tests/resource_spanner_database_test.go.erb b/mmv1/third_party/terraform/tests/resource_spanner_database_test.go.erb index 0633a2c64e7f..8a5f374a2ab4 100644 --- a/mmv1/third_party/terraform/tests/resource_spanner_database_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_spanner_database_test.go.erb @@ -22,6 +22,13 @@ func TestAccSpannerDatabase_basic(t *testing.T) { Providers: TestAccProviders, CheckDestroy: testAccCheckSpannerDatabaseDestroyProducer(t), Steps: []resource.TestStep{ + { + Config: testAccSpannerDatabase_virtualUpdate(instanceName, databaseName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("google_spanner_database.basic", "state"), + resource.TestCheckResourceAttr("google_spanner_database.basic", "version_retention_period", "1h"), // default set by API + ), + }, { Config: testAccSpannerDatabase_basic(instanceName, databaseName), Check: resource.ComposeTestCheckFunc( @@ -120,6 +127,27 @@ resource "google_spanner_database" "basic" { `, instanceName, instanceName, databaseName) } +func testAccSpannerDatabase_virtualUpdate(instanceName, databaseName string) string { + return fmt.Sprintf(` +resource "google_spanner_instance" "basic" { + name = "%s" + config = "regional-us-central1" + display_name = "%s-display" + num_nodes = 1 +} + +resource "google_spanner_database" "basic" { + instance = google_spanner_instance.basic.name + name = "%s" + ddl = [ + "CREATE TABLE t1 (t1 INT64 NOT NULL,) PRIMARY KEY(t1)", + "CREATE TABLE t2 (t2 INT64 NOT NULL,) PRIMARY KEY(t2)", + ] + deletion_protection = true +} +`, instanceName, instanceName, databaseName) +} + func TestAccSpannerDatabase_postgres(t *testing.T) { t.Parallel() diff --git a/mmv1/third_party/terraform/tests/resource_spanner_instance_test.go b/mmv1/third_party/terraform/tests/resource_spanner_instance_test.go index 0333fa34d92c..9c03a4c5dfd7 100644 --- a/mmv1/third_party/terraform/tests/resource_spanner_instance_test.go +++ b/mmv1/third_party/terraform/tests/resource_spanner_instance_test.go @@ -147,6 +147,35 @@ func TestAccSpannerInstance_update(t *testing.T) { }) } +func TestAccSpannerInstance_virtualUpdate(t *testing.T) { + // Randomness + SkipIfVcr(t) + t.Parallel() + + dName := fmt.Sprintf("spanner-dname1-%s", RandString(t, 10)) + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckSpannerInstanceDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSpannerInstance_virtualUpdate(dName, "true"), + }, + { + ResourceName: "google_spanner_instance.basic", + ImportState: true, + }, + { + Config: testAccSpannerInstance_virtualUpdate(dName, "false"), + }, + { + ResourceName: "google_spanner_instance.basic", + ImportState: true, + }, + }, + }) +} + func testAccSpannerInstance_basic(name string) string { return fmt.Sprintf(` resource "google_spanner_instance" "basic" { @@ -196,3 +225,15 @@ resource "google_spanner_instance" "updater" { } `, name, nodes, extraLabel) } + +func testAccSpannerInstance_virtualUpdate(name, virtual string) string { + return fmt.Sprintf(` +resource "google_spanner_instance" "basic" { + name = "%s" + config = "regional-us-central1" + display_name = "%s" + processing_units = 100 + force_destroy = "%s" +} +`, name, name, virtual) +} diff --git a/mmv1/third_party/terraform/tests/resource_vertex_ai_endpoint_test.go b/mmv1/third_party/terraform/tests/resource_vertex_ai_endpoint_test.go index 26e8af2fc4f5..985626203941 100644 --- a/mmv1/third_party/terraform/tests/resource_vertex_ai_endpoint_test.go +++ b/mmv1/third_party/terraform/tests/resource_vertex_ai_endpoint_test.go @@ -29,7 +29,7 @@ func TestAccVertexAIEndpoint_vertexAiEndpointNetwork(t *testing.T) { context := map[string]interface{}{ "endpoint_name": fmt.Sprint(RandInt(t) % 9999999999), "kms_key_name": BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name, - "network_name": BootstrapSharedTestNetwork(t, "vertex"), + "network_name": BootstrapSharedTestNetwork(t, "vertex-ai-endpoint-update"), "random_suffix": RandString(t, 10), } diff --git a/mmv1/third_party/terraform/utils/bootstrap_iam_test.go b/mmv1/third_party/terraform/utils/bootstrap_iam_test.go new file mode 100644 index 000000000000..e9a322f01042 --- /dev/null +++ b/mmv1/third_party/terraform/utils/bootstrap_iam_test.go @@ -0,0 +1,151 @@ +package google + +import ( + "fmt" + "log" + "testing" + + cloudresourcemanager "google.golang.org/api/cloudresourcemanager/v1" +) + +// BootstrapAllPSARoles ensures that the given project's IAM +// policy grants the given service agents the given roles. +// prefix is usually "service-" and indicates the service agent should have the +// given prefix before the project number. +// This is important to bootstrap because using iam policy resources means that +// deleting them removes permissions for concurrent tests. +// Return whether the bindings changed. +func BootstrapAllPSARoles(t *testing.T, prefix string, agentNames, roles []string) bool { + config := BootstrapConfig(t) + if config == nil { + t.Fatal("Could not bootstrap a config for BootstrapAllPSARoles.") + } + client := config.NewResourceManagerClient(config.UserAgent) + + // Get the project since we need its number, id, and policy. + project, err := client.Projects.Get(GetTestProjectFromEnv()).Do() + if err != nil { + t.Fatalf("Error getting project with id %q: %s", project.ProjectId, err) + } + + getPolicyRequest := &cloudresourcemanager.GetIamPolicyRequest{} + policy, err := client.Projects.GetIamPolicy(project.ProjectId, getPolicyRequest).Do() + if err != nil { + t.Fatalf("Error getting project iam policy: %v", err) + } + + members := make([]string, len(agentNames)) + for i, agentName := range agentNames { + members[i] = fmt.Sprintf("serviceAccount:%s%d@%s.iam.gserviceaccount.com", prefix, project.ProjectNumber, agentName) + } + + // Create the bindings we need to add to the policy. + var newBindings []*cloudresourcemanager.Binding + for _, role := range roles { + newBindings = append(newBindings, &cloudresourcemanager.Binding{ + Role: role, + Members: members, + }) + } + + mergedBindings := MergeBindings(append(policy.Bindings, newBindings...)) + + if !compareBindings(policy.Bindings, mergedBindings) { + addedBindings := missingBindings(policy.Bindings, mergedBindings) + for _, missingBinding := range addedBindings { + log.Printf("[DEBUG] Adding binding: %+v", missingBinding) + } + // The policy must change. + policy.Bindings = mergedBindings + setPolicyRequest := &cloudresourcemanager.SetIamPolicyRequest{Policy: policy} + policy, err = client.Projects.SetIamPolicy(project.ProjectId, setPolicyRequest).Do() + if err != nil { + t.Fatalf("Error setting project iam policy: %v", err) + } + msg := "Added the following bindings to the test project's IAM policy:\n" + for _, binding := range addedBindings { + msg += fmt.Sprintf("Members: %q, Role: %q\n", binding.Members, binding.Role) + } + msg += "Retry the test in a few minutes." + t.Error(msg) + return true + } + return false +} + +// BootstrapAllPSARole is a version of BootstrapAllPSARoles for granting a +// single role to multiple service agents. +func BootstrapAllPSARole(t *testing.T, prefix string, agentNames []string, role string) bool { + return BootstrapAllPSARoles(t, prefix, agentNames, []string{role}) +} + +// BootstrapPSARoles is a version of BootstrapAllPSARoles for granting roles to +// a single service agent. +func BootstrapPSARoles(t *testing.T, prefix, agentName string, roles []string) bool { + return BootstrapAllPSARoles(t, prefix, []string{agentName}, roles) +} + +// BootstrapPSARole is a simplified version of BootstrapPSARoles for granting a +// single role to a single service agent. +func BootstrapPSARole(t *testing.T, prefix, agentName, role string) bool { + return BootstrapPSARoles(t, prefix, agentName, []string{role}) +} + +// Returns a map representing iam bindings that are in the first map but not the second. +func missingBindingsMap(aMap, bMap map[iamBindingKey]map[string]struct{}) map[iamBindingKey]map[string]struct{} { + results := make(map[iamBindingKey]map[string]struct{}) + for key, aMembers := range aMap { + if bMembers, ok := bMap[key]; ok { + // The key is in both maps. + resultMembers := make(map[string]struct{}) + + for aMember := range aMembers { + if _, ok := bMembers[aMember]; !ok { + // The member is in a but not in b. + resultMembers[aMember] = struct{}{} + } + } + for bMember := range bMembers { + if _, ok := aMembers[bMember]; !ok { + // The member is in b but not in a. + resultMembers[bMember] = struct{}{} + } + } + + if len(resultMembers) > 0 { + results[key] = resultMembers + } + } else { + // The key is in map a but not map b. + results[key] = aMembers + } + } + + for key, bMembers := range bMap { + if _, ok := aMap[key]; !ok { + // The key is in map b but not map a. + results[key] = bMembers + } + } + + return results +} + +// Returns the bindings that are in the first set of bindings but not the second. +func missingBindings(a, b []*cloudresourcemanager.Binding) []*cloudresourcemanager.Binding { + aMap := createIamBindingsMap(a) + bMap := createIamBindingsMap(b) + + var results []*cloudresourcemanager.Binding + for key, membersSet := range missingBindingsMap(aMap, bMap) { + members := make([]string, 0, len(membersSet)) + for member := range membersSet { + members = append(members, member) + } + results = append(results, &cloudresourcemanager.Binding{ + Role: key.Role, + Members: members, + }) + } + return results +} diff --git a/mmv1/third_party/terraform/utils/bootstrap_utils_test.go b/mmv1/third_party/terraform/utils/bootstrap_utils_test.go index bcb464bb4d36..2dc98fa5dad9 100644 --- a/mmv1/third_party/terraform/utils/bootstrap_utils_test.go +++ b/mmv1/third_party/terraform/utils/bootstrap_utils_test.go @@ -255,14 +255,23 @@ func BootstrapSharedTestADDomain(t *testing.T, testId string, networkName string const SharedTestNetworkPrefix = "tf-bootstrap-net-" -// BootstrapSharedTestNetwork will return a shared compute network -// for a test or set of tests. Often resources create complementing -// tenant network resources, which we don't control and which don't get cleaned -// up after our owned resource is deleted in test. These tenant resources -// have quotas, so creating a shared test network prevents hitting these limits. +// BootstrapSharedTestNetwork will return a persistent compute network for a +// test or set of tests. // -// testId specifies the test/suite for which a shared network is used/initialized. -// Returns the name of an network, creating it if hasn't been created in the test projcet. +// Resources like service_networking_connection use a consumer network and +// create a complementing tenant network which we don't control. These tenant +// networks never get cleaned up and they can accumulate to the point where a +// limit is reached for the organization. By reusing a consumer network across +// test runs, we can reduce the number of tenant networks that are needed. +// See b/146351146 for more context. +// +// testId specifies the test for which a shared network is used/initialized. +// Note that if the network is being used for a service_networking_connection, +// the same testId should generally not be used across tests, to avoid race +// conditions where multiple tests attempt to modify the connection at once. +// +// Returns the name of a network, creating it if it hasn't been created in the +// test project. func BootstrapSharedTestNetwork(t *testing.T, testId string) string { project := GetTestProjectFromEnv() networkName := SharedTestNetworkPrefix + testId @@ -418,12 +427,21 @@ func removeContainerServiceAgentRoleFromContainerEngineRobot(t *testing.T, proje } } -func BootstrapProject(t *testing.T, projectID, billingAccount string, services []string) *cloudresourcemanager.Project { +// BootstrapProject will create or get a project named +// "" that will persist across test runs, +// where projectIDSuffix is based off of getTestProjectFromEnv(). The reason +// for the naming is to isolate bootstrapped projects by test environment. +// Given the existing projects being used by our team, the prefix provided to +// this function can be no longer than 18 characters. +func BootstrapProject(t *testing.T, projectIDPrefix, billingAccount string, services []string) *cloudresourcemanager.Project { config := BootstrapConfig(t) if config == nil { return nil } + projectIDSuffix := strings.Replace(GetTestProjectFromEnv(), "ci-test-project-", "", 1) + projectID := projectIDPrefix + projectIDSuffix + crmClient := config.NewResourceManagerClient(config.UserAgent) project, err := crmClient.Projects.Get(projectID).Do() @@ -516,82 +534,7 @@ func BootstrapProject(t *testing.T, projectID, billingAccount string, services [ return project } -// BootstrapAllPSARoles ensures that the given project's IAM -// policy grants the given service agents the given roles. -// This is important to bootstrap because using iam policy resources means that -// deleting them removes permissions for concurrent tests. -// Return whether the policy changed. -func BootstrapAllPSARoles(t *testing.T, agentNames, roles []string) bool { - config := BootstrapConfig(t) - if config == nil { - t.Fatal("Could not bootstrap a config for BootstrapAllPSARoles.") - return false - } - client := config.NewResourceManagerClient(config.UserAgent) - - // Get the project since we need its number, id, and policy. - project, err := client.Projects.Get(GetTestProjectFromEnv()).Do() - if err != nil { - t.Fatalf("Error getting project with id %q: %s", project.ProjectId, err) - return false - } - - getPolicyRequest := &cloudresourcemanager.GetIamPolicyRequest{} - policy, err := client.Projects.GetIamPolicy(project.ProjectId, getPolicyRequest).Do() - if err != nil { - t.Fatalf("Error getting project iam policy: %v", err) - return false - } - - var members []string - for _, agentName := range agentNames { - member := fmt.Sprintf("serviceAccount:service-%d@%s.iam.gserviceaccount.com", project.ProjectNumber, agentName) - members = append(members, member) - } - - // Create the bindings we need to add to the policy. - var newBindings []*cloudresourcemanager.Binding - for _, role := range roles { - newBindings = append(newBindings, &cloudresourcemanager.Binding{ - Role: role, - Members: members, - }) - } - - mergedBindings := MergeBindings(append(policy.Bindings, newBindings...)) - - if !compareBindings(policy.Bindings, mergedBindings) { - // The policy must change. - setPolicyRequest := &cloudresourcemanager.SetIamPolicyRequest{Policy: policy} - policy, err = client.Projects.SetIamPolicy(project.ProjectId, setPolicyRequest).Do() - if err != nil { - t.Fatalf("Error setting project iam policy: %v", err) - return false - } - return true - } - - return false -} - -// BootstrapAllPSARole is a version of BootstrapAllPSARoles for granting a -// single role to multiple service agents. -func BootstrapAllPSARole(t *testing.T, agentNames []string, role string) bool { - return BootstrapAllPSARoles(t, agentNames, []string{role}) -} - -// BootstrapPSARoles is a version of BootstrapAllPSARoles for granting roles to -// a single service agent. -func BootstrapPSARoles(t *testing.T, agentName string, roles []string) bool { - return BootstrapAllPSARoles(t, []string{agentName}, roles) -} - -// BootstrapPSARole is a simplified version of BootstrapPSARoles for granting a -// single role to a single service agent. -func BootstrapPSARole(t *testing.T, agentName, role string) bool { - return BootstrapPSARoles(t, agentName, []string{role}) -} - +// BootstrapConfig returns a Config pulled from the environment. func BootstrapConfig(t *testing.T) *Config { if v := os.Getenv("TF_ACC"); v == "" { t.Skip("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set") diff --git a/mmv1/third_party/terraform/utils/compute_instance_helpers.go.erb b/mmv1/third_party/terraform/utils/compute_instance_helpers.go.erb index 02488301ef35..d47ac9c953c4 100644 --- a/mmv1/third_party/terraform/utils/compute_instance_helpers.go.erb +++ b/mmv1/third_party/terraform/utils/compute_instance_helpers.go.erb @@ -142,6 +142,9 @@ func expandScheduling(v interface{}) (*compute.Scheduling, error) { scheduling.MaxRunDuration = transformedMaxRunDuration scheduling.ForceSendFields = append(scheduling.ForceSendFields, "MaxRunDuration") } + if v, ok := original["maintenance_interval"]; ok { + scheduling.MaintenanceInterval = v.(string) + } <% end -%> return scheduling, nil } @@ -200,6 +203,9 @@ func flattenScheduling(resp *compute.Scheduling) []map[string]interface{} { if resp.MaxRunDuration != nil { schedulingMap["max_run_duration"] = flattenComputeMaxRunDuration(resp.MaxRunDuration) } + if resp.MaintenanceInterval != "" { + schedulingMap["maintenance_interval"] = resp.MaintenanceInterval + } <% end -%> nodeAffinities := schema.NewSet(schema.HashResource(instanceSchedulingNodeAffinitiesElemSchema()), nil) diff --git a/mmv1/third_party/terraform/utils/privateca_utils.go b/mmv1/third_party/terraform/utils/privateca_utils.go index db3728965dd1..f8c84aac36fd 100644 --- a/mmv1/third_party/terraform/utils/privateca_utils.go +++ b/mmv1/third_party/terraform/utils/privateca_utils.go @@ -230,6 +230,37 @@ func expandPrivatecaCertificateConfigX509ConfigAiaOcspServers(v interface{}, d T return v, nil } +func expandPrivatecaCertificateConfigX509ConfigNameConstraints(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + if v == nil { + return nil, nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + raw := l[0] + original := raw.(map[string]interface{}) + if len(original) == 0 { + // Ignore empty name constraints + return nil, nil + } + + transformed := make(map[string]interface{}) + transformed["critical"] = original["critical"] + transformed["permittedDnsNames"] = original["permitted_dns_names"] + transformed["excludedDnsNames"] = original["excluded_dns_names"] + transformed["permittedIpRanges"] = original["permitted_ip_ranges"] + transformed["excludedIpRanges"] = original["excluded_ip_ranges"] + transformed["permittedEmailAddresses"] = original["permitted_email_addresses"] + transformed["excludedEmailAddresses"] = original["excluded_email_addresses"] + transformed["permittedUris"] = original["permitted_uris"] + transformed["excludedUris"] = original["excluded_uris"] + + return transformed, nil +} + // Flattener utilities func flattenPrivatecaCertificateConfigX509ConfigAdditionalExtensions(v interface{}, d *schema.ResourceData, config *Config) interface{} { @@ -490,3 +521,23 @@ func flattenPrivatecaCertificateConfigX509ConfigKeyUsageUnknownExtendedKeyUsages func flattenPrivatecaCertificateConfigX509ConfigKeyUsageUnknownExtendedKeyUsagesObjectIdPath(v interface{}, d *schema.ResourceData, config *Config) interface{} { return v } + +func flattenPrivatecaCertificateConfigX509ConfigNameConstraints(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformed["critical"] = original["critical"] + transformed["permitted_dns_names"] = original["permittedDnsNames"] + transformed["excluded_dns_names"] = original["excludedDnsNames"] + transformed["permitted_ip_ranges"] = original["permittedIpRanges"] + transformed["excluded_ip_ranges"] = original["excludedIpRanges"] + transformed["permitted_email_addresses"] = original["permittedEmailAddresses"] + transformed["excluded_email_addresses"] = original["excludedEmailAddresses"] + transformed["permitted_uris"] = original["permittedUris"] + transformed["excluded_uris"] = original["excludedUris"] + + return []interface{}{transformed} +} diff --git a/mmv1/third_party/terraform/utils/provider.go.erb b/mmv1/third_party/terraform/utils/provider.go.erb index bd155a519289..8c6765833f41 100644 --- a/mmv1/third_party/terraform/utils/provider.go.erb +++ b/mmv1/third_party/terraform/utils/provider.go.erb @@ -409,6 +409,9 @@ end # products.each do map[string]*schema.Resource{ // ####### START handwritten resources ########### "google_app_engine_application": ResourceAppEngineApplication(), + "google_apigee_sharedflow": ResourceApigeeSharedFlow(), + "google_apigee_sharedflow_deployment": ResourceApigeeSharedFlowDeployment(), + "google_apigee_flowhook": ResourceApigeeFlowhook(), "google_bigquery_table": ResourceBigQueryTable(), "google_bigtable_gc_policy": ResourceBigtableGCPolicy(), "google_bigtable_instance": ResourceBigtableInstance(), @@ -698,4 +701,4 @@ func validateCredentials(v interface{}, k string) (warnings []string, errors []e } return -} +} \ No newline at end of file diff --git a/mmv1/third_party/terraform/utils/test-fixtures/apigee/apigee_sharedflow_bundle.zip b/mmv1/third_party/terraform/utils/test-fixtures/apigee/apigee_sharedflow_bundle.zip new file mode 100644 index 0000000000000000000000000000000000000000..52f1c94091bbce546f48e15e9f0c10e692bb8843 GIT binary patch literal 1016 zcmb_b%}&BV5MB^H^rXS7rr8+dr4*0=CZ)umaKWD@g7<}Pu}LXScR{)O1jYyP5qtD$i3#>%t;0sL$+~+rhO;70c8e&rI8$bntM{Q`%T& zoVX@&W-jgEC1tp)OWJ+FrUz^;0yeTw7j~2c%PyHh?AnP~mtCx?uGgBadh4v-uAbH#O-+qAM51fL_zh6C?7Y~_t^mZOnK(G*(M@WR zxx+OzjtbZ%z5|rT=A*&Vqk0^tsVkq9gol;UrL<5fo(_%yw2=~u}RDi=4TN(f=}w|4}x1WyAfyaN`YZ+*NAA^-pY literal 0 HcmV?d00001 diff --git a/mmv1/third_party/terraform/utils/test-fixtures/apigee/apigee_sharedflow_bundle2.zip b/mmv1/third_party/terraform/utils/test-fixtures/apigee/apigee_sharedflow_bundle2.zip new file mode 100644 index 0000000000000000000000000000000000000000..6e15c11140339b09aeff8b62ba4c29eaa24b964d GIT binary patch literal 2645 zcma);3p`Zm8^@3PV6;?I>z-__%eWImVpt@T)RbFm44ILPyFt0%#j-VJqN$k@`Adu# zw-_eZ$t4<>kd`8(6&iBi{$u_7mu|c7`JDHh_dVzNexA?g{GRiBY^->ARR9140# zCjidiUY|Ha4A>3?oObcYxM6WV!LE33HylQd3lQCS`pL`#*ldCnPPeU8aRIHnwM4X?&;g1Jw|Ag$YF`vf#xe1? zgIf-{_Ag$zHES&7|19HbT#K0g+n%7wEdhZ*NG(sdvRZ|mZ~1e(rDEZ@$lB4!r+t!9 z=?hKasab`u&0VV)7t1v7$Szf$CL(To>=Rkp^H*d-`5p6d#)}RjltdqhQpdqnZE*+{ z{mvb6G^P$UG)3Qvd|4`{D`z^cF`N-|t(?kcL#BtD>MU0y7a>8ERLzm{xfS7sDGZ)b~YRW?-MFC14 z(PD}&=%p`Tyrq?aw1nl`7DKkeCv_YfT_4==V$Qn+w^j7H+apa;i(a$FZ{fHhmljI- zD!)2djo;m&5es=z`bIT#PnDB+Mtg_7imiM{sS{!n#a82uk8> zTJZJ3d7SdV1pF&y2?_`%OY;Cg9X|l5e3xeGg2VaX162_lQu~(9QjZV){$ihKM2E9R zJ5m{5Jkacw{7a>mnv$!SVDSCimY+<0)B6gi826|Yf z&S#|=9vv-=wnvr=HIU{)VVxR6$~EH<$eycY9Z>52tR2UN6}qK$y^|7{Jz})#5uyWi z(ay|L`}(6S1!Wsq%M!Gga;R_&ei12^?WRadFlpAhdZ_H?yR3U!MmM28aorV=2B$KM zyG9!APF3w~lQJc9wNtT?(Q;eq)c(r!ySLLtcf_l7BMy^NH5b}FYraKeifh|y zzHY-2(b`nV`H}ZBN2Ej>FM2BKCr|jvp9P;vrj~{ohJpoK1Q!6w{r&-#=lCXX(7B$3 zV=UBvPLuBqX|QEgj~xor_nOGxbj^;c9-{&>EZg2gDh@b53S8%k3s>%zI zo7SGOixIk~)x32r1-i;Fp#}|Kda{O>j4r9VrH%ys#9KVJK@;%=)F$Q$H?rLpsm#zz)i>Rb%OLflQm^f8KDk#Sgm&f=na$nR9L^w(A}&pzu#XHw@MVj|==(9b+!SeV(d==hF8fl5KQ(p=4 zuw>D%(4C9kh%T|9s#MXwJOV9OD7KI(M~mxjAy7|Z6P!n@H6>a@qN`GN-OtJDaOQi2 zHCF5B+>4%RfLyjHsNkX#-FPmWdz^c!m}gb@9}@$7Wls_x${W(AcyNam@nqWMf+mwu z)a7AX;<=un1X0~m-0_7IgSs*Hh_ zNh`U=4ASF2VL~JCyQjq6Kkua|HFnp*$L&d`T!TTE_Tbrc1l2Cwe~qzFTjx2u)5eO6 z^SQTwqv80ZsrdW$qon@VetaIjxz*SR=SYe(%sA&4;hP(e&tdCfAH8aQ^**NOTE:** Batching is not implemented for the majority or resources/request types and is bounded by two values. If you are running into issues with slow batches -resources, you may need to adjust one or both of 1) the core [`-parallelism`](https://www.terraform.io/docs/commands/apply.html#parallelism-n) flag, which controls how many concurrent resources are being operated on and 2) `send_after`, the time interval after which a batch is sent. - -* `request_timeout` - (Optional) A duration string controlling the amount of time -the provider should wait for a single HTTP request. This will not adjust the -amount of time the provider will wait for a logical operation - use the resource -timeout blocks for that. - -* `request_reason` - (Optional) Send a Request Reason [System Parameter](https://cloud.google.com/apis/docs/system-parameters) for each API call made by the provider. The `X-Goog-Request-Reason` header value is used to provide a user-supplied justification into GCP AuditLogs. - -The `batching` fields supports: +acting as a service account without managing its key locally. -* `send_after` - (Optional) A duration string representing the amount of time -after which a request should be sent. Defaults to 3s. Note that if you increase -`parallelism` you should also increase this value. - -* `enable_batching` - (Optional) Defaults to true. If false, disables batching - so requests that have batching capabilities are instead is sent one by one. +To impersonate a service account, you must use another authentication method +to act as a primary identity, and the primary identity must have the +`roles/iam.serviceAccountTokenCreator` role on the service account Terraform is +impersonating. Google Cloud Platform checks permissions and quotas against the +impersonated service account regardless of the primary identity in use. -### Full Reference +## Authentication Configuration * `credentials` - (Optional) Either the path to or the contents of a [service account key file] in JSON format. You can @@ -215,11 +138,21 @@ are automatically available. See [Creating and Enabling Service Accounts for Instances][gce-service-account] for more details. -* On your computer, you can make your Google identity available by +* On your workstation, you can make your Google identity available by running [`gcloud auth application-default login`][gcloud adc]. --- +* `scopes` - (Optional) The list of OAuth 2.0 [scopes] requested when generating +an access token using the service account key specified in `credentials`. + +By default, the following scopes are configured: + + * https://www.googleapis.com/auth/cloud-platform + * https://www.googleapis.com/auth/userinfo.email + +--- + * `access_token` - (Optional) A temporary [OAuth 2.0 access token] obtained from the Google Authorization server, i.e. the `Authorization: Bearer` token used to authenticate HTTP requests to GCP APIs. This is an alternative to `credentials`, @@ -242,8 +175,38 @@ variable. * `impersonate_service_account_delegates` - (Optional) The delegation chain for an impersonating a service account as described [here](https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials#sa-credentials-delegated). +## Quota Management Configuration + +* `user_project_override` - (Optional) Defaults to `false`. Controls the quota +project used in requests to GCP APIs for the purpose of preconditions, quota, +and billing. If `false`, the quota project is determined by the API and may be +the project associated with your credentials, or the resource project. If `true`, +most resources in the provider will explicitly supply their resource project, as +described in their documentation. Otherwise, a `billing_project` value must be +supplied. Alternatively, this can be specified using the `USER_PROJECT_OVERRIDE` +environment variable. + +Service account credentials are associated with the project the service account +was created in. Credentials that come from the gcloud tool are associated with a +project owned by Google. In order to properly use credentials that come from +gcloud with Terraform, it is recommended to set this property to true. + +`user_project_override` uses the `X-Goog-User-Project` +[system parameter](https://cloud.google.com/apis/docs/system-parameters). When +set to true, the caller must have `serviceusage.services.use` permission on the +quota project. + --- +* `billing_project` - (Optional) A quota project to send in `user_project_override`, +used for all requests sent from the provider. If set on a resource that supports +sending the resource project, this value will supersede the resource project. +This field is ignored if `user_project_override` is set to false or unset. +Alternatively, this can be specified using the `GOOGLE_BILLING_PROJECT` +environment variable. + +## Provider Default Values Configuration + * `project` - (Optional) The default project to manage resources in. If another project is specified on a resource, it will take precedence. This can also be specified using the `GOOGLE_PROJECT` environment variable, or any of the @@ -277,17 +240,26 @@ following ordered by precedence. * GCLOUD_ZONE * CLOUDSDK_COMPUTE_ZONE ---- +## Advanced Settings Configuration -* `scopes` - (Optional) The list of OAuth 2.0 [scopes] requested when generating -an access token using the service account key specified in `credentials`. +* `request_timeout` - (Optional) A duration string controlling the amount of time +the provider should wait for individual HTTP requests. This will not adjust the +amount of time the provider will wait for a logical operation - use the resource +timeout blocks for that. This will adjust only the amount of time that a single +synchronous request will wait for a response. The default is 30 seconds, and +that should be a suitable value in most cases. Many GCP APIs will cancel a +request if no response is forthcoming within 30 seconds in any event. In +limited cases, such as DNS record set creation, there is a synchronous request +to create the resource. This may help in those cases. - By default, the following scopes are configured: - * https://www.googleapis.com/auth/cloud-platform - * https://www.googleapis.com/auth/userinfo.email +--- -* `request_reason` - (Optional) Send a Request Reason [System Parameter](https://cloud.google.com/apis/docs/system-parameters) for each API call made by the provider. The `X-Goog-Request-Reason` header value is used to provide a user-supplied justification into GCP AuditLogs. Alternatively, this can be specified using the `CLOUDSDK_CORE_REQUEST_REASON` environment variable. +* `request_reason` - (Optional) Send a Request Reason [System Parameter](https://cloud.google.com/apis/docs/system-parameters) +for each API call made by the provider. The `X-Goog-Request-Reason` header +value is used to provide a user-supplied justification into GCP AuditLogs. +Alternatively, this can be specified using the `CLOUDSDK_CORE_REQUEST_REASON` +environment variable. --- @@ -296,91 +268,36 @@ such as `compute_custom_endpoint`. Defaults to the production GCP endpoint for the service. This can be used to configure the Google provider to communicate with GCP-like APIs such as [the Cloud Functions emulator](https://github.com/googlearchive/cloud-functions-emulator). Values are expected to include the version of the service, such as -`https://www.googleapis.com/compute/v1/`. +`https://www.googleapis.com/compute/v1/`: -~> Support for custom endpoints is on a best-effort basis. The underlying -endpoint and default values for a resource can be changed at any time without -being considered a breaking change. +``` +provider "google" { + alias = "compute_beta_endpoint" + compute_custom_endpoint = "https://www.googleapis.com/compute/beta/" +} +``` -A full list of configurable keys, their default value (in the `google` provider -followed by `google-beta` if they differ), and an environment variable that can -be used for configuration are below: - -* `access_context_manager_custom_endpoint` (`GOOGLE_ACCESS_CONTEXT_MANAGER_CUSTOM_ENDPOINT`) - `https://accesscontextmanager.googleapis.com/v1/` -* `app_engine_custom_endpoint` (`GOOGLE_APP_ENGINE_CUSTOM_ENDPOINT`) - `https://appengine.googleapis.com/v1/` -* `bigquery_custom_endpoint` (`GOOGLE_BIGQUERY_CUSTOM_ENDPOINT`) - `https://www.googleapis.com/bigquery/v2/` -* `bigtable_custom_endpoint` (`GOOGLE_BIGTABLE_CUSTOM_ENDPOINT`) - `https://bigtableadmin.googleapis.com/v2/` -* `binary_authorization_custom_endpoint` (`GOOGLE_BINARY_AUTHORIZATION_CUSTOM_ENDPOINT`) - `https://binaryauthorization.googleapis.com/v1/` -* `cloud_billing_custom_endpoint` (`GOOGLE_CLOUD_BILLING_CUSTOM_ENDPOINT`) - `https://cloudbilling.googleapis.com/v1/` -* `cloud_build_custom_endpoint` (`GOOGLE_CLOUD_BUILD_CUSTOM_ENDPOINT`) - `https://cloudbuild.googleapis.com/v1/` -* `cloud_functions_custom_endpoint` (`GOOGLE_CLOUD_FUNCTIONS_CUSTOM_ENDPOINT`) - `https://cloudfunctions.googleapis.com/v1/` -* `cloud_iot_custom_endpoint` (`GOOGLE_CLOUD_IOT_CUSTOM_ENDPOINT`) - `https://cloudiot.googleapis.com/v1/` -* `cloud_scheduler_custom_endpoint` (`GOOGLE_CLOUD_SCHEDULER_CUSTOM_ENDPOINT`) - `https://cloudscheduler.googleapis.com/v1/` -* `composer_custom_endpoint` (`GOOGLE_COMPOSER_CUSTOM_ENDPOINT`) - `https://composer.googleapis.com/v1beta1/` -* `compute_custom_endpoint` (`GOOGLE_COMPUTE_CUSTOM_ENDPOINT`) - `https://www.googleapis.com/compute/v1/` | `https://www.googleapis.com/compute/beta/` -* `container_custom_endpoint` (`GOOGLE_CONTAINER_CUSTOM_ENDPOINT`) - `https://container.googleapis.com/v1/` -* `dataproc_custom_endpoint` (`GOOGLE_DATAPROC_CUSTOM_ENDPOINT`) - `https://dataproc.googleapis.com/v1/` -* `dataproc_beta_custom_endpoint` (`GOOGLE_DATAPROC_BETA_CUSTOM_ENDPOINT`) - `https://dataproc.googleapis.com/v1beta2/` -* `dataflow_custom_endpoint` (`GOOGLE_DATAFLOW_CUSTOM_ENDPOINT`) - `https://dataflow.googleapis.com/v1b3/` -* `dns_custom_endpoint` (`GOOGLE_DNS_CUSTOM_ENDPOINT`) - `https://www.googleapis.com/dns/v1/` | `https://www.googleapis.com/dns/v1beta2/` -* `dns_beta_custom_endpoint` (`GOOGLE_DNS_BETA_CUSTOM_ENDPOINT`) - `https://www.googleapis.com/dns/v1beta2/` -* `filestore_custom_endpoint` (`GOOGLE_FILESTORE_CUSTOM_ENDPOINT`) - `https://file.googleapis.com/v1/` -* `firestore_custom_endpoint` (`GOOGLE_FIRESTORE_CUSTOM_ENDPOINT`) - `https://firestore.googleapis.com/v1/` -* `iam_custom_endpoint` (`GOOGLE_IAM_CUSTOM_ENDPOINT`) - `https://iam.googleapis.com/v1/` -* `iam_credentials_custom_endpoint` (`GOOGLE_IAM_CREDENTIALS_CUSTOM_ENDPOINT`) - `https://iamcredentials.googleapis.com/v1/` -* `kms_custom_endpoint` (`GOOGLE_KMS_CUSTOM_ENDPOINT`) - `https://cloudkms.googleapis.com/v1/` -* `logging_custom_endpoint` (`GOOGLE_LOGGING_CUSTOM_ENDPOINT`) - `https://logging.googleapis.com/v2/` -* `monitoring_custom_endpoint` (`GOOGLE_MONITORING_CUSTOM_ENDPOINT`) - `https://monitoring.googleapis.com/` -* `pubsub_custom_endpoint` (`GOOGLE_PUBSUB_CUSTOM_ENDPOINT`) - `https://pubsub.googleapis.com/v1/` -* `redis_custom_endpoint` (`GOOGLE_REDIS_CUSTOM_ENDPOINT`) - `https://redis.googleapis.com/v1/` | `https://redis.googleapis.com/v1beta1/` -* `resource_manager_custom_endpoint` (`GOOGLE_RESOURCE_MANAGER_CUSTOM_ENDPOINT`) - `https://cloudresourcemanager.googleapis.com/v1/` -* `resource_manager_v2beta1_custom_endpoint` (`GOOGLE_RESOURCE_MANAGER_V2BETA1_CUSTOM_ENDPOINT`) - `https://cloudresourcemanager.googleapis.com/v2beta1/` -* `runtimeconfig_custom_endpoint` (`GOOGLE_RUNTIMECONFIG_CUSTOM_ENDPOINT`) - `https://runtimeconfig.googleapis.com/v1beta1/` -* `security_center_custom_endpoints` (`GOOGLE_SECURITY_CENTER_CUSTOM_ENDPOINT`) - `https://securitycenter.googleapis.com/v1/` -* `service_management_custom_endpoint` (`GOOGLE_SERVICE_MANAGEMENT_CUSTOM_ENDPOINT`) - `https://servicemanagement.googleapis.com/v1/` -* `service_networking_custom_endpoint` (`GOOGLE_SERVICE_NETWORKING_CUSTOM_ENDPOINT`) - `https://servicenetworking.googleapis.com/v1/` -* `service_usage_custom_endpoint` (`GOOGLE_SERVICE_USAGE_CUSTOM_ENDPOINT`) - `https://serviceusage.googleapis.com/v1/` -* `source_repo_custom_endpoint` (`GOOGLE_SOURCE_REPO_CUSTOM_ENDPOINT`) - `https://sourcerepo.googleapis.com/v1/` -* `spanner_custom_endpoint` (`GOOGLE_SPANNER_CUSTOM_ENDPOINT`) - `https://spanner.googleapis.com/v1/` -* `sql_custom_endpoint` (`GOOGLE_SQL_CUSTOM_ENDPOINT`) - `https://www.googleapis.com/sql/v1beta4/` -* `storage_custom_endpoint` (`GOOGLE_STORAGE_CUSTOM_ENDPOINT`) - `https://www.googleapis.com/storage/v1/` -* `storage_transfer_custom_endpoint` (`GOOGLE_STORAGE_TRANSFER_CUSTOM_ENDPOINT`) - `https://storagetransfer.googleapis.com/v1/` -* `tpu_custom_endpoint` (`GOOGLE_TPU_CUSTOM_ENDPOINT`) - `https://tpu.googleapis.com/v1/` - -The following keys are available exclusively in the `google-beta` provider: - -* `container_analysis_custom_endpoint` (`GOOGLE_CONTAINER_ANALYSIS_CUSTOM_ENDPOINT`) - `https://containeranalysis.googleapis.com/v1beta1/` -* `iap_custom_endpoint` (`GOOGLE_IAP_CUSTOM_ENDPOINT`) - `https://iap.googleapis.com/v1beta1/` -* `monitoring_custom_endpoint` (`GOOGLE_MONITORING_CUSTOM_ENDPOINT`) - `https://monitoring.googleapis.com/v3/` -* `security_scanner_custom_endpoint` (`GOOGLE_SECURITY_SCANNER_CUSTOM_ENDPOINT`) - `https://websecurityscanner.googleapis.com/v1beta/` - --> Note that some endpoints are a versioned variant of another. These exist in -cases where the `google` provider uses multiple distinct endpoints, and both -need to be set. Additionally, in `google-beta`, they'll often use the same value -as their versioned counterpart but that won't necessarily always be the case. +Custom endpoints are an advanced feature. To determine the possible values you +can set, consult the implementation in [provider.go](https://github.com/hashicorp/terraform-provider-google-beta/blob/main/google-beta/provider.go) +and [config.go](https://github.com/hashicorp/terraform-provider-google-beta/blob/main/google-beta/config.go). -[OAuth 2.0 access token]: https://developers.google.com/identity/protocols/OAuth2 -[service account key file]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys -[manage key files using the Cloud Console]: https://console.cloud.google.com/apis/credentials/serviceaccountkey -[adc]: https://cloud.google.com/docs/authentication/production -[gce-service-account]: https://cloud.google.com/compute/docs/authentication -[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login -[service accounts]: https://cloud.google.com/docs/authentication/getting-started -[GCE metadata]: https://cloud.google.com/docs/authentication/production#obtaining_credentials_on_compute_engine_kubernetes_engine_app_engine_flexible_environment_and_cloud_functions -[scopes]: https://developers.google.com/identity/protocols/googlescopes +Support for custom endpoints is on a best-effort basis. The underlying +endpoint and default values for a resource can be changed at any time without +being considered a breaking change. --- * `batching` - (Optional) Controls batching for specific GCP request types - where users have encountered quota or speed issues using `count` with - resources that affect the same GCP resource (e.g. `google_project_service`). - It is not used for every resource/request type and can only group parallel - similar calls for nodes at a similar traversal time in the graph during - `terraform apply` (e.g. resources created using `count` that affect a single - `project`). Thus, it is also bounded by the `terraform` - [`-parallelism`](https://www.terraform.io/docs/commands/apply.html#parallelism-n) - flag, as reducing the number of parallel calls will reduce the number of - simultaneous requests being added to a batcher. +where users have encountered quota or speed issues using many resources of +the same type, typically `google_project_service`. + +Batching is not used for every resource/request type and can only group parallel +similar calls for nodes at a similar traversal time in the graph during +`terraform apply` (e.g. resources created using `count` that affect a single +`project`). Thus, it is also bounded by the `terraform` +[`-parallelism`](https://www.terraform.io/docs/commands/apply.html#parallelism-n) +flag, as reducing the number of parallel calls will reduce the number of +simultaneous requests being added to a batcher. ~> **NOTE** Most resources/GCP request do not have batching implemented (see below for requests which use batching) Batching is really only needed for @@ -392,57 +309,7 @@ as their versioned counterpart but that won't necessarily always be the case. **So far, batching is implemented for below resources**: * `google_project_service` -* `google_api_gateway_api_config_iam_*` -* `google_api_gateway_api_iam_*` -* `google_api_gateway_gateway_iam_*` -* `google_bigquery_dataset_iam_*` -* `google_bigquery_table_iam_*` -* `google_notebooks_instance_iam_*` -* `google_bigtable_instance_iam_*` -* `google_bigtable_table_iam_*` -* `google_billing_account_iam_*` -* `google_endpoints_service_iam_*` -* `google_healthcare_consent_store_iam_*` -* `google_healthcare_dataset_iam_*` -* `google_healthcare_dicom_store_iam_*` -* `google_healthcare_fhir_store_iam_*` -* `google_healthcare_hl7_v2_store_iam_*` -* `google_kms_crypto_key_iam_*` -* `google_kms_key_ring_iam_*` -* `google_folder_iam_*` -* `google_organization_iam_*` -* `google_project_iam_*` -* `google_service_account_iam_*` -* `google_project_service_*` -* `google_pubsub_subscription_iam_*` -* `google_pubsub_topic_iam_*` -* `google_cloud_run_service_iam_*` -* `google_sourcerepo_repository_iam_*` -* `google_spanner_database_iam_*` -* `google_spanner_instance_iam_*` -* `google_storage_bucket_iam_*` -* `google_compute_disk_iam_*` -* `google_compute_image_iam_*` -* `google_compute_instance_iam_*` -* `google_compute_machine_image_iam_*` -* `google_compute_region_disk_iam_*` -* `google_compute_subnetwork_iam_*` -* `google_data_catalog_entry_group_iam_*` -* `google_data_catalog_policy_tag_iam_*` -* `google_data_catalog_taxonomy_iam_*` -* `google_dataproc_cluster_iam_*` -* `google_dataproc_job_iam_*` -* `google_iap_app_engine_service_iam_*` -* `google_iap_app_engine_version_iam_*` -* `google_iap_tunnel_iam_*` -* `google_iap_tunnel_instance_iam_*` -* `google_iap_web_backend_service_iam_*` -* `google_iap_web_iam_*` -* `google_iap_web_type_app_engine_iam_*` -* `google_iap_web_type_compute_iam_*` -* `google_runtimeconfig_config_iam_*` -* `google_secret_manager_secret_iam_*` -* `google_service_directory_service_iam_*` +* All `google_*_iam_*` resources The `batching` block supports the following fields. @@ -454,44 +321,11 @@ Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". * `enable_batching` - (Optional) Defaults to true. If false, disables global batching and each request is sent normally. ---- -* `request_timeout` - (Optional) A duration string controlling the amount of time -the provider should wait for a single HTTP request. This will not adjust the -amount of time the provider will wait for a logical operation - use the resource -timeout blocks for that. This will adjust only the amount of time that a single -synchronous request will wait for a response. The default is 30 seconds, and -that should be a suitable value in most cases. Many GCP APIs will cancel a -request if no response is forthcoming within 30 seconds in any event. In -limited cases, such as DNS record set creation, there is a synchronous request -to create the resource. This may help in those cases. - - ---- - -* `user_project_override` - (Optional) Defaults to `false`. Controls the quota -project used in requests to GCP APIs for the purpose of preconditions, quota, -and billing. If `false`, the quota project is determined by the API and may be -the project associated with your credentials, or the resource project. If `true`, -most resources in the provider will explicitly supply their resource project, as -described in their documentation. Otherwise, a `billing_project` value must be -supplied. Alternatively, this can be specified using the `USER_PROJECT_OVERRIDE` -environment variable. - -Service account credentials are associated with the project the service account -was created in. Credentials that come from the gcloud tool are associated with a -project owned by Google. In order to properly use credentials that come from -gcloud with Terraform, it is recommended to set this property to true. - -`user_project_override` uses the `X-Goog-User-Project` -[system parameter](https://cloud.google.com/apis/docs/system-parameters). When -set to true, the caller must have `serviceusage.services.use` permission on the -quota project. - ---- - -* `billing_project` - (Optional) A quota project to send in `user_project_override`, -used for all requests sent from the provider. If set on a resource that supports -sending the resource project, this value will supersede the resource project. -This field is ignored if `user_project_override` is set to false or unset. -Alternatively, this can be specified using the `GOOGLE_BILLING_PROJECT` -environment variable. +[OAuth 2.0 access token]: https://developers.google.com/identity/protocols/OAuth2 +[service account key file]: https://cloud.google.com/iam/docs/creating-managing-service-account-keys +[manage key files using the Cloud Console]: https://console.cloud.google.com/apis/credentials/serviceaccountkey +[adc]: https://cloud.google.com/docs/authentication/production +[gce-service-account]: https://cloud.google.com/compute/docs/authentication +[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login +[service accounts]: https://cloud.google.com/docs/authentication/getting-started +[scopes]: https://developers.google.com/identity/protocols/googlescopes diff --git a/mmv1/third_party/terraform/website/docs/index.html.markdown b/mmv1/third_party/terraform/website/docs/index.html.markdown index 36ef5faaf43d..be87ca84a1d4 100644 --- a/mmv1/third_party/terraform/website/docs/index.html.markdown +++ b/mmv1/third_party/terraform/website/docs/index.html.markdown @@ -7,10 +7,16 @@ description: |- # Google Cloud Platform Provider The Google provider is used to configure your [Google Cloud Platform](https://cloud.google.com/) infrastructure. -See the [Getting Started](/docs/providers/google/guides/getting_started.html) page for an introduction to using the provider. -To learn the basics of Terraform using this provider, follow the -hands-on [get started tutorials](https://learn.hashicorp.com/tutorials/terraform/infrastructure-as-code?in=terraform/gcp-get-started). For more involved examples, try [provisioning a GKE cluster](https://learn.hashicorp.com/tutorials/terraform/gke) and deploying [Consul-backed Vault into it using Terraform Cloud](https://learn.hashicorp.com/tutorials/terraform/kubernetes-consul-vault-pipeline). +To learn the basics of Terraform using this provider, follow the hands-on +[get started tutorials](https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/infrastructure-as-code). +For more involved examples, try [provisioning a GKE cluster](https://learn.hashicorp.com/tutorials/terraform/gke) +and deploying [Consul-backed Vault into it using Terraform Cloud](https://learn.hashicorp.com/tutorials/terraform/kubernetes-consul-vault-pipeline). + +Already experienced with Terraform? Check out the [Getting Started](/docs/providers/google/guides/getting_started.html) +page for a short introduction to using Terraform with Google Cloud Platform. + +## Example Usage A typical provider configuration will look something like: @@ -22,7 +28,7 @@ provider "google" { ``` See the [provider reference](/docs/providers/google/guides/provider_reference.html) -for more details on authentication or otherwise configuring the provider. +page for details on authentication and configuring the provider. Take advantage of [Modules](https://www.terraform.io/docs/modules/index.html) to simplify your config by browsing the [Module Registry for GCP modules](https://registry.terraform.io/browse?provider=google). @@ -34,6 +40,7 @@ The Google provider is jointly maintained by: If you have configuration questions, or general questions about using the provider, try checking out: +* [The Google category on discuss.hashicorp.com](https://discuss.hashicorp.com/c/terraform-providers/tf-google/32) * The [Google Cloud Platform Community Slack](https://googlecloud-community.slack.com/) `#terraform` channel. If you are not registered with that Slack Workspace yet, the up-to-date **public sign-up link** can be found in the "Stay Connected" section of the [Google Developer Center](https://cloud.google.com/developers#stay-connected). * [Terraform's community resources](https://www.terraform.io/docs/extend/community/index.html) * [HashiCorp support](https://support.hashicorp.com) for Terraform Enterprise customers @@ -41,8 +48,8 @@ If you have configuration questions, or general questions about using the provid ## Releases Interested in the provider's latest features, or want to make sure you're up to date? -Check out the [`google` provider changelog](https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md) -and the [`google-beta` provider changelog](https://github.com/hashicorp/terraform-provider-google-beta/blob/main/CHANGELOG.md)) +Check out the [`google` provider Releases](https://github.com/hashicorp/terraform-provider-google/releases) +and the [`google-beta` provider Releases](https://github.com/hashicorp/terraform-provider-google-beta/releases for release notes and additional information. Per [Terraform Provider Versioning](https://www.hashicorp.com/blog/hashicorp-terraform-provider-versioning), @@ -96,11 +103,15 @@ on the issue * An issue assigned to `hashibot` indicates a member of the community has taken on the issue! +## Argument reference + +See the [provider reference](/docs/providers/google/guides/provider_reference.html) +page for details on configuring the provider. + ## Contributing If you'd like to help extend the Google provider, we gladly accept community -contributions! Our full contribution guide is available at [CONTRIBUTING.md](https://github.com/hashicorp/terraform-provider-google/blob/main/.github/CONTRIBUTING.md) - -Pull requests can be made against either provider repo where a maintainer will -apply them to both `google` and `google-beta`, or against [Magic Modules](https://github.com/GoogleCloudPlatform/magic-modules) -directly. +contributions! Development on the providers is done through the +[Magic Modules](https://github.com/GoogleCloudPlatform/magic-modules) +repository. Our full contribution guide is available on the +[Magic Modules Documentation Site](https://googlecloudplatform.github.io/magic-modules/) diff --git a/mmv1/third_party/terraform/website/docs/r/apigee_flowhook.html.markdown b/mmv1/third_party/terraform/website/docs/r/apigee_flowhook.html.markdown new file mode 100644 index 000000000000..380a65ed82fe --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/r/apigee_flowhook.html.markdown @@ -0,0 +1,71 @@ +--- +subcategory: "Apigee" +description: |- + Represents a sharedflow attachment to a flowhook point. +--- + +# google\_apigee\_flowhook + +Represents a sharedflow attachment to a flowhook point. + + +To get more information about Flowhook, see: + +* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.flowhooks#FlowHook) +* How-to Guides + * [organizations.environments.flowhooks](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.flowhooks#FlowHook) + +## Argument Reference + +The following arguments are supported: + + +* `org_id` - + (Required) + The Apigee Organization associated with the environment + +* `environment` - + (Required) + The resource ID of the environment. + +* `flow_hook_point` - + (Required) + Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook. + +* `description` - + (Optional) + Description of the flow hook. + +* `sharedflow` - + (Required) + Id of the Sharedflow attaching to a flowhook point. + +* `continue_on_error` - + (Optional) + Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}}` + + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +Flowhook can be imported using any of these accepted formats: + +``` +$ terraform import google_apigee_flowhook.default organizations/{{org_id}}/environments/{{environment}}/flowhooks/{{flow_hook_point}} +$ terraform import google_apigee_flowhook.default {{org_id}}/{{environment}}/{{flow_hook_point}} +``` diff --git a/mmv1/third_party/terraform/website/docs/r/apigee_sharedflow.html.markdown b/mmv1/third_party/terraform/website/docs/r/apigee_sharedflow.html.markdown new file mode 100644 index 000000000000..9da48d0f89ed --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/r/apigee_sharedflow.html.markdown @@ -0,0 +1,105 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Apigee" +page_title: "Google: google_apigee_shared_flow" +description: |- + You can combine policies and resources into a shared flow that you can consume from multiple API proxies, and even from other shared flows. +--- + +# google\_apigee\_shared\_flow + +You can combine policies and resources into a shared flow that you can consume from multiple API proxies, and even from other shared flows. Although it's like a proxy, a shared flow has no endpoint. It can be used only from an API proxy or shared flow that's in the same organization as the shared flow itself. + + +To get more information about SharedFlow, see: + +* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.sharedflows) +* How-to Guides + * [Sharedflows](https://cloud.google.com/apigee/docs/resources) + + +## Argument Reference + +The following arguments are supported: + + +* `name` - + (Required) + The ID of the shared flow. + +* `org_id` - + (Required) + The Apigee Organization associated with the Apigee instance, + in the format `organizations/{{org_name}}`. + + +- - - + + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `organizations/{{org_id}}/sharedflows/{{name}}` + +* `meta_data` - + Metadata describing the shared flow. + Structure is [documented below](#nested_meta_data). + +* `revision` - + A list of revisions of this shared flow. + +* `latest_revision_id` - + The id of the most recently created revision for this shared flow. + +* `md5hash` - + (Computed) Base 64 MD5 hash of the uploaded data. It is speculative as remote does not return hash of the bundle. Remote changes are detected using returned last_modified timestamp. + +* `detect_md5hash` - + (Optional) Detect changes to local config bundle file or changes made outside of Terraform. MD5 hash of the data, encoded using base64. Hash is automatically computed without need for user input. + + +The `meta_data` block contains: + +* `created_at` - + (Optional) + Time at which the API proxy was created, in milliseconds since epoch. + +* `last_modified_at` - + (Optional) + Time at which the API proxy was most recently modified, in milliseconds since epoch. + +* `sub_type` - + (Optional) + The type of entity described + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +SharedFlow can be imported using any of these accepted formats: + +``` +$ terraform import google_apigee_shared_flow.default {{org_id}}/sharedflows/{{name}} +$ terraform import google_apigee_sharedflow.default {{org_id}}/{{name}} +``` diff --git a/mmv1/third_party/terraform/website/docs/r/apigee_sharedflow_deployment.html.markdown b/mmv1/third_party/terraform/website/docs/r/apigee_sharedflow_deployment.html.markdown new file mode 100644 index 000000000000..db00fac58d83 --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/r/apigee_sharedflow_deployment.html.markdown @@ -0,0 +1,85 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Apigee" +description: |- + Deploys a revision of a sharedflow. +--- + +# google\_apigee\_sharedflow\_deployment + +Deploys a revision of a sharedflow. + + +To get more information about SharedflowDeployment, see: + +* [API documentation](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.sharedflows.revisions.deployments) +* How-to Guides + * [sharedflows.revisions.deployments](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.environments.sharedflows.revisions.deployments) + +## Argument Reference + +The following arguments are supported: + + +* `org_id` - + (Required) + The Apigee Organization associated with the Sharedflow + +* `environment` - + (Required) + The resource ID of the environment. + +* `sharedflow_id` - + (Required) + Id of the Sharedflow to be deployed. + +* `revision` - + (Required) + Revision of the Sharedflow to be deployed. + + +- - - + + +* `service_account` - + (Optional) + The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments` + + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `update` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +SharedflowDeployment can be imported using any of these accepted formats: + +``` +$ terraform import google_apigee_sharedflow_deployment.default organizations/{{org_id}}/environments/{{environment}}/sharedflows/{{sharedflow_id}}/revisions/{{revision}}/deployments/{{name}} +$ terraform import google_apigee_sharedflow_deployment.default {{org_id}}/{{environment}}/{{sharedflow_id}}/{{revision}}/{{name}} +``` diff --git a/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown index 5d1f94b9dec1..32928b640697 100644 --- a/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/compute_instance.html.markdown @@ -385,7 +385,6 @@ specified, then this instance will have no external IPv6 Internet access. Struct * `instance_termination_action` - (Optional) Describe the type of termination action for VM. Can be `STOP` or `DELETE`. Read more on [here](https://cloud.google.com/compute/docs/instances/create-use-spot) * `max_run_duration` - (Optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) The duration of the instance. Instance will run and be terminated after then, the termination action could be defined in `instance_termination_action`. Only support `DELETE` `instance_termination_action` at this point. Structure is [documented below](#nested_max_run_duration). - The `max_run_duration` block supports: * `nanos` - (Optional) Span of time that's a fraction of a second at nanosecond @@ -397,6 +396,7 @@ specified, then this instance will have no external IPv6 Internet access. Struct 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. +* `maintenance_interval` - (Optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the frequency of planned maintenance events. The accepted values are: `PERIODIC`. The `guest_accelerator` block supports: * `type` (Required) - The accelerator type resource to expose to this instance. E.g. `nvidia-tesla-k80`. diff --git a/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown index 3ecf36b52992..7ab6ed9a5da8 100644 --- a/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown +++ b/mmv1/third_party/terraform/website/docs/r/compute_instance_template.html.markdown @@ -565,19 +565,18 @@ specified, then this instance will have no external IPv6 Internet access. Struct * `instance_termination_action` - (Optional) Describe the type of termination action for `SPOT` VM. Can be `STOP` or `DELETE`. Read more on [here](https://cloud.google.com/compute/docs/instances/create-use-spot) * `max_run_duration` - (Optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) The duration of the instance. Instance will run and be terminated after then, the termination action could be defined in `instance_termination_action`. Only support `DELETE` `instance_termination_action` at this point. Structure is [documented below](#nested_max_run_duration). - The `max_run_duration` block supports: * `nanos` - (Optional) Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented with a 0 - `seconds` field and a positive `nanos` field. Must be from 0 to - 999,999,999 inclusive. + resolution. Durations less than one second are represented with a 0 + `seconds` field and a positive `nanos` field. Must be from 0 to + 999,999,999 inclusive. * `seconds` - (Required) Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - +* `maintenance_interval` - (Optional) [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) Specifies the frequency of planned maintenance events. The accepted values are: `PERIODIC`. The `guest_accelerator` block supports: * `type` (Required) - The accelerator type resource to expose to this instance. E.g. `nvidia-tesla-k80`. diff --git a/mmv1/third_party/validator/tests/data/example_bigquery_dataset.json b/mmv1/third_party/validator/tests/data/example_bigquery_dataset.json index c753c5f5547b..c55d9a2c4ee6 100644 --- a/mmv1/third_party/validator/tests/data/example_bigquery_dataset.json +++ b/mmv1/third_party/validator/tests/data/example_bigquery_dataset.json @@ -9,6 +9,7 @@ "discovery_name": "Dataset", "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", "data": { + "friendlyName": "", "datasetReference": { "datasetId": "test-dataset" }, diff --git a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_binding.json b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_binding.json index a3f5bacc6a2a..770149249ec3 100644 --- a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_binding.json +++ b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_binding.json @@ -16,7 +16,8 @@ "labels": { "env": "dev" }, - "location": "EU" + "location": "EU", + "friendlyName": "" } }, "iam_policy": { diff --git a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_member.json b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_member.json index dbda7165dc35..7aed9ac6ce97 100644 --- a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_member.json +++ b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_member.json @@ -16,7 +16,8 @@ "labels": { "env": "dev" }, - "location": "EU" + "location": "EU", + "friendlyName": "" } }, "iam_policy": { diff --git a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy.json b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy.json index adbde0c059ae..5908f8d7600c 100644 --- a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy.json +++ b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy.json @@ -16,7 +16,8 @@ "labels": { "env": "dev" }, - "location": "EU" + "location": "EU", + "friendlyName": "" } }, "iam_policy": { diff --git a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy_empty_policy_data.json b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy_empty_policy_data.json index 4431d5967864..f1a5ec56ace2 100644 --- a/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy_empty_policy_data.json +++ b/mmv1/third_party/validator/tests/data/example_bigquery_dataset_iam_policy_empty_policy_data.json @@ -12,7 +12,8 @@ "datasetReference": { "datasetId": "example_dataset" }, - "location": "US" + "location": "US", + "friendlyName": "" } }, "iam_policy": { diff --git a/tpgtools/overrides/dataplex/beta/tpgtools_product.yaml b/tpgtools/overrides/dataplex/beta/tpgtools_product.yaml new file mode 100644 index 000000000000..75271c791a0c --- /dev/null +++ b/tpgtools/overrides/dataplex/beta/tpgtools_product.yaml @@ -0,0 +1,6 @@ +## product level overrides + +- type: PRODUCT_BASE_PATH + details: + skip: true +